openstack/python-openstackclient
Code Issues Proposed changes
bf32cdf3a9
python-openstackclient/doc/source/cli/command-objects/network-rbac.rst
Dongcan Ye 9ca99b9919 Network: Add supports rbac target-all-projects 
Add a boolean option "target-all-projects",
which allows creating rbac policy for all projects.

Change-Id: Ie3af83a1bba7dd66e83b0595bb276bf8fd105831
Closes-Bug: #1728525
Closes-Bug: #1704834
2017-11-05 01:16:48 -05:00

144 lines
3.3 KiB
ReStructuredText
Raw Blame History

============
network rbac
============
A **network rbac** is a Role-Based Access Control (RBAC) policy for
network resources. It enables both operators and users to grant access
to network resources for specific projects.
Network v2
network rbac create
-------------------
Create network RBAC policy
.. program:: network rbac create
.. code:: bash
openstack network rbac create
--type <type>
--action <action>
[--target-project <target-project> | --target-all-projects]
[--target-project-domain <target-project-domain>]
[--project <project> [--project-domain <project-domain>]]
<rbac-policy>
.. option:: --type <type>
Type of the object that RBAC policy affects ("qos_policy" or "network") (required)
.. option:: --action <action>
Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)
.. option:: --target-project <target-project>
The project to which the RBAC policy will be enforced (name or ID)
.. option:: --target-all-projects
Allow creating RBAC policy for all projects.
.. option:: --target-project-domain <target-project-domain>
Domain the target project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. option:: --project <project>
The owner project (name or ID)
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. _network_rbac_create-rbac-policy:
.. describe:: <rbac-object>
The object to which this RBAC policy affects (name or ID)
network rbac delete
-------------------
Delete network RBAC policy(s)
.. program:: network rbac delete
.. code:: bash
openstack network rbac delete
<rbac-policy> [<rbac-policy> ...]
.. _network_rbac_delete-rbac-policy:
.. describe:: <rbac-policy>
RBAC policy(s) to delete (ID only)
network rbac list
-----------------
List network RBAC policies
.. program:: network rbac list
.. code:: bash
openstack network rbac list
[--type <type>]
[--action <action>]
[--long]
.. option:: --type <type>
List network RBAC policies according to given object type ("qos_policy" or "network")
.. option:: --action <action>
List network RBAC policies according to given action ("access_as_external" or "access_as_shared")
.. option:: --long
List additional fields in output
network rbac set
----------------
Set network RBAC policy properties
.. program:: network rbac set
.. code:: bash
openstack network rbac set
[--target-project <target-project> [--target-project-domain <target-project-domain>]]
<rbac-policy>
.. option:: --target-project <target-project>
The project to which the RBAC policy will be enforced (name or ID)
.. option:: --target-project-domain <target-project-domain>
Domain the target project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. _network_rbac_set-rbac-policy:
.. describe:: <rbac-policy>
RBAC policy to be modified (ID only)
network rbac show
-----------------
Display network RBAC policy details
.. program:: network rbac show
.. code:: bash
openstack network rbac show
<rbac-policy>
.. _network_rbac_show-rbac-policy:
.. describe:: <rbac-policy>
RBAC policy (ID only)
View Git Blame Copy Permalink