OpenStack v5.0.3, Feb 12 25

OpenStack v5.0.3 published on Wednesday, Feb 12, 2025 by Pulumi

openstack.identity.User

Explore with Pulumi AI

OpenStack v5.0.3 published on Wednesday, Feb 12, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const project1 = new openstack.identity.Project("project_1", {name: "project_1"});
const user1 = new openstack.identity.User("user_1", {
    defaultProjectId: project1.id,
    name: "user_1",
    description: "A user",
    password: "password123",
    ignoreChangePasswordUponFirstUse: true,
    multiFactorAuthEnabled: true,
    multiFactorAuthRules: [
        {
            rules: [
                "password",
                "totp",
            ],
        },
        {
            rules: ["password"],
        },
    ],
    extra: {
        email: "user_1@foobar.com",
    },
});

import pulumi
import pulumi_openstack as openstack

project1 = openstack.identity.Project("project_1", name="project_1")
user1 = openstack.identity.User("user_1",
    default_project_id=project1.id,
    name="user_1",
    description="A user",
    password="password123",
    ignore_change_password_upon_first_use=True,
    multi_factor_auth_enabled=True,
    multi_factor_auth_rules=[
        {
            "rules": [
                "password",
                "totp",
            ],
        },
        {
            "rules": ["password"],
        },
    ],
    extra={
        "email": "user_1@foobar.com",
    })

package main

import (
	"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/identity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project1, err := identity.NewProject(ctx, "project_1", &identity.ProjectArgs{
			Name: pulumi.String("project_1"),
		})
		if err != nil {
			return err
		}
		_, err = identity.NewUser(ctx, "user_1", &identity.UserArgs{
			DefaultProjectId:                 project1.ID(),
			Name:                             pulumi.String("user_1"),
			Description:                      pulumi.String("A user"),
			Password:                         pulumi.String("password123"),
			IgnoreChangePasswordUponFirstUse: pulumi.Bool(true),
			MultiFactorAuthEnabled:           pulumi.Bool(true),
			MultiFactorAuthRules: identity.UserMultiFactorAuthRuleArray{
				&identity.UserMultiFactorAuthRuleArgs{
					Rules: pulumi.StringArray{
						pulumi.String("password"),
						pulumi.String("totp"),
					},
				},
				&identity.UserMultiFactorAuthRuleArgs{
					Rules: pulumi.StringArray{
						pulumi.String("password"),
					},
				},
			},
			Extra: pulumi.StringMap{
				"email": pulumi.String("user_1@foobar.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;

return await Deployment.RunAsync(() => 
{
    var project1 = new OpenStack.Identity.Project("project_1", new()
    {
        Name = "project_1",
    });

    var user1 = new OpenStack.Identity.User("user_1", new()
    {
        DefaultProjectId = project1.Id,
        Name = "user_1",
        Description = "A user",
        Password = "password123",
        IgnoreChangePasswordUponFirstUse = true,
        MultiFactorAuthEnabled = true,
        MultiFactorAuthRules = new[]
        {
            new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
            {
                Rules = new[]
                {
                    "password",
                    "totp",
                },
            },
            new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
            {
                Rules = new[]
                {
                    "password",
                },
            },
        },
        Extra = 
        {
            { "email", "user_1@foobar.com" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.identity.Project;
import com.pulumi.openstack.identity.ProjectArgs;
import com.pulumi.openstack.identity.User;
import com.pulumi.openstack.identity.UserArgs;
import com.pulumi.openstack.identity.inputs.UserMultiFactorAuthRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var project1 = new Project("project1", ProjectArgs.builder()
            .name("project_1")
            .build());

        var user1 = new User("user1", UserArgs.builder()
            .defaultProjectId(project1.id())
            .name("user_1")
            .description("A user")
            .password("password123")
            .ignoreChangePasswordUponFirstUse(true)
            .multiFactorAuthEnabled(true)
            .multiFactorAuthRules(            
                UserMultiFactorAuthRuleArgs.builder()
                    .rules(                    
                        "password",
                        "totp")
                    .build(),
                UserMultiFactorAuthRuleArgs.builder()
                    .rules("password")
                    .build())
            .extra(Map.of("email", "user_1@foobar.com"))
            .build());

    }
}

resources:
  project1:
    type: openstack:identity:Project
    name: project_1
    properties:
      name: project_1
  user1:
    type: openstack:identity:User
    name: user_1
    properties:
      defaultProjectId: ${project1.id}
      name: user_1
      description: A user
      password: password123
      ignoreChangePasswordUponFirstUse: true
      multiFactorAuthEnabled: true
      multiFactorAuthRules:
        - rules:
            - password
            - totp
        - rules:
            - password
      extra:
        email: user_1@foobar.com

Create User Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new User(name: string, args?: UserArgs, opts?: CustomResourceOptions);

@overload
def User(resource_name: str,
         args: Optional[UserArgs] = None,
         opts: Optional[ResourceOptions] = None)

@overload
def User(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         default_project_id: Optional[str] = None,
         description: Optional[str] = None,
         domain_id: Optional[str] = None,
         enabled: Optional[bool] = None,
         extra: Optional[Mapping[str, str]] = None,
         ignore_change_password_upon_first_use: Optional[bool] = None,
         ignore_lockout_failure_attempts: Optional[bool] = None,
         ignore_password_expiry: Optional[bool] = None,
         multi_factor_auth_enabled: Optional[bool] = None,
         multi_factor_auth_rules: Optional[Sequence[UserMultiFactorAuthRuleArgs]] = None,
         name: Optional[str] = None,
         password: Optional[str] = None,
         region: Optional[str] = None)

func NewUser(ctx *Context, name string, args *UserArgs, opts ...ResourceOption) (*User, error)

public User(string name, UserArgs? args = null, CustomResourceOptions? opts = null)

public User(String name, UserArgs args)
public User(String name, UserArgs args, CustomResourceOptions options)

type: openstack:identity:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args UserArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var openstackUserResource = new OpenStack.Identity.User("openstackUserResource", new()
{
    DefaultProjectId = "string",
    Description = "string",
    DomainId = "string",
    Enabled = false,
    Extra = 
    {
        { "string", "string" },
    },
    IgnoreChangePasswordUponFirstUse = false,
    IgnoreLockoutFailureAttempts = false,
    IgnorePasswordExpiry = false,
    MultiFactorAuthEnabled = false,
    MultiFactorAuthRules = new[]
    {
        new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
        {
            Rules = new[]
            {
                "string",
            },
        },
    },
    Name = "string",
    Password = "string",
    Region = "string",
});

example, err := identity.NewUser(ctx, "openstackUserResource", &identity.UserArgs{
	DefaultProjectId: pulumi.String("string"),
	Description:      pulumi.String("string"),
	DomainId:         pulumi.String("string"),
	Enabled:          pulumi.Bool(false),
	Extra: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	IgnoreChangePasswordUponFirstUse: pulumi.Bool(false),
	IgnoreLockoutFailureAttempts:     pulumi.Bool(false),
	IgnorePasswordExpiry:             pulumi.Bool(false),
	MultiFactorAuthEnabled:           pulumi.Bool(false),
	MultiFactorAuthRules: identity.UserMultiFactorAuthRuleArray{
		&identity.UserMultiFactorAuthRuleArgs{
			Rules: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Name:     pulumi.String("string"),
	Password: pulumi.String("string"),
	Region:   pulumi.String("string"),
})

var openstackUserResource = new User("openstackUserResource", UserArgs.builder()
    .defaultProjectId("string")
    .description("string")
    .domainId("string")
    .enabled(false)
    .extra(Map.of("string", "string"))
    .ignoreChangePasswordUponFirstUse(false)
    .ignoreLockoutFailureAttempts(false)
    .ignorePasswordExpiry(false)
    .multiFactorAuthEnabled(false)
    .multiFactorAuthRules(UserMultiFactorAuthRuleArgs.builder()
        .rules("string")
        .build())
    .name("string")
    .password("string")
    .region("string")
    .build());

openstack_user_resource = openstack.identity.User("openstackUserResource",
    default_project_id="string",
    description="string",
    domain_id="string",
    enabled=False,
    extra={
        "string": "string",
    },
    ignore_change_password_upon_first_use=False,
    ignore_lockout_failure_attempts=False,
    ignore_password_expiry=False,
    multi_factor_auth_enabled=False,
    multi_factor_auth_rules=[{
        "rules": ["string"],
    }],
    name="string",
    password="string",
    region="string")

const openstackUserResource = new openstack.identity.User("openstackUserResource", {
    defaultProjectId: "string",
    description: "string",
    domainId: "string",
    enabled: false,
    extra: {
        string: "string",
    },
    ignoreChangePasswordUponFirstUse: false,
    ignoreLockoutFailureAttempts: false,
    ignorePasswordExpiry: false,
    multiFactorAuthEnabled: false,
    multiFactorAuthRules: [{
        rules: ["string"],
    }],
    name: "string",
    password: "string",
    region: "string",
});

type: openstack:identity:User
properties:
    defaultProjectId: string
    description: string
    domainId: string
    enabled: false
    extra:
        string: string
    ignoreChangePasswordUponFirstUse: false
    ignoreLockoutFailureAttempts: false
    ignorePasswordExpiry: false
    multiFactorAuthEnabled: false
    multiFactorAuthRules:
        - rules:
            - string
    name: string
    password: string
    region: string

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The User resource accepts the following input properties:

DefaultProjectId string: The default project this user belongs to.
Description string: A description of the user.
DomainId string: The domain this user belongs to.
Enabled bool: Whether the user is enabled or disabled. Valid values are true and false.
Extra Dictionary<string, string>: Free-form key/value pairs of extra information.
IgnoreChangePasswordUponFirstUse bool: User will not have to change their password upon first use. Valid values are true and false.
IgnoreLockoutFailureAttempts bool: User will not have a failure lockout placed on their account. Valid values are true and false.
IgnorePasswordExpiry bool: User's password will not expire. Valid values are true and false.
MultiFactorAuthEnabled bool: Whether to enable multi-factor authentication. Valid values are true and false.
MultiFactorAuthRules List<Pulumi.OpenStack.Identity.Inputs.UserMultiFactorAuthRule>: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
Name string: The name of the user.
Password string: The password for the user.
Region string: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

DefaultProjectId string: The default project this user belongs to.
Description string: A description of the user.
DomainId string: The domain this user belongs to.
Enabled bool: Whether the user is enabled or disabled. Valid values are true and false.
Extra map[string]string: Free-form key/value pairs of extra information.
IgnoreChangePasswordUponFirstUse bool: User will not have to change their password upon first use. Valid values are true and false.
IgnoreLockoutFailureAttempts bool: User will not have a failure lockout placed on their account. Valid values are true and false.
IgnorePasswordExpiry bool: User's password will not expire. Valid values are true and false.
MultiFactorAuthEnabled bool: Whether to enable multi-factor authentication. Valid values are true and false.
MultiFactorAuthRules []UserMultiFactorAuthRuleArgs: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
Name string: The name of the user.
Password string: The password for the user.
Region string: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId String: The default project this user belongs to.
description String: A description of the user.
domainId String: The domain this user belongs to.
enabled Boolean: Whether the user is enabled or disabled. Valid values are true and false.
extra Map<String,String>: Free-form key/value pairs of extra information.
ignoreChangePasswordUponFirstUse Boolean: User will not have to change their password upon first use. Valid values are true and false.
ignoreLockoutFailureAttempts Boolean: User will not have a failure lockout placed on their account. Valid values are true and false.
ignorePasswordExpiry Boolean: User's password will not expire. Valid values are true and false.
multiFactorAuthEnabled Boolean: Whether to enable multi-factor authentication. Valid values are true and false.
multiFactorAuthRules List<UserMultiFactorAuthRule>: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name String: The name of the user.
password String: The password for the user.
region String: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId string: The default project this user belongs to.
description string: A description of the user.
domainId string: The domain this user belongs to.
enabled boolean: Whether the user is enabled or disabled. Valid values are true and false.
extra {[key: string]: string}: Free-form key/value pairs of extra information.
ignoreChangePasswordUponFirstUse boolean: User will not have to change their password upon first use. Valid values are true and false.
ignoreLockoutFailureAttempts boolean: User will not have a failure lockout placed on their account. Valid values are true and false.
ignorePasswordExpiry boolean: User's password will not expire. Valid values are true and false.
multiFactorAuthEnabled boolean: Whether to enable multi-factor authentication. Valid values are true and false.
multiFactorAuthRules UserMultiFactorAuthRule[]: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name string: The name of the user.
password string: The password for the user.
region string: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

default_project_id str: The default project this user belongs to.
description str: A description of the user.
domain_id str: The domain this user belongs to.
enabled bool: Whether the user is enabled or disabled. Valid values are true and false.
extra Mapping[str, str]: Free-form key/value pairs of extra information.
ignore_change_password_upon_first_use bool: User will not have to change their password upon first use. Valid values are true and false.
ignore_lockout_failure_attempts bool: User will not have a failure lockout placed on their account. Valid values are true and false.
ignore_password_expiry bool: User's password will not expire. Valid values are true and false.
multi_factor_auth_enabled bool: Whether to enable multi-factor authentication. Valid values are true and false.
multi_factor_auth_rules Sequence[UserMultiFactorAuthRuleArgs]: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name str: The name of the user.
password str: The password for the user.
region str: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId String: The default project this user belongs to.
description String: A description of the user.
domainId String: The domain this user belongs to.
enabled Boolean: Whether the user is enabled or disabled. Valid values are true and false.
extra Map<String>: Free-form key/value pairs of extra information.
ignoreChangePasswordUponFirstUse Boolean: User will not have to change their password upon first use. Valid values are true and false.
ignoreLockoutFailureAttempts Boolean: User will not have a failure lockout placed on their account. Valid values are true and false.
ignorePasswordExpiry Boolean: User's password will not expire. Valid values are true and false.
multiFactorAuthEnabled Boolean: Whether to enable multi-factor authentication. Valid values are true and false.
multiFactorAuthRules List<Property Map>: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name String: The name of the user.
password String: The password for the user.
region String: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing User Resource

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        default_project_id: Optional[str] = None,
        description: Optional[str] = None,
        domain_id: Optional[str] = None,
        enabled: Optional[bool] = None,
        extra: Optional[Mapping[str, str]] = None,
        ignore_change_password_upon_first_use: Optional[bool] = None,
        ignore_lockout_failure_attempts: Optional[bool] = None,
        ignore_password_expiry: Optional[bool] = None,
        multi_factor_auth_enabled: Optional[bool] = None,
        multi_factor_auth_rules: Optional[Sequence[UserMultiFactorAuthRuleArgs]] = None,
        name: Optional[str] = None,
        password: Optional[str] = None,
        region: Optional[str] = None) -> User

func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)

public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)

public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)

resources:  _:    type: openstack:identity:User    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DefaultProjectId string: The default project this user belongs to.
Description string: A description of the user.
DomainId string: The domain this user belongs to.
Enabled bool: Whether the user is enabled or disabled. Valid values are true and false.
Extra Dictionary<string, string>: Free-form key/value pairs of extra information.
IgnoreChangePasswordUponFirstUse bool: User will not have to change their password upon first use. Valid values are true and false.
IgnoreLockoutFailureAttempts bool: User will not have a failure lockout placed on their account. Valid values are true and false.
IgnorePasswordExpiry bool: User's password will not expire. Valid values are true and false.
MultiFactorAuthEnabled bool: Whether to enable multi-factor authentication. Valid values are true and false.
MultiFactorAuthRules List<Pulumi.OpenStack.Identity.Inputs.UserMultiFactorAuthRule>: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
Name string: The name of the user.
Password string: The password for the user.
Region string: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

DefaultProjectId string: The default project this user belongs to.
Description string: A description of the user.
DomainId string: The domain this user belongs to.
Enabled bool: Whether the user is enabled or disabled. Valid values are true and false.
Extra map[string]string: Free-form key/value pairs of extra information.
IgnoreChangePasswordUponFirstUse bool: User will not have to change their password upon first use. Valid values are true and false.
IgnoreLockoutFailureAttempts bool: User will not have a failure lockout placed on their account. Valid values are true and false.
IgnorePasswordExpiry bool: User's password will not expire. Valid values are true and false.
MultiFactorAuthEnabled bool: Whether to enable multi-factor authentication. Valid values are true and false.
MultiFactorAuthRules []UserMultiFactorAuthRuleArgs: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
Name string: The name of the user.
Password string: The password for the user.
Region string: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId String: The default project this user belongs to.
description String: A description of the user.
domainId String: The domain this user belongs to.
enabled Boolean: Whether the user is enabled or disabled. Valid values are true and false.
extra Map<String,String>: Free-form key/value pairs of extra information.
ignoreChangePasswordUponFirstUse Boolean: User will not have to change their password upon first use. Valid values are true and false.
ignoreLockoutFailureAttempts Boolean: User will not have a failure lockout placed on their account. Valid values are true and false.
ignorePasswordExpiry Boolean: User's password will not expire. Valid values are true and false.
multiFactorAuthEnabled Boolean: Whether to enable multi-factor authentication. Valid values are true and false.
multiFactorAuthRules List<UserMultiFactorAuthRule>: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name String: The name of the user.
password String: The password for the user.
region String: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId string: The default project this user belongs to.
description string: A description of the user.
domainId string: The domain this user belongs to.
enabled boolean: Whether the user is enabled or disabled. Valid values are true and false.
extra {[key: string]: string}: Free-form key/value pairs of extra information.
ignoreChangePasswordUponFirstUse boolean: User will not have to change their password upon first use. Valid values are true and false.
ignoreLockoutFailureAttempts boolean: User will not have a failure lockout placed on their account. Valid values are true and false.
ignorePasswordExpiry boolean: User's password will not expire. Valid values are true and false.
multiFactorAuthEnabled boolean: Whether to enable multi-factor authentication. Valid values are true and false.
multiFactorAuthRules UserMultiFactorAuthRule[]: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name string: The name of the user.
password string: The password for the user.
region string: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

default_project_id str: The default project this user belongs to.
description str: A description of the user.
domain_id str: The domain this user belongs to.
enabled bool: Whether the user is enabled or disabled. Valid values are true and false.
extra Mapping[str, str]: Free-form key/value pairs of extra information.
ignore_change_password_upon_first_use bool: User will not have to change their password upon first use. Valid values are true and false.
ignore_lockout_failure_attempts bool: User will not have a failure lockout placed on their account. Valid values are true and false.
ignore_password_expiry bool: User's password will not expire. Valid values are true and false.
multi_factor_auth_enabled bool: Whether to enable multi-factor authentication. Valid values are true and false.
multi_factor_auth_rules Sequence[UserMultiFactorAuthRuleArgs]: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name str: The name of the user.
password str: The password for the user.
region str: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId String: The default project this user belongs to.
description String: A description of the user.
domainId String: The domain this user belongs to.
enabled Boolean: Whether the user is enabled or disabled. Valid values are true and false.
extra Map<String>: Free-form key/value pairs of extra information.
ignoreChangePasswordUponFirstUse Boolean: User will not have to change their password upon first use. Valid values are true and false.
ignoreLockoutFailureAttempts Boolean: User will not have a failure lockout placed on their account. Valid values are true and false.
ignorePasswordExpiry Boolean: User's password will not expire. Valid values are true and false.
multiFactorAuthEnabled Boolean: Whether to enable multi-factor authentication. Valid values are true and false.
multiFactorAuthRules List<Property Map>: A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
name String: The name of the user.
password String: The password for the user.
region String: The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

Supporting Types

UserMultiFactorAuthRule, UserMultiFactorAuthRuleArgs

Rules List<string>: A list of authentication plugins that the user must authenticate with.

Rules []string: A list of authentication plugins that the user must authenticate with.

rules List<String>: A list of authentication plugins that the user must authenticate with.

rules string[]: A list of authentication plugins that the user must authenticate with.

rules Sequence[str]: A list of authentication plugins that the user must authenticate with.

rules List<String>: A list of authentication plugins that the user must authenticate with.

Import

Users can be imported using the id, e.g.

$ pulumi import openstack:identity/user:User user_1 89c60255-9bd6-460c-822a-e2b959ede9d2

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: OpenStack pulumi/pulumi-openstack
License: Apache-2.0
Notes: This Pulumi package is based on the openstack Terraform Provider.

OpenStack v5.0.3 published on Wednesday, Feb 12, 2025 by Pulumi

pulumi/pulumi-openstack

openstack.identity.User

On this page

On this page

Example Usage

Create User Resource

Constructor syntax

Parameters

Constructor example

User Resource Properties

Inputs

Outputs

Look up Existing User Resource

Supporting Types

UserMultiFactorAuthRule, UserMultiFactorAuthRuleArgs

Import

Package Details

On this page

On this page