Package com.pulumi.openstack.identity
Class ApplicationCredential
- java.lang.Object
-
- com.pulumi.resources.Resource
-
- com.pulumi.resources.CustomResource
-
- com.pulumi.openstack.identity.ApplicationCredential
-
public class ApplicationCredential extends com.pulumi.resources.CustomResourceManages a V3 Application Credential resource within OpenStack Keystone. > **Note:** All arguments including the application credential name and secret will be stored in the raw state as plain-text. Read more about sensitive data in state. > **Note:** An Application Credential is created within the authenticated user project scope and is not visible by an admin or other accounts. The Application Credential visibility is similar to `openstack.compute.Keypair`. ## Example Usage ### Predefined secret Application credential below will have only one `swiftoperator` role. ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.openstack.identity.ApplicationCredential; import com.pulumi.openstack.identity.ApplicationCredentialArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var swift = new ApplicationCredential("swift", ApplicationCredentialArgs.builder() .description("Swift technical application credential") .expiresAt("2019-02-13T12:12:12Z") .roles("swiftoperator") .secret("supersecret") .build()); } } ``` ### Unrestricted with autogenerated secret and unlimited TTL Application credential below will inherit all the current user's roles. !> **WARNING:** Restrictions on these Identity operations are deliberately imposed as a safeguard to prevent a compromised application credential from regenerating itself. Disabling this restriction poses an inherent added risk. ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.openstack.identity.ApplicationCredential; import com.pulumi.openstack.identity.ApplicationCredentialArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var unrestricted = new ApplicationCredential("unrestricted", ApplicationCredentialArgs.builder() .description("Unrestricted application credential") .unrestricted(true) .build()); ctx.export("applicationCredentialSecret", unrestricted.secret()); } } ``` ### Application credential with access rules > **Note:** Application Credential access rules are supported only in Keystone starting from [Train](https://releases.openstack.org/train/highlights.html#keystone-identity-service) release. ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.openstack.identity.ApplicationCredential; import com.pulumi.openstack.identity.ApplicationCredentialArgs; import com.pulumi.openstack.identity.inputs.ApplicationCredentialAccessRuleArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var monitoring = new ApplicationCredential("monitoring", ApplicationCredentialArgs.builder() .accessRules( ApplicationCredentialAccessRuleArgs.builder() .method("GET") .path("/v2.0/metrics") .service("monitoring") .build(), ApplicationCredentialAccessRuleArgs.builder() .method("PUT") .path("/v2.0/metrics") .service("monitoring") .build()) .expiresAt("2019-02-13T12:12:12Z") .build()); } } ``` ## Import Application Credentials can be imported using the `id`, e.g. ```sh $ pulumi import openstack:identity/applicationCredential:ApplicationCredential application_credential_1 c17304b7-0953-4738-abb0-67005882b0a0 ```
-
-
Constructor Summary
Constructors Constructor Description ApplicationCredential(java.lang.String name)ApplicationCredential(java.lang.String name, ApplicationCredentialArgs args)ApplicationCredential(java.lang.String name, ApplicationCredentialArgs args, com.pulumi.resources.CustomResourceOptions options)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description com.pulumi.core.Output<java.util.Optional<java.util.List<ApplicationCredentialAccessRule>>>accessRules()com.pulumi.core.Output<java.util.Optional<java.lang.String>>description()com.pulumi.core.Output<java.util.Optional<java.lang.String>>expiresAt()static ApplicationCredentialget(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, ApplicationCredentialState state, com.pulumi.resources.CustomResourceOptions options)Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.com.pulumi.core.Output<java.lang.String>name()com.pulumi.core.Output<java.lang.String>projectId()com.pulumi.core.Output<java.lang.String>region()com.pulumi.core.Output<java.util.List<java.lang.String>>roles()com.pulumi.core.Output<java.lang.String>secret()com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>>unrestricted()
-
-
-
Constructor Detail
-
ApplicationCredential
public ApplicationCredential(java.lang.String name)
- Parameters:
name- The _unique_ name of the resulting resource.
-
ApplicationCredential
public ApplicationCredential(java.lang.String name, @Nullable ApplicationCredentialArgs args)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.
-
ApplicationCredential
public ApplicationCredential(java.lang.String name, @Nullable ApplicationCredentialArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.options- A bag of options that control this resource's behavior.
-
-
Method Detail
-
accessRules
public com.pulumi.core.Output<java.util.Optional<java.util.List<ApplicationCredentialAccessRule>>> accessRules()
- Returns:
- A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
-
description
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> description()
- Returns:
- A description of the application credential. Changing this creates a new application credential.
-
expiresAt
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> expiresAt()
- Returns:
- The expiration time of the application credential in the RFC3339 timestamp format (e.g. `2019-03-09T12:58:49Z`). If omitted, an application credential will never expire. Changing this creates a new application credential.
-
name
public com.pulumi.core.Output<java.lang.String> name()
- Returns:
- A name of the application credential. Changing this creates a new application credential.
-
projectId
public com.pulumi.core.Output<java.lang.String> projectId()
- Returns:
- The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
-
region
public com.pulumi.core.Output<java.lang.String> region()
- Returns:
- The region in which to obtain the V3 Keystone client. If omitted, the `region` argument of the provider is used. Changing this creates a new application credential.
-
roles
public com.pulumi.core.Output<java.util.List<java.lang.String>> roles()
- Returns:
- A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
-
secret
public com.pulumi.core.Output<java.lang.String> secret()
- Returns:
- The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
-
unrestricted
public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> unrestricted()
- Returns:
- A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
-
get
public static ApplicationCredential get(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, @Nullable ApplicationCredentialState state, @Nullable com.pulumi.resources.CustomResourceOptions options)
Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.- Parameters:
name- The _unique_ name of the resulting resource.id- The _unique_ provider ID of the resource to lookup.state-options- Optional settings to control the behavior of the CustomResource.
-
-