openstack/python-openstackclient
Code Issues Proposed changes
Files
doc
source
_extra
cli
command-objects
access-token.rst
address-scope.rst
aggregate.rst
application-credentials.rst
availability-zone.rst
backup.rst
catalog.rst
command.rst
complete.rst
compute-agent.rst
compute-service.rst
configuration.rst
consistency-group-snapshot.rst
consistency-group.rst
console-log.rst
console-url.rst
consumer.rst
container.rst
credential.rst
domain.rst
ec2-credentials.rst
endpoint.rst
endpoint_group.rst
extension.rst
federation-protocol.rst
flavor.rst
floating-ip-pool.rst
floating-ip.rst
group.rst
host.rst
hypervisor-stats.rst
hypervisor.rst
identity-provider.rst
image.rst
implied_role.rst
ip-availability.rst
keypair.rst
limit.rst
limits.rst
mapping.rst
module.rst
network-agent.rst
network-auto-allocated-topology.rst
network-flavor-profile.rst
network-flavor.rst
network-meter-rule.rst
network-meter.rst
network-qos-policy.rst
network-qos-rule-type.rst
network-qos-rule.rst
network-rbac.rst
network-segment.rst
network-service-provider.rst
network.rst
network_segment_range.rst
object-store-account.rst
object.rst
policy.rst
port.rst
project-purge.rst
project.rst
quota.rst
region.rst
registered-limit.rst
request-token.rst
role-assignment.rst
role.rst
router.rst
security-group-rule.rst
security-group.rst
server-backup.rst
server-event.rst
server-group.rst
server-image.rst
server.rst
service-provider.rst
service.rst
snapshot.rst
subnet-pool.rst
subnet.rst
token.rst
trust.rst
usage.rst
user.rst
versions.rst
volume-backend.rst
volume-backup.rst
volume-host.rst
volume-qos.rst
volume-service.rst
volume-snapshot.rst
volume-transfer-request.rst
volume-type.rst
volume.rst
data
man
authentication.rst
backwards-incompatible.rst
command-list.rst
commands.rst
decoder.rst
index.rst
interactive.rst
plugin-commands.rst
configuration
contributor
conf.py
index.rst
Makefile
requirements.txt
examples
openstackclient
releasenotes
tools
.coveragerc
.gitignore
.gitreview
.mailmap
.stestr.conf
.zuul.yaml
CONTRIBUTING.rst
HACKING.rst
LICENSE
README.rst
babel.cfg
lower-constraints.txt
requirements.txt
setup.cfg
setup.py
test-requirements.txt
tox.ini
377c0ce0f73a961c0d013e10d85fcbd950f3d409
python-openstackclient/doc/source/cli/command-objects/network-rbac.rst
Doug Wiegley be7a75814c Add 'security_group' type support to network rbac commands 
Partial-Bug: #1817119
Depends-On: https://review.openstack.org/635311
Change-Id: I5f132fa54714514d8dae62df8bc494f3f6476768
2019-03-05 21:02:03 -07:00

3.4 KiB
Raw Blame History

network rbac

A network rbac is a Role-Based Access Control (RBAC) policy for network resources. It enables both operators and users to grant access to network resources for specific projects.

Network v2

network rbac create

Create network RBAC policy

network rbac create

openstack network rbac create
    --type <type>
    --action <action>
    [--target-project <target-project> | --target-all-projects]
    [--target-project-domain <target-project-domain>]
    [--project <project> [--project-domain <project-domain>]]
    <rbac-policy>

--type <type>

Type of the object that RBAC policy affects ("security_group", "qos_policy" or "network") (required)

--action <action>

Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)

--target-project <target-project>

The project to which the RBAC policy will be enforced (name or ID)

--target-all-projects

Allow creating RBAC policy for all projects.

--target-project-domain <target-project-domain>

Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.

--project <project>

The owner project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

The object to which this RBAC policy affects (name or ID)

network rbac delete

Delete network RBAC policy(s)

network rbac delete

openstack network rbac delete
    <rbac-policy> [<rbac-policy> ...]




RBAC policy(s) to delete (ID only)

network rbac list

List network RBAC policies

network rbac list

openstack network rbac list
    [--type <type>]
    [--action <action>]
    [--long]

--type <type>

List network RBAC policies according to given object type ("security_group", "qos_policy" or "network")

--action <action>

List network RBAC policies according to given action ("access_as_external" or "access_as_shared")

--long

List additional fields in output

network rbac set

Set network RBAC policy properties

network rbac set

openstack network rbac set
    [--target-project <target-project> [--target-project-domain <target-project-domain>]]
    <rbac-policy>

--target-project <target-project>

The project to which the RBAC policy will be enforced (name or ID)

--target-project-domain <target-project-domain>

Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.

RBAC policy to be modified (ID only)

network rbac show

Display network RBAC policy details

network rbac show

openstack network rbac show
    <rbac-policy>




RBAC policy (ID only)