openstack/python-openstackclient
Code Issues Proposed changes
python-openstackclient/doc/source/cli/command-objects/role.rst
Vishakha Agarwal 7f66273d3f Add resource option immutable 
This patch adds the --immutable and --no-immutable option to the
role, project and domain CLI.

Related-Patch: https://review.opendev.org/#/c/712182/

Change-Id: I9c3bdd741f28bf558267fb217818d947597ce13e
2020-04-08 13:51:01 +00:00

5.9 KiB
Raw Blame History

role

Identity v2, v3

role add

Add role assignment to a user or group in a project or domain

role add

openstack role add
    --system <system> | --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>

--system <system>

Include <system>

System or service to grant authorization to. Currently only all is supported which encompasses the entire deployment system.

3

--domain <domain>

Include <domain> (name or ID)

3

--project <project>

Include <project> (name or ID)

--user <user>

Include <user> (name or ID)

--group <group>

Include <group> (name or ID)

3

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

3

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

3

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

3

--inherited

Specifies if the role grant is inheritable to the sub projects.

3

--role-domain <role-domain>

Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

3

<role>

Role to add to <project>:<user> (name or ID)

role create

Create new role

role create

openstack role create
    [--or-show]
    [--domain <domain>]
    [--immutable | --no-immutable]
    <name>

--domain <domain>

Domain the role belongs to (name or ID).

3

--or-show

Return existing role

If the role already exists return the existing role data and do not fail.

<name>

New role name

--description <description>

Add description about the role

--immutable

Make role immutable. An immutable role may not be deleted or modified except to remove the immutable flag

--no-immutable

Make role mutable (default)

role delete

Delete role(s)

role delete

openstack role delete
    <role> [<role> ...]
    [--domain <domain>]

<role>

Role to delete (name or ID)

--domain <domain>

Domain the role belongs to (name or ID).

3

role list

List roles

role list

openstack role list
    [--domain <domain>]

--domain <domain>

Filter roles by <domain> (name or ID)

3

role remove

Remove role assignment from domain/project : user/group

role remove

openstack role remove
    --system <system> | --domain <domain> | --project <project> [--project-domain <project-domain>]
    --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
    --role-domain <role-domain>
    --inherited
    <role>

--system <system>

Include <system>

System or service to remove authorization from. Currently only all is supported which encompasses the entire deployment system.

3

--domain <domain>

Include <domain> (name or ID)

3

--project <project>

Include <project> (name or ID)

--user <user>

Include <user> (name or ID)

--group <group>

Include <group> (name or ID)

3

--user-domain <user-domain>

Domain the user belongs to (name or ID). This can be used in case collisions between user names exist.

3

--group-domain <group-domain>

Domain the group belongs to (name or ID). This can be used in case collisions between group names exist.

3

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

3

--inherited

Specifies if the role grant is inheritable to the sub projects.

3

--role-domain <role-domain>

Domain the role belongs to (name or ID). This must be specified when the name of a domain specific role is used.

3

<role>

Role to remove (name or ID)

role set

Set role properties

3

role set

openstack role set
    [--name <name>]
    [--domain <domain>]
    [--immutable | --no-immutable]
    <role>

--name <name>

Set role name

--domain <domain>

Domain the role belongs to (name or ID).

3

<role>

Role to modify (name or ID)

--immutable

Make role immutable. An immutable role may not be deleted or modified except to remove the immutable flag

--no-immutable

Make role mutable (default)

role show

Display role details

role show

openstack role show
    [--domain <domain>]
    <role>

--domain <domain>

Domain the role belongs to (name or ID).

3

<role>

Role to display (name or ID)