blob: 45fd354deb5dfb3bb755b7a990f92abf92036ebd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
============
network rbac
============
A **network rbac** is a Role-Based Access Control (RBAC) policy for
network resources. It enables both operators and users to grant access
to network resources for specific projects.
Network v2
network rbac create
-------------------
Create network RBAC policy
.. program:: network rbac create
.. code:: bash
openstack network rbac create
--type <type>
--action <action>
[--target-project <target-project> | --target-all-projects]
[--target-project-domain <target-project-domain>]
[--project <project> [--project-domain <project-domain>]]
<rbac-policy>
.. option:: --type <type>
Type of the object that RBAC policy affects ("qos_policy" or "network") (required)
.. option:: --action <action>
Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)
.. option:: --target-project <target-project>
The project to which the RBAC policy will be enforced (name or ID)
.. option:: --target-all-projects
Allow creating RBAC policy for all projects.
.. option:: --target-project-domain <target-project-domain>
Domain the target project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. option:: --project <project>
The owner project (name or ID)
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. _network_rbac_create-rbac-policy:
.. describe:: <rbac-object>
The object to which this RBAC policy affects (name or ID)
network rbac delete
-------------------
Delete network RBAC policy(s)
.. program:: network rbac delete
.. code:: bash
openstack network rbac delete
<rbac-policy> [<rbac-policy> ...]
.. _network_rbac_delete-rbac-policy:
.. describe:: <rbac-policy>
RBAC policy(s) to delete (ID only)
network rbac list
-----------------
List network RBAC policies
.. program:: network rbac list
.. code:: bash
openstack network rbac list
[--type <type>]
[--action <action>]
[--long]
.. option:: --type <type>
List network RBAC policies according to given object type ("qos_policy" or "network")
.. option:: --action <action>
List network RBAC policies according to given action ("access_as_external" or "access_as_shared")
.. option:: --long
List additional fields in output
network rbac set
----------------
Set network RBAC policy properties
.. program:: network rbac set
.. code:: bash
openstack network rbac set
[--target-project <target-project> [--target-project-domain <target-project-domain>]]
<rbac-policy>
.. option:: --target-project <target-project>
The project to which the RBAC policy will be enforced (name or ID)
.. option:: --target-project-domain <target-project-domain>
Domain the target project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. _network_rbac_set-rbac-policy:
.. describe:: <rbac-policy>
RBAC policy to be modified (ID only)
network rbac show
-----------------
Display network RBAC policy details
.. program:: network rbac show
.. code:: bash
openstack network rbac show
<rbac-policy>
.. _network_rbac_show-rbac-policy:
.. describe:: <rbac-policy>
RBAC policy (ID only)
|
