» openstack_identity_application_credential_v3

Manages a V3 Application Credential resource within OpenStack Keystone.

Note: All arguments including the application credential name and secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

Note: An Application Credential is created within the authenticated user project scope and is not visible by an admin or other accounts. The Application Credential visibility is similar to openstack_compute_keypair_v2.

» Example Usage

» Predefined secret

Application credential below will have only one swiftoperator role.

resource "openstack_identity_application_credential_v3" "swift" {
  name        = "swift"
  description = "Swift technical application credential"
  secret      = "supersecret"
  roles       = ["swiftoperator"]
  expires_at  = "2019-02-13T12:12:12Z"
}

» Unrestricted with autogenerated secret and unlimited TTL

Application credential below will inherit all the current user's roles.

WARNING: Restrictions on these Identity operations are deliberately imposed as a safeguard to prevent a compromised application credential from regenerating itself. Disabling this restriction poses an inherent added risk.

resource "openstack_identity_application_credential_v3" "unrestricted" {
  name         = "unrestricted"
  description  = "Unrestricted application credential"
  unrestricted = true
}

output "application_credential_secret" {
  value = "${openstack_identity_application_credential_v3.unrestricted.secret}"
}

» Argument Reference

The following arguments are supported:

region - (Optional) The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
name - (Required) A name of the application credential. Changing this creates a new application credential.
description - (Optional) A description of the application credential. Changing this creates a new application credential.
unrestricted - (Optional) A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
secret - (Optional) The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
roles - (Optional) A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
expires_at - (Optional) The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

» Attributes Reference

The following attributes are exported:

region - See Argument Reference above.
name - See Argument Reference above.
description - See Argument Reference above.
unrestricted - See Argument Reference above.
secret - See Argument Reference above.
roles - See Argument Reference above.
expires_at - See Argument Reference above.
project_id - The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.

» Import

Application Credentials can be imported using the id, e.g.

$ terraform import openstack_identity_application_credential_v3.application_credential_1 c17304b7-0953-4738-abb0-67005882b0a0