Skip to main content

servercore_iam_user_v1

Creates and manages a control panel (local) user or a federated user using public API v1. Servercore products support Identity and Access Management (IAM). For more information about users, see the official Servercore documentation.

Example Usage

resource "servercore_iam_user_v1" "user_1" {
  email       = "mail@example.com"
  role {
    role_name = "member"
    scope     = "account"
  }
}

Argument Reference

  • email — (Required) Email address of the user. Changing this creates a new user. We will send authentication instructions to this email.

  • auth_type — (Optional) Authentication type of the user. Changing this creates a new user. Available types are local (for control panel users, to store the credentials locally in Servercore) and federated (for federated users, to store the credentials in the corporate Identity Provider). The default value is local. If auth_type is federated, the federation argument is required.

  • federation — (Optional) Information about the federation. auth_type must be set to federated.

    • id — (Required) Unique identifier of the federation.

    • external_id — (Required) Unique identifier of the user assigned by the Identity Provider.

  • role — (Optional) Manages service user roles. You can add multiple roles — each role in a separate block. For more information about roles, see the Roles section.

    • role_name — (Required) Role name. Available role names are iam_admin, member, reader, and billing.

    • scope — (Required) Scope of the role. Available scopes are account and project. If scope is project the project_id argument is required.

    • project_id — (Optional) Unique identifier of the associated project. Changing this creates a new service user. If scope is project, the project_id argument is required. Retrieved from the servercore_vpc_project_v2 resource. Learn more about Projects.

Roles

To assign roles, use the following values for scope and role_name:

  • Account administrator — scope is account, role_name is member.

  • Billing administrator — scope is account, role_name is billing.

  • User administrator — scope is account, role_name is iam_admin.

  • Project administrator — scope is project, role_name is member.

  • Account viewer — scope is account, role_name is reader.

  • Project viewer — scope is project, role_name is reader.

  • Object storage admin — scope is project, role_name is object_storage:admin.

  • Object storage user — scope is project, role_name is object_storage_user.

Attributes Reference

  • keystone_id — Unique Keystone identifier of the user.