aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c2bc19c71f'
${ noResults }
boundary/website/content/docs/common-workflows/manage-scopes.mdx

150 lines
4.9 KiB
Raw Blame History

---
layout: docs
page_title: Manage Scopes
description: How to manage Boundary scopes
---
# Manage Scopes
[Scopes](/boundary/docs/concepts/domain-model/scopes) are a foundational part of Boundary. They allow users to partition resources and assign ownership of resources to principals. There are three types of scopes within Boundary:
1. Global (`global`)
2. Org
3. Project
These are in a hierarchy:
- There is only one single `global` scope. It is meant as the entry point for initial administration/setup and to manage org scopes.
- Under the `global` scope there can be many org scopes. These are used to hold IAM-related resources and project scopes.
- Under each org scope can be many project scopes. These are used to hold infrastructure-related resources.
Some resources can only be associated with a specific level of scope. As an example, [Targets](/boundary/docs/concepts/domain-model/targets) can only be contained within a project scope. Other resources can be contained by multiple scopes. For example, users can be created within the `global` scope or an org-level scope. See the [domain model](/boundary/docs/concepts/domain-model) for detailed resource specific information.
In this example, we're going to create two scopes, an org and a project.
~> All resource IDs in this example are illustration only - IDs are uniquely generated for every resource upon creation with the exception being
generated resources in `dev` mode. Please make sure to use the resource IDs that are generated when running this example. For example, if you run
`boundary users create`, use the resource ID of the user seen in stdout, not the ID in the example command.
## Create an Org
In this example, we're going to create an org, which lives in the `global` scope.
~> The CLI and UI will default to having certain administrative roles be created
automatically when a scope is created, so that the user that created the scope
can immediately manage it. The Terraform provider defaults skipping creation of
those roles so that resources are not created outside of Terraform's purview. To
simplify this example, we are telling Terraform to allow these roles to be
created in both this section and in the next section where we create a project
scope.
<Tabs>
<Tab heading="CLI">
```bash
$ boundary scopes create -scope-id global -name my_org -description 'My first org'
Scope information:
Created Time: Tue, 29 Sep 2020 05:48:22 PDT
Description: My first org
ID: o_y0fEd8iY2J
Name: my_org
Updated Time: Tue, 29 Sep 2020 05:48:22 PDT
Version: 1
Scope (parent):
ID: global
Name: global
Type: global
```
</Tab>
<Tab heading="Admin Console">
1. Navigate to the Boundary landing page.
1. Choose the **New** button.
1. Fill org details.
1. Choose **Save** and view the org on the Boundary landing page.
<video muted playsInline autoPlay loop class="boundary-clickthrough-video">
<source
type="video/mp4"
src="https://www.datocms-assets.com/2885/1605553455-boundary-clickthrough-manage-scopes-create-org-v0-1-2.mp4"
/>
</video>
</Tab>
<Tab heading="Terraform">
```hcl
resource "boundary_scope" "org" {
scope_id = "global"
name = "my_org"
description = "My first org"
auto_create_default_role = true
auto_create_admin_role = true
}
```
</Tab>
</Tabs>
## Create a Project
Next, we're going to add a project scope to our org.
<Tabs>
<Tab heading="CLI">
```bash
$ boundary scopes create -scope-id o_0MkQUfE9jA -name my_project -description 'My first project'
Scope information:
Created Time: Tue, 29 Sep 2020 05:57:45 PDT
Description: My first project
ID: p_jqCwqjSTQ4
Name: my_project
Updated Time: Tue, 29 Sep 2020 05:57:45 PDT
Version: 1
Scope (parent):
ID: o_0MkQUfE9jA
Name: my_org
Parent Scope ID: global
Type: org
```
</Tab>
<Tab heading="Admin Console">
1. Navigate to an org, which leads to an overview of projects within that org.
1. Choose the **New** button.
1. Fill project details.
1. Choose **Save** and view the project edit form page.
1. _Note_: by default, edit forms are disabled to help prevent unintended edits. To edit your new project choose **Edit Form**.
<video muted playsInline autoPlay loop class="boundary-clickthrough-video">
<source
type="video/mp4"
src="https://www.datocms-assets.com/2885/1605553491-boundary-clickthrough-manage-scopes-create-project-v0-1-2.mp4"
/>
</video>
</Tab>
<Tab heading="Terraform">
```hcl
resource "boundary_scope" "project" {
name = "my_project"
description = "My first project"
# scope_id is taken from the org resource defined above
scope_id = boundary_scope.org.id
auto_create_admin_role = true
auto_create_default_role = true
}
```
</Tab>
</Tabs>
Reference in new issue View Git Blame Copy Permalink