google_access_context_manager_access_level_condition

Allows configuring a single access level condition to be appended to an access level's conditions. This resource is intended to be used in cases where it is not possible to compile a full list of conditions to include in a google_access_context_manager_access_level resource, to enable them to be added separately.

To get more information about AccessLevelCondition, see:

Example Usage - Access Context Manager Access Level Condition Basic

resource "google_access_context_manager_access_level" "access-level-service-account" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"
  title  = "chromeos_no_lock"
  basic {
    conditions {
      device_policy {
        require_screen_lock = true
        os_constraints {
          os_type = "DESKTOP_CHROME_OS"
        }
      }
      regions = [
  "CH",
  "IT",
  "US",
      ]
    }
  }

  lifecycle {
    ignore_changes = [basic.0.conditions]
  }
}

resource "google_service_account" "created-later" {
  account_id = "my-account-id"
}

resource "google_access_context_manager_access_level_condition" "access-level-conditions" {
  access_level = google_access_context_manager_access_level.access-level-service-account.name
  ip_subnetworks = ["192.0.4.0/24"]
  members = ["user:test@google.com", "user:test2@google.com", "serviceAccount:${google_service_account.created-later.email}"]
  negate = false
  device_policy {
    require_screen_lock = false
    require_admin_approval = false
    require_corp_owned = true
    os_constraints {
      os_type = "DESKTOP_CHROME_OS"
    }
  }
  regions = [
    "IT",
    "US",
  ]
}

resource "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/123456789"
  title  = "my policy"
}

Argument Reference

The following arguments are supported:


The device_policy block supports:

The os_constraints block supports:

The vpc_network_sources block supports:

The vpc_subnetwork block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

This resource does not support import.