RBACRoleBinding represents a rbacrolebinding across the Fleet.
To get more information about ScopeRBACRoleBinding, see:
resource "google_gke_hub_scope" "scope" {
scope_id = "tf-test-scope%{random_suffix}"
}
resource "google_gke_hub_scope_rbac_role_binding" "scope_rbac_role_binding" {
scope_rbac_role_binding_id = "tf-test-scope-rbac-role-binding%{random_suffix}"
scope_id = google_gke_hub_scope.scope.scope_id
user = "test-email@gmail.com"
role {
predefined_role = "ADMIN"
}
labels = {
key = "value"
}
depends_on = [google_gke_hub_scope.scope]
}
The following arguments are supported:
scope_rbac_role_binding_id
-
(Required)
The client-provided identifier of the RBAC Role Binding.
role
-
(Required)
Role to bind to the principal.
Structure is documented below.
scope_id
-
(Required)
Id of the scope
predefined_role
-
(Optional)
PredefinedRole is an ENUM representation of the default Kubernetes Roles
Possible values are: UNKNOWN
, ADMIN
, EDIT
, VIEW
.user
-
(Optional)
Principal that is be authorized in the cluster (at least of one the oneof
is required). Updating one will unset the other automatically.
user is the name of the user as seen by the kubernetes cluster, example
"alice" or "alice@domain.tld"
group
-
(Optional)
Principal that is be authorized in the cluster (at least of one the oneof
is required). Updating one will unset the other automatically.
group is the group, as seen by the kubernetes cluster.
labels
-
(Optional)
Labels for this ScopeRBACRoleBinding.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}
name
-
The resource name for the RBAC Role Binding
uid
-
Google-generated UUID for this resource.
create_time
-
Time the RBAC Role Binding was created in UTC.
update_time
-
Time the RBAC Role Binding was updated in UTC.
delete_time
-
Time the RBAC Role Binding was deleted in UTC.
state
-
State of the RBAC Role Binding resource.
Structure is documented below.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
code
-
(Output)
Code describes the state of a RBAC Role Binding resource.This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.ScopeRBACRoleBinding can be imported using any of these accepted formats:
projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}
{{project}}/{{scope_id}}/{{scope_rbac_role_binding_id}}
{{scope_id}}/{{scope_rbac_role_binding_id}}
In Terraform v1.5.0 and later, use an import
block to import ScopeRBACRoleBinding using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}"
to = google_gke_hub_scope_rbac_role_binding.default
}
When using the terraform import
command, ScopeRBACRoleBinding can be imported using one of the formats above. For example:
$ terraform import google_gke_hub_scope_rbac_role_binding.default projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}
$ terraform import google_gke_hub_scope_rbac_role_binding.default {{project}}/{{scope_id}}/{{scope_rbac_role_binding_id}}
$ terraform import google_gke_hub_scope_rbac_role_binding.default {{scope_id}}/{{scope_rbac_role_binding_id}}
This resource supports User Project Overrides.