Allows configuring a single GCP resource that should be inside of the spec
block of a dry run service perimeter.
This resource is intended to be used in cases where it is not possible to compile a full list
of projects to include in a google_access_context_manager_service_perimeter
resource,
to enable them to be added separately.
If your perimeter is NOT in dry-run mode use google_access_context_manager_service_perimeter_resource
instead.
To get more information about ServicePerimeterDryRunResource, see:
resource "google_access_context_manager_service_perimeter_dry_run_resource" "service-perimeter-dry-run-resource" {
perimeter_name = google_access_context_manager_service_perimeter.service-perimeter-dry-run-resource.name
resource = "projects/987654321"
}
resource "google_access_context_manager_service_perimeter" "service-perimeter-dry-run-resource" {
parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all"
title = "restrict_all"
spec {
restricted_services = ["storage.googleapis.com"]
}
use_explicit_dry_run_spec = true
lifecycle {
ignore_changes = [spec[0].resources]
}
}
resource "google_access_context_manager_access_policy" "access-policy" {
parent = "organizations/123456789"
title = "my policy"
}
The following arguments are supported:
resource
-
(Required)
A GCP resource that is inside of the service perimeter.
Currently only projects are allowed.
Format: projects/{project_number}
perimeter_name
-
(Required)
The name of the Service Perimeter to add this resource to.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{perimeter_name}}/{{resource}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.delete
- Default is 20 minutes.ServicePerimeterDryRunResource can be imported using any of these accepted formats:
{{perimeter_name}}/{{resource}}
In Terraform v1.5.0 and later, use an import
block to import ServicePerimeterDryRunResource using one of the formats above. For example:
import {
id = "{{perimeter_name}}/{{resource}}"
to = google_access_context_manager_service_perimeter_dry_run_resource.default
}
When using the terraform import
command, ServicePerimeterDryRunResource can be imported using one of the formats above. For example:
$ terraform import google_access_context_manager_service_perimeter_dry_run_resource.default {{perimeter_name}}/{{resource}}