Adds a trust between Active Directory domains
To get more information about DomainTrust, see:
resource "google_active_directory_domain_trust" "ad-domain-trust" {
domain = "test-managed-ad.com"
target_domain_name = "example-gcp.com"
target_dns_ip_addresses = ["10.1.0.100"]
trust_direction = "OUTBOUND"
trust_type = "FOREST"
trust_handshake_secret = "Testing1!"
}
The following arguments are supported:
target_domain_name
-
(Required)
The fully qualified target domain name which will be in trust with the current domain.
trust_type
-
(Required)
The type of trust represented by the trust resource.
Possible values are: FOREST
, EXTERNAL
.
trust_direction
-
(Required)
The trust direction, which decides if the current domain is trusted, trusting, or both.
Possible values are: INBOUND
, OUTBOUND
, BIDIRECTIONAL
.
target_dns_ip_addresses
-
(Required)
The target DNS server IP addresses which can resolve the remote domain involved in the trust.
trust_handshake_secret
-
(Required)
The trust secret used for the handshake with the target domain. This will not be stored.
Note: This property is sensitive and will not be displayed in the plan.
domain
-
(Required)
The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,
https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.
selective_authentication
-
(Optional)
Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/global/domains/{{domain}}/{{target_domain_name}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.DomainTrust can be imported using any of these accepted formats:
projects/{{project}}/locations/global/domains/{{domain}}/{{target_domain_name}}
{{project}}/{{domain}}/{{target_domain_name}}
{{domain}}/{{target_domain_name}}
In Terraform v1.5.0 and later, use an import
block to import DomainTrust using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/global/domains/{{domain}}/{{target_domain_name}}"
to = google_active_directory_domain_trust.default
}
When using the terraform import
command, DomainTrust can be imported using one of the formats above. For example:
$ terraform import google_active_directory_domain_trust.default projects/{{project}}/locations/global/domains/{{domain}}/{{target_domain_name}}
$ terraform import google_active_directory_domain_trust.default {{project}}/{{domain}}/{{target_domain_name}}
$ terraform import google_active_directory_domain_trust.default {{domain}}/{{target_domain_name}}
This resource supports User Project Overrides.