google_access_context_manager_access_levels

Replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically. This is a bulk edit of all Access Levels and may override existing Access Levels created by google_access_context_manager_access_level, thus causing a permadiff if used alongside google_access_context_manager_access_level on the same parent.

To get more information about AccessLevels, see:

Example Usage - Access Context Manager Access Levels Basic

resource "google_access_context_manager_access_levels" "access-levels" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
  access_levels {
    name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"
    title  = "chromeos_no_lock"
    basic {
      conditions {
        device_policy {
          require_screen_lock = true
          os_constraints {
            os_type = "DESKTOP_CHROME_OS"
          }
        }
        regions = [
    "CH",
    "IT",
    "US",
        ]
      }
    }
  }

  access_levels {
    name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/mac_no_lock"
    title  = "mac_no_lock"
    basic {
      conditions {
        device_policy {
          require_screen_lock = true
          os_constraints {
            os_type = "DESKTOP_MAC"
          }
        }
        regions = [
    "CH",
    "IT",
    "US",
        ]
      }
    }
  }
}

resource "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/123456789"
  title  = "my policy"
}

Argument Reference

The following arguments are supported:


The access_levels block supports:

The basic block supports:

The conditions block supports:

The device_policy block supports:

The os_constraints block supports:

The vpc_network_sources block supports:

The vpc_subnetwork block supports:

The custom block supports:

The expr block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

AccessLevels can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import AccessLevels using one of the formats above. For example:

import {
  id = "{{parent}}/accessLevels"
  to = google_access_context_manager_access_levels.default
}

When using the terraform import command, AccessLevels can be imported using one of the formats above. For example:

$ terraform import google_access_context_manager_access_levels.default {{parent}}/accessLevels
$ terraform import google_access_context_manager_access_levels.default {{parent}}