Skip to content

Latest commit

 

History

History
164 lines (128 loc) · 6.29 KB

configuration_template.md

File metadata and controls

164 lines (128 loc) · 6.29 KB
page_title subcategory description
opal_configuration_template Resource - terraform-provider-opal
ConfigurationTemplate Resource

opal_configuration_template (Resource)

ConfigurationTemplate Resource

Example Usage

resource "opal_configuration_template" "my_configurationtemplate" {
  admin_owner_id = "7c86c85d-0651-43e2-a748-d69d658418e8"
  break_glass_user_ids = [
    "363ceb0c-fb02-4f61-9943-5ac9e969aba2"
  ]
  custom_request_notification = "Check your email to register your account."
  linked_audit_message_channel_ids = [
    "85b8103e-608c-4d47-9207-1aa604564cf3"
  ]
  member_oncall_schedule_ids = [
    "b5dab04b-c577-4029-899d-37113cdd854c"
  ]
  name = "Prod AWS Template"
  request_configurations = [
    {
      allow_requests = true
      auto_approval  = false
      condition = {
        group_ids = [
          "1c5f9802-81cc-4f6d-a68f-50913fa8d0d4"
        ]
        role_remote_ids = [
          "..."
        ]
      }
      max_duration           = 120
      priority               = 1
      recommended_duration   = 120
      request_template_id    = "06851574-e50d-40ca-8c78-f72ae6ab4304"
      require_mfa_to_request = false
      require_support_ticket = false
      reviewer_stages = [
        {
          operator = "AND"
          owner_ids = [
            "b36e5198-3e15-4769-a321-00db76ac9873"
          ]
          require_admin_approval   = false
          require_manager_approval = false
        }
      ]
    }
  ]
  require_mfa_to_approve = false
  require_mfa_to_connect = false
  ticket_propagation = {
    enabled_on_grant      = true
    enabled_on_revocation = false
    ticket_project_id     = "...my_ticket_project_id..."
    ticket_provider       = "LINEAR"
  }
  visibility = {
    visibility = "GLOBAL"
    visibility_group_ids = [
      "4cee664d-9798-40ae-97ab-eeb66b726920"
    ]
  }
}

Schema

Required

  • admin_owner_id (String) The ID of the owner of the configuration template.
  • name (String) The name of the configuration template.
  • require_mfa_to_connect (Boolean) A bool representing whether or not to require MFA to connect to resources associated with this configuration template.
  • visibility (Attributes) Visibility infomation of an entity. (see below for nested schema)

Optional

  • break_glass_user_ids (Set of String) The IDs of the break glass users linked to the configuration template.
  • custom_request_notification (String) Custom request notification sent upon request approval for this configuration template.
  • linked_audit_message_channel_ids (Set of String) The IDs of the audit message channels linked to the configuration template.
  • member_oncall_schedule_ids (Set of String) The IDs of the on-call schedules linked to the configuration template.
  • request_configurations (Attributes List) The request configuration list of the configuration template. If not provided, the default request configuration will be used. (see below for nested schema)
  • require_mfa_to_approve (Boolean) A bool representing whether or not to require MFA for reviewers to approve requests for this configuration template. Default: false
  • ticket_propagation (Attributes) Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource. (see below for nested schema)

Read-Only

  • configuration_template_id (String) The ID of the configuration template.
  • request_configuration_id (String) The ID of the request configuration linked to the configuration template.

Nested Schema for visibility

Required:

  • visibility (String) The visibility level of the entity. must be one of ["GLOBAL", "LIMITED"]

Optional:

  • visibility_group_ids (Set of String)

Nested Schema for request_configurations

Required:

  • allow_requests (Boolean) A bool representing whether or not to allow requests for this resource.
  • auto_approval (Boolean) A bool representing whether or not to automatically approve requests for this resource.
  • priority (Number) The priority of the request configuration.
  • require_mfa_to_request (Boolean) A bool representing whether or not to require MFA for requesting access to this resource.
  • require_support_ticket (Boolean) A bool representing whether or not access requests to the resource require an access ticket.

Optional:

  • condition (Attributes) (see below for nested schema)
  • max_duration (Number) The maximum duration for which the resource can be requested (in minutes).
  • recommended_duration (Number) The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.
  • request_template_id (String) The ID of the associated request template.
  • reviewer_stages (Attributes List) The list of reviewer stages for the request configuration. (see below for nested schema)

Nested Schema for request_configurations.condition

Optional:

  • group_ids (Set of String) The list of group IDs to match.
  • role_remote_ids (Set of String) The list of role remote IDs to match.

Nested Schema for request_configurations.reviewer_stages

Required:

  • owner_ids (Set of String)
  • require_manager_approval (Boolean) Whether this reviewer stage should require manager approval.

Optional:

  • operator (String) The operator of the reviewer stage. Admin and manager approval are also treated as reviewers. Default: "AND"; must be one of ["AND", "OR"]
  • require_admin_approval (Boolean) Whether this reviewer stage should require admin approval.

Nested Schema for ticket_propagation

Optional:

  • enabled_on_grant (Boolean) Not Null
  • enabled_on_revocation (Boolean) Not Null
  • ticket_project_id (String)
  • ticket_provider (String) The third party ticketing platform provider. must be one of ["JIRA", "LINEAR", "SERVICE_NOW"]