Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / refs/heads/main / . / v6.2.0 / website / docs / r / integrations_auth_config.html.markdown
blob: 6b54aee3840b787b4ad8624b791f3c5248e2ede5 [file] [log] [blame] [edit]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Application Integration"
description: |-
The AuthConfig resource use to hold channels and connection config data.
---
# google_integrations_auth_config
The AuthConfig resource use to hold channels and connection config data.
To get more information about AuthConfig, see:
* [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.authConfigs)
* How-to Guides
* [Manage authentication profiles](https://cloud.google.com/application-integration/docs/configure-authentication-profiles)
* [Official Documentation](https://cloud.google.com/application-integration/docs/overview)
## Example Usage - Integrations Auth Config Basic
```hcl
resource "google_integrations_client" "client" {
location = "us-west1"
}
resource "google_integrations_auth_config" "basic_example" {
location = "us-west1"
display_name = "test-authconfig"
description = "Test auth config created via terraform"
decrypted_credential {
credential_type = "USERNAME_AND_PASSWORD"
username_and_password {
username = "test-username"
password = "test-password"
}
}
depends_on = [google_integrations_client.client]
}
```
## Argument Reference
The following arguments are supported:
* `display_name` -
(Required)
The name of the auth config.
* `location` -
(Required)
Location in which client needs to be provisioned.
- - -
* `description` -
(Optional)
A description of the auth config.
* `visibility` -
(Optional)
The visibility of the auth config.
Possible values are: `PRIVATE`, `CLIENT_VISIBLE`.
* `expiry_notification_duration` -
(Optional)
User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours.
A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
* `override_valid_time` -
(Optional)
User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
* `decrypted_credential` -
(Optional)
Raw auth credentials.
Structure is [documented below](#nested_decrypted_credential).
* `client_certificate` -
(Optional)
Raw client certificate
Structure is [documented below](#nested_client_certificate).
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
<a name="nested_decrypted_credential"></a>The `decrypted_credential` block supports:
* `credential_type` -
(Required)
Credential type associated with auth configs.
* `username_and_password` -
(Optional)
Username and password credential.
Structure is [documented below](#nested_username_and_password).
* `oauth2_authorization_code` -
(Optional)
OAuth2 authorization code credential.
Structure is [documented below](#nested_oauth2_authorization_code).
* `oauth2_client_credentials` -
(Optional)
OAuth2 client credentials.
Structure is [documented below](#nested_oauth2_client_credentials).
* `jwt` -
(Optional)
JWT credential.
Structure is [documented below](#nested_jwt).
* `auth_token` -
(Optional)
Auth token credential.
Structure is [documented below](#nested_auth_token).
* `service_account_credentials` -
(Optional)
Service account credential.
Structure is [documented below](#nested_service_account_credentials).
* `oidc_token` -
(Optional)
Google OIDC ID Token.
Structure is [documented below](#nested_oidc_token).
<a name="nested_username_and_password"></a>The `username_and_password` block supports:
* `username` -
(Optional)
Username to be used.
* `password` -
(Optional)
Password to be used.
<a name="nested_oauth2_authorization_code"></a>The `oauth2_authorization_code` block supports:
* `client_id` -
(Optional)
The client's id.
* `client_secret` -
(Optional)
The client's secret.
* `scope` -
(Optional)
A space-delimited list of requested scope permissions.
* `auth_endpoint` -
(Optional)
The auth url endpoint to send the auth code request to.
* `token_endpoint` -
(Optional)
The token url endpoint to send the token request to.
<a name="nested_oauth2_client_credentials"></a>The `oauth2_client_credentials` block supports:
* `client_id` -
(Optional)
The client's ID.
* `client_secret` -
(Optional)
The client's secret.
* `token_endpoint` -
(Optional)
The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.
* `scope` -
(Optional)
A space-delimited list of requested scope permissions.
* `token_params` -
(Optional)
Token parameters for the auth request.
Structure is [documented below](#nested_token_params).
* `request_type` -
(Optional)
Represent how to pass parameters to fetch access token
Possible values are: `REQUEST_TYPE_UNSPECIFIED`, `REQUEST_BODY`, `QUERY_PARAMETERS`, `ENCODED_HEADER`.
<a name="nested_token_params"></a>The `token_params` block supports:
* `entries` -
(Optional)
A list of parameter map entries.
Structure is [documented below](#nested_entries).
<a name="nested_entries"></a>The `entries` block supports:
* `key` -
(Optional)
Key of the map entry.
Structure is [documented below](#nested_key).
* `value` -
(Optional)
Value of the map entry.
Structure is [documented below](#nested_value).
<a name="nested_key"></a>The `key` block supports:
* `literal_value` -
(Optional)
Passing a literal value
Structure is [documented below](#nested_literal_value).
<a name="nested_literal_value"></a>The `literal_value` block supports:
* `string_value` -
(Optional)
String.
<a name="nested_value"></a>The `value` block supports:
* `literal_value` -
(Optional)
Passing a literal value
Structure is [documented below](#nested_literal_value).
<a name="nested_literal_value"></a>The `literal_value` block supports:
* `string_value` -
(Optional)
String.
<a name="nested_jwt"></a>The `jwt` block supports:
* `jwt_header` -
(Optional)
Identifies which algorithm is used to generate the signature.
* `jwt_payload` -
(Optional)
Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token.
* `secret` -
(Optional)
User's pre-shared secret to sign the token.
* `jwt` -
(Output)
The token calculated by the header, payload and signature.
<a name="nested_auth_token"></a>The `auth_token` block supports:
* `type` -
(Optional)
Authentication type, e.g. "Basic", "Bearer", etc.
* `token` -
(Optional)
The token for the auth type.
<a name="nested_service_account_credentials"></a>The `service_account_credentials` block supports:
* `service_account` -
(Optional)
Name of the service account that has the permission to make the request.
* `scope` -
(Optional)
A space-delimited list of requested scope permissions.
<a name="nested_oidc_token"></a>The `oidc_token` block supports:
* `service_account_email` -
(Optional)
The service account email to be used as the identity for the token.
* `audience` -
(Optional)
Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for.
* `token` -
(Output)
ID token obtained for the service account.
* `token_expire_time` -
(Output)
The approximate time until the token retrieved is valid.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
<a name="nested_client_certificate"></a>The `client_certificate` block supports:
* `ssl_certificate` -
(Required)
The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.
* `encrypted_private_key` -
(Required)
The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.
* `passphrase` -
(Optional)
'passphrase' should be left unset if private key is not encrypted.
Note that 'passphrase' is not the password for web server, but an extra layer of security to protected private key.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `{{name}}`
* `name` -
Resource name of the auth config.
* `certificate_id` -
Certificate id for client certificate.
* `credential_type` -
Credential type of the encrypted credential.
* `creator_email` -
The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call.
* `create_time` -
The timestamp when the auth config is created.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
* `last_modifier_email` -
The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call.
* `update_time` -
The timestamp when the auth config is modified.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
* `state` -
The status of the auth config.
* `reason` -
The reason / details of the current status.
* `valid_time` -
The time until the auth config is valid. Empty or max value is considered the auth config won't expire.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
* `encrypted_credential` -
Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key.
A base64-encoded string.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
AuthConfig can be imported using any of these accepted formats:
* `{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import AuthConfig using one of the formats above. For example:
```tf
import {
id = "{{name}}"
to = google_integrations_auth_config.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), AuthConfig can be imported using one of the formats above. For example:
```
$ terraform import google_integrations_auth_config.default {{name}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).