diff --git a/mmv1/products/privilegedaccessmanager/Entitlement.yaml b/mmv1/products/privilegedaccessmanager/Entitlement.yaml index fd56aec51ab1..f6d30b50c635 100644 --- a/mmv1/products/privilegedaccessmanager/Entitlement.yaml +++ b/mmv1/products/privilegedaccessmanager/Entitlement.yaml @@ -22,10 +22,16 @@ import_format: - "{{parent}}/locations/{{location}}/entitlements/{{entitlement_id}}" update_verb: :PATCH update_mask: true - description: | An Entitlement defines the eligibility of a set of users to obtain a predefined access for some time possibly after going through an approval workflow. autogen_async: true +examples: + - !ruby/object:Provider::Terraform::Examples + name: "privileged_access_manager_entitlement_basic" + min_version: beta + primary_resource_id: "tf_entitlement" + vars: + entitlement_id: "example_entitlement" properties: - !ruby/object:Api::Type::String name: name diff --git a/mmv1/templates/terraform/examples/privileged_access_manager_entitlement_basic.tf.erb b/mmv1/templates/terraform/examples/privileged_access_manager_entitlement_basic.tf.erb new file mode 100644 index 000000000000..5a93d2d05d5c --- /dev/null +++ b/mmv1/templates/terraform/examples/privileged_access_manager_entitlement_basic.tf.erb @@ -0,0 +1,22 @@ +resource "google_privileged_access_manager_entitlement" "<%= ctx[:primary_resource_id] %>" { + provider = google-beta + entitlement_id = "<%= ctx[:vars]['entitlement_id'] %>" + location = "global" + max_request_duration = "43200s" + parent = "projects/itsvarsharma-pam-testing" + requester_justification_config { + unstructured{} + } + eligible_users { + principals = ["serviceAccount:test2102@itsvarsharma-pam-testing.iam.gserviceaccount.com"] + } + privileged_access{ + gcp_iam_access{ + role_bindings{ + role = "roles/storage.admin" + } + resource = "//cloudresourcemanager.googleapis.com/projects/itsvarsharma-pam-testing" + resource_type = "cloudresourcemanager.googleapis.com/Project" + } + } +}