Skip to content

googleIapClient

Contains the data that describes an Identity Aware Proxy owned client.

\~> Note: Only internal org clients can be created via declarative tools. External clients must be manually created via the GCP console. This restriction is due to the existing APIs and not lack of support in this tool.

To get more information about Client, see:

\~> Warning: All arguments including secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage - Iap Client

resource "google_project" "project" {
  project_id = "tf-test%{random_suffix}"
  name       = "tf-test%{random_suffix}"
  org_id     = "123456789"
}

resource "google_project_service" "project_service" {
  project = google_project.project.project_id
  service = "iap.googleapis.com"
}

resource "google_iap_brand" "project_brand" {
  support_email     = "support@example.com"
  application_title = "Cloud IAP protected Application"
  project           = google_project_service.project_service.project
}

resource "google_iap_client" "project_client" {
  display_name = "Test Client"
  brand        =  google_iap_brand.project_brand.name
}

Argument Reference

The following arguments are supported:

  • displayName - (Required) Human-friendly name given to the OAuth client.

  • brand - (Required) Identifier of the brand to which this client is attached to. The format is projects/{projectNumber}/brands/{brandId}/identityAwareProxyClients/{clientId}.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format {{brand}}/identityAwareProxyClients/{{clientId}}

  • secret - Output only. Client secret of the OAuth client. Note: This property is sensitive and will not be displayed in the plan.

  • clientId - Output only. Unique identifier of the OAuth client.

  • clientId: The OAuth2 ID of the client.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Client can be imported using any of these accepted formats:

$ terraform import google_iap_client.default {{brand}}/identityAwareProxyClients/{{client_id}}
$ terraform import google_iap_client.default {{brand}}/{{client_id}}