Skip to main content

Schema

Required

  • parent_id (String) Identifier of the parent resource to which the resource belongs.

Optional

  • labels (Map of String) : Labels associated with the resource.
  • member_id (String) Member of the group. Can be tenant user account id or service account id.
  • metadata (Attributes) :

    Inner value description

    Common resource metadata. (see below for nested schema)
  • name (String) Human readable name for the resource.

Read-Only

  • created_at (String) : Timestamp indicating when the resource was created. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM
  • id (String) Identifier for the resource, unique for its resource type.
  • resource_version (Number) : Version of the resource for safe concurrent modifications and consistent reads. Positive and monotonically increases on each resource spec change (but not on each change of the resource’s container(s) or status). Service allows zero value or current.
  • status (Attributes) (see below for nested schema)
  • updated_at (String) : Timestamp indicating when the resource was last updated. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM

Nested Schema for metadata

Nested Schema for status

Read-Only:
  • service_account_status (Attributes) Cannot be set alongside tenant_user_account_status. (see below for nested schema)
  • tenant_user_account_status (Attributes) Cannot be set alongside service_account_status. (see below for nested schema)

Nested Schema for status.service_account_status

Read-Only:
  • active (Boolean)

Nested Schema for status.tenant_user_account_status

Read-Only:
  • federation_id (String) : the federation id of the linked user account. Could be empty in a case of a tenant user account belongs to an invitation which wasn’t accepted.
  • invitation_id (String) : if a tenant user account is created during invitation it gets a reference to the invitation resource once invitation is accepted it looses this reference (and internally gets a reference to their global federated user account)
  • state (String) :

    Supported values

    Possible values:
    • STATE_UNSPECIFIED
    • ACTIVE:
      • in case of ordinary tenant user account a corresponding user can log into the system and use granted tenant resources
      • in case of invited tenant user account once the invitation is accepted a corresponding user can start using granted resources immediately
    • INACTIVE - unused
    • BLOCKED:
      • in case of ordinary tenant user account a corresponding user can log into the system but cannot be authorized to use tenant resources
      • in case of invited tenant user account once the invitation is accepted a corresponding user cannot start using granted resources until is unblocked
  • user_account_state (String) : user account state can help distinguish case when account is blocked globally

    Supported values

    Possible values:
    • STATE_UNSPECIFIED
    • ACTIVE - usual state when federated user can log into the system and view/manage granted resources in one or more tenants
    • INACTIVE - federated user can be blocked (manually or by any specific automated process), in this state user cannot log into the system
    • DELETING: federated user can be deleted/forgot, in this state user cannot log into the system and various internal removal interactions are in progress