Skip to content

service_token.md

Latest commit

 

History

History
133 lines (104 loc) · 4.08 KB

service_token.md

File metadata and controls

133 lines (104 loc) · 4.08 KB
page_title dbtcloud_service_token Resource - dbtcloud
subcategory
description

dbtcloud_service_token (Resource)

Nested Schema for service_token_permissions

The mapping of permission names from the docs to a permissions_set in service_token_permissions:

Permission name permission_set = ...
Account Admin account_admin
Account Viewer account_viewer
Admin admin
Analyst analyst
Billing Admin billing_admin
Cost Management viewer cost_management_viewer
Cost Management admin cost_management_admin
Database Admin database_admin
Developer developer
Fusion Admin fusion_admin
Git Admin git_admin
Job Admin job_admin
Job Runner job_runner
Job Viewer job_viewer
Manage marketplace apps manage_marketplace_apps
Member member
Metadata Only metadata_only
Notification Manager notification_manager
Owner owner
Project Creator project_creator
Read-Only readonly
Security Admin security_admin
Semantic Layer Only semantic_layer_only
Stakeholder stakeholder
Team Admin team_admin
Webhooks Only webhooks_only

Example Usage

resource "dbtcloud_service_token" "test_service_token" {
  name = "Test Service Token"

  // Grant the service token `git_admin` permissions on all projects
  service_token_permissions {
    permission_set = "git_admin"
    all_projects   = true
  }

  // Grant the service token `job_admin` permissions on a specific project
  service_token_permissions {
    permission_set = "job_admin"
    all_projects   = false
    project_id     = dbtcloud_project.dbt_project.id
  }

  // Grant the service token `developer` permissions on all projects, 
  // but only in the `development` and `staging` environments
  //
  // NOTE: This is only configurable for certain `permission_set` values
  service_token_permissions {
    permission_set = "developer"
    all_projects   = true
    writable_environment_categories = [
      "development",
      "staging"
    ]
  }
}

Schema

Required

  • name (String) Service token name

Optional

  • service_token_permissions (Block Set) Permissions set for the service token (see below for nested schema)
  • state (Number) Service token state (1 is active, 2 is inactive)

Read-Only

  • id (String) The ID of the service token
  • token_string (String, Sensitive) Service token secret value (only accessible on creation))
  • uid (String) Service token UID (part of the token)

Nested Schema for service_token_permissions

Required:

  • all_projects (Boolean) Whether or not to apply this permission to all projects for this service token
  • permission_set (String) Set of permissions to apply

Optional:

  • project_id (Number) Project ID to apply this permission to for this service token
  • writable_environment_categories (Set of String) What types of environments to apply Write permissions to. Even if Write access is restricted to some environment types, the permission set will have Read access to all environments. The values allowed are all, development, staging, production and other. Not setting a value (or setting an empty list) means the permission set has no Write access to any environment — only Read access. To grant Write access to all environments, set this to ["all"]. Not all permission sets support environment level write settings, only analyst, database_admin, developer, git_admin and team_admin.

Import

Import is supported using the following syntax:

# using  import blocks (requires Terraform >= 1.5)
import {
  to = dbtcloud_service_token.my_service_token
  id = "service_token_id"
}

import {
  to = dbtcloud_service_token.my_service_token
  id = "12345"
}

# using the older import command
terraform import dbtcloud_service_token.my_service_token "service_token_id"
terraform import dbtcloud_service_token.my_service_token 12345