Breaking changes
The access attribute in the twingate_resource Resource has been separated into access_group and access_service attributes. Groups and Service Account access much be specified via their respective block. Additionally, only a single group can be specified in a single access_group block.
These changes enable specifying Security Policies onaccess_group blocks:
twingate_resource "resource" {
name = "network"
address = "internal.int"
remote_network_id = twingate_remote_network.aws_network.id
security_policy_id = data.twingate_security_policy.strict_mfa.id
// Previously in v2.x.x
access {
group_ids = [twingate_group.aws.id]
service_account_ids = [twingate_service_account.github_actions_prod.id]
}
// From v3.0.0 and newer
// Group access is now assigned via the `access_group` block
access_group {
security_policy_id = twingate_security_policy.no_mfa.id
group_id = data.twingate_groups.devops.id
}
// To assign access to multiple groups, use a `dynamic` block
dynamic access_group {
for_each = toset([twingate_groups.infra.id, twingate_groups.security.id])
content {
security_policy_id = twingate_security_policy.no_mfa.id
group_id = access.value.key
}
}
// Service accounts are now assigned via the `service_access` block
// Service accounts do not use policies and, as such, one cannot be specified
access_service {
service_account_id = twingate_service_account.github_actions_prod.id
}
}What's Changed
Full Changelog: v2.1.2...v3.0.0