it_automation_policy_precedence
This resource allows you to set the precedence of IT Automation policies based on the order of policy IDs.
API Scopes
Section titled “API Scopes”The following API scopes are required:
- IT Automation - Policies: READ
- IT Automation - Policies: WRITE
- IT Automation - Task Executions: READ
- IT Automation - Task Executions: WRITE
- IT Automation - Tasks: READ
- IT Automation - Tasks: WRITE
- IT Automation - User Groups: READ
- IT Automation - User Groups: WRITE
~> Important Only one precedence resource per platform is allowed. Multiple precedence resources for the same platform will conflict.
Enforcement Modes
Section titled “Enforcement Modes”This resource supports two enforcement modes:
Strict Enforcement (enforcement = "strict")
Section titled “Strict Enforcement (enforcement = "strict")”With strict enforcement, you are managing ALL IT Automation policies for the specified platform. All policies must be specified in the policy_ids list, even if they were not created by Terraform. If any policy exists on the platform but is not in your list, Terraform will report drift and attempt to reconcile the precedence order.
Dynamic Enforcement (enforcement = "dynamic")
Section titled “Dynamic Enforcement (enforcement = "dynamic")”With dynamic enforcement, you can manage a subset of IT Automation policies for the specified platform. The policies you specify will have precedence before any policies not managed by Terraform. Policies outside of Terraform management will be ordered after your managed policies. This is useful when you want to ensure certain policies always execute first without managing the complete policy list.
Example Usage
Section titled “Example Usage”terraform { required_providers { crowdstrike = { source = "registry.terraform.io/crowdstrike/crowdstrike" } }}
provider "crowdstrike" { cloud = "us-2"}
resource "crowdstrike_it_automation_policy_precedence" "strict_example" { platform_name = "Windows" enforcement = "strict"
# Strict requires ALL policy IDs to be specified. ids = [ "717cc96f8c5240bd8126f58153a8b13f", "acc1c69c65ac4a238406f75d6adee02e", "ce5779ce62aa4e6fbb647abd45193d11", "9d2f8e1a3b5c4e6f7890123456789abc", "4a7b2c8d9e0f1234567890abcdef5678", "f8e9d0c1b2a3456789012345678901de", ]}
resource "crowdstrike_it_automation_policy_precedence" "dynamic_example" { platform_name = "Linux" enforcement = "dynamic"
ids = [ "859448168fe947d781798b090402479c", "2b5ecfeb8dc24a73bb3a51c76cfbd02e", ]}
output "strict_policy_precedence" { value = crowdstrike_it_automation_policy_precedence.strict_example}
output "dynamic_policy_precedence" { value = crowdstrike_it_automation_policy_precedence.dynamic_example}Schema
Section titled “Schema”Required
Section titled “Required”enforcement(String) The enforcement type for this resource.strictrequires all policy IDs for the platform to be specified.dynamicallows managing a subset of policies with precedence over unmanaged policies.ids(List of String) The policy IDs in order. The first ID specified will have the highest precedence and the last ID specified will have the lowest.platform_name(String) The platform of the IT automation policies (Windows, Linux, Mac).
Read-Only
Section titled “Read-Only”last_updated(String) Timestamp of the last Terraform update of the resource.
Import
Section titled “Import”Import is supported using the following syntax:
# it automation policy precedence can be imported by specifying the platform (Windows, Linux, or Mac).terraform import crowdstrike_it_automation_policy_precedence.example Windows
# using import block (requires terraform 1.5+)import { to = crowdstrike_it_automation_policy_precedence.example id = "Windows"}