Does anyone know the correct Terraform configuration to restrict an OAuth client’s access to specific divisions in a multi-tenant BPO setup?
I am setting up a local Docker Compose environment to mirror our production Genesys Cloud instance for integration testing. I need to create an OAuth client that can only access resources within the division-a and division-b divisions, but I am unsure how to enforce this scoping in the genesyscloud_oauth_client resource.
Here is my current Terraform configuration:
resource "genesyscloud_oauth_client" "bpo_client" {
name = "BPO Integration Client"
description = "Client for BPO integration tests"
grant_types = ["client_credentials"]
# How do I specify divisions here?
# divisions = ["division-a", "division-b"] # This attribute does not exist
}
When I deploy this and use the client credentials to call /api/v2/users, I get access to all divisions instead of just the specified ones. The API documentation mentions division scoping, but I cannot find a corresponding Terraform attribute. Am I missing a specific block or should I handle this via API calls after creation?