googleAccessContextManagerAuthorizedOrgsDesc

An authorized organizations description describes a list of organizations (1) that have been authorized to use certain asset (for example, device) data owned by different organizations at the enforcement points, or (2) with certain asset (for example, device) have been authorized to access the resources in another organization at the enforcement points.

To get more information about AuthorizedOrgsDesc, see:

• API documentation
• How-to Guides
• gcloud docs

\~> Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billingProject and set userProjectOverride to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusageServicesUse permission on the billingProject you defined.

Example Usage - Access Context Manager Authorized Orgs Desc Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleAccessContextManagerAccessPolicyTestAccess =
  new google.accessContextManagerAccessPolicy.AccessContextManagerAccessPolicy(
    this,
    "test-access",
    {
      parent: "organizations/",
      title: "my policy",
    }
  );
new google.accessContextManagerAuthorizedOrgsDesc.AccessContextManagerAuthorizedOrgsDesc(
  this,
  "authorized-orgs-desc",
  {
    asset_type: "ASSET_TYPE_CREDENTIAL_STRENGTH",
    authorization_direction: "AUTHORIZATION_DIRECTION_TO",
    authorization_type: "AUTHORIZATION_TYPE_TRUST",
    name: `accessPolicies/\${${googleAccessContextManagerAccessPolicyTestAccess.name}}/authorizedOrgsDescs/fakeDescName`,
    orgs: ["organizations/12345", "organizations/98765"],
    parent: `accessPolicies/\${${googleAccessContextManagerAccessPolicyTestAccess.name}}`,
  }
);

Argument Reference

The following arguments are supported:

• parent - (Required) Required. Resource name for the access policy which owns this authorizedOrgsDesc.

• name - (Required) Resource name for the authorizedOrgsDesc. Format: accessPolicies/{accessPolicy}/authorizedOrgsDescs/{authorizedOrgsDesc}. The authorizedOrgsDesc component must begin with a letter, followed by alphanumeric characters or _. After you create an authorizedOrgsDesc, you cannot change its name.

• orgs - (Optional) The list of organization ids in this AuthorizedOrgsDesc. Format: organizations/<orgNumber> Example: organizations/123456

• assetType - (Optional) The type of entities that need to use the authorization relationship during evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and "ASSET_TYPE_CREDENTIAL_STRENGTH". Possible values are assetTypeDevice and assetTypeCredentialStrength.

• authorizationDirection - (Optional) The direction of the authorization relationship between this organization and the organizations listed in the "orgs" field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic in the organizations listed in the orgs field. AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the orgs field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization direction, organizations B and C must specify "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their "AuthorizedOrgsDesc" resource. Possible values are authorizationDirectionTo and authorizationDirectionFrom.

• authorizationType - (Optional) A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". Possible values are authorizationTypeTrust.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - an identifier for the resource with format {{name}}

• createTime - Time the AuthorizedOrgsDesc was created in UTC.

• updateTime - Time the AuthorizedOrgsDesc was updated in UTC.

Timeouts

This resource provides the following Timeouts configuration options:

• create - Default is 20 minutes.
• update - Default is 20 minutes.
• delete - Default is 20 minutes.

Import

AuthorizedOrgsDesc can be imported using any of these accepted formats:

$ terraform import google_access_context_manager_authorized_orgs_desc.default {{name}}