googleAccessContextManagerAuthorizedOrgsDesc
An authorized organizations description describes a list of organizations (1) that have been authorized to use certain asset (for example, device) data owned by different organizations at the enforcement points, or (2) with certain asset (for example, device) have been authorized to access the resources in another organization at the enforcement points.
To get more information about AuthorizedOrgsDesc, see:
- API documentation
- How-to Guides
- gcloud docs
\~> Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billingProject
and set userProjectOverride
to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusageServicesUse
permission on the billingProject
you defined.
Example Usage - Access Context Manager Authorized Orgs Desc Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleAccessContextManagerAccessPolicyTestAccess =
new google.accessContextManagerAccessPolicy.AccessContextManagerAccessPolicy(
this,
"test-access",
{
parent: "organizations/",
title: "my policy",
}
);
new google.accessContextManagerAuthorizedOrgsDesc.AccessContextManagerAuthorizedOrgsDesc(
this,
"authorized-orgs-desc",
{
asset_type: "ASSET_TYPE_CREDENTIAL_STRENGTH",
authorization_direction: "AUTHORIZATION_DIRECTION_TO",
authorization_type: "AUTHORIZATION_TYPE_TRUST",
name: `accessPolicies/\${${googleAccessContextManagerAccessPolicyTestAccess.name}}/authorizedOrgsDescs/fakeDescName`,
orgs: ["organizations/12345", "organizations/98765"],
parent: `accessPolicies/\${${googleAccessContextManagerAccessPolicyTestAccess.name}}`,
}
);
Argument Reference
The following arguments are supported:
-
parent
- (Required) Required. Resource name for the access policy which owns thisauthorizedOrgsDesc
. -
name
- (Required) Resource name for theauthorizedOrgsDesc
. Format:accessPolicies/{accessPolicy}/authorizedOrgsDescs/{authorizedOrgsDesc}
. TheauthorizedOrgsDesc
component must begin with a letter, followed by alphanumeric characters or_
. After you create anauthorizedOrgsDesc
, you cannot change itsname
.
-
orgs
- (Optional) The list of organization ids in this AuthorizedOrgsDesc. Format:organizations/<orgNumber>
Example:organizations/123456
-
assetType
- (Optional) The type of entities that need to use the authorization relationship during evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and "ASSET_TYPE_CREDENTIAL_STRENGTH". Possible values areassetTypeDevice
andassetTypeCredentialStrength
. -
authorizationDirection
- (Optional) The direction of the authorization relationship between this organization and the organizations listed in the "orgs" field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic in the organizations listed in theorgs
field. AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in theorgs
field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization direction, organizations B and C must specify "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their "AuthorizedOrgsDesc" resource. Possible values areauthorizationDirectionTo
andauthorizationDirectionFrom
. -
authorizationType
- (Optional) A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". Possible values areauthorizationTypeTrust
.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with format{{name}}
-
createTime
- Time the AuthorizedOrgsDesc was created in UTC. -
updateTime
- Time the AuthorizedOrgsDesc was updated in UTC.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
AuthorizedOrgsDesc can be imported using any of these accepted formats: