googleApigeeSyncAuthorization

Authorize the Synchronizer to download environment data from the control plane.

To get more information about SyncAuthorization, see:

Example Usage - Apigee Sync Authorization Basic Test

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleProjectProject = new google.project.Project(this, "project", {
  billing_account: "000000-0000000-0000000-000000",
  name: "my-project",
  org_id: "123456789",
  project_id: "my-project",
});
const googleProjectServiceApigee = new google.projectService.ProjectService(
  this,
  "apigee",
  {
    project: googleProjectProject.projectId,
    service: "apigee.googleapis.com",
  }
);
const googleServiceAccountServiceAccount =
  new google.serviceAccount.ServiceAccount(this, "service_account", {
    account_id: "my-account",
    display_name: "Service Account",
  });
const googleApigeeOrganizationApigeeOrg =
  new google.apigeeOrganization.ApigeeOrganization(this, "apigee_org", {
    analytics_region: "us-central1",
    depends_on: [`\${${googleProjectServiceApigee.fqn}}`],
    project_id: googleProjectProject.projectId,
    runtime_type: "HYBRID",
  });
const googleProjectIamBindingSynchronizerIam =
  new google.projectIamBinding.ProjectIamBinding(this, "synchronizer-iam", {
    members: [`serviceAccount:\${${googleServiceAccountServiceAccount.email}}`],
    project: googleProjectProject.projectId,
    role: "roles/apigee.synchronizerManager",
  });
new google.apigeeSyncAuthorization.ApigeeSyncAuthorization(
  this,
  "apigee_sync_authorization",
  {
    depends_on: [`\${${googleProjectIamBindingSynchronizerIam.fqn}}`],
    identities: [
      `serviceAccount:\${${googleServiceAccountServiceAccount.email}}`,
    ],
    name: googleApigeeOrganizationApigeeOrg.name,
  }
);

Argument Reference

The following arguments are supported:

identities - (Required) Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:serviceAccountName. The serviceAccountName is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts.
name - (Required) Name of the Apigee organization.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

id - an identifier for the resource with format organizations/{{name}}/syncAuthorization
etag - Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. Used internally during updates.

Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 20 minutes.
update - Default is 20 minutes.
delete - Default is 20 minutes.

Import

SyncAuthorization can be imported using any of these accepted formats:

$ terraform import google_apigee_sync_authorization.default organizations/{{name}}/syncAuthorization
$ terraform import google_apigee_sync_authorization.default {{name}}