googleApigeeSyncAuthorization
Authorize the Synchronizer to download environment data from the control plane.
To get more information about SyncAuthorization, see:
- API documentation
- How-to Guides
- Enable Synchronizer access
Example Usage - Apigee Sync Authorization Basic Test
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleProjectProject = new google.project.Project(this, "project", {
billing_account: "000000-0000000-0000000-000000",
name: "my-project",
org_id: "123456789",
project_id: "my-project",
});
const googleProjectServiceApigee = new google.projectService.ProjectService(
this,
"apigee",
{
project: googleProjectProject.projectId,
service: "apigee.googleapis.com",
}
);
const googleServiceAccountServiceAccount =
new google.serviceAccount.ServiceAccount(this, "service_account", {
account_id: "my-account",
display_name: "Service Account",
});
const googleApigeeOrganizationApigeeOrg =
new google.apigeeOrganization.ApigeeOrganization(this, "apigee_org", {
analytics_region: "us-central1",
depends_on: [`\${${googleProjectServiceApigee.fqn}}`],
project_id: googleProjectProject.projectId,
runtime_type: "HYBRID",
});
const googleProjectIamBindingSynchronizerIam =
new google.projectIamBinding.ProjectIamBinding(this, "synchronizer-iam", {
members: [`serviceAccount:\${${googleServiceAccountServiceAccount.email}}`],
project: googleProjectProject.projectId,
role: "roles/apigee.synchronizerManager",
});
new google.apigeeSyncAuthorization.ApigeeSyncAuthorization(
this,
"apigee_sync_authorization",
{
depends_on: [`\${${googleProjectIamBindingSynchronizerIam.fqn}}`],
identities: [
`serviceAccount:\${${googleServiceAccountServiceAccount.email}}`,
],
name: googleApigeeOrganizationApigeeOrg.name,
}
);
Argument Reference
The following arguments are supported:
-
identities
- (Required) Array of service accounts to grant access to control plane resources, each specified using the following format:serviceAccount:serviceAccountName
. TheserviceAccountName
is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts. -
name
- (Required) Name of the Apigee organization.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with formatorganizations/{{name}}/syncAuthorization
-
etag
- Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. Used internally during updates.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
SyncAuthorization can be imported using any of these accepted formats: