UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

262 lines (261 loc) • 11.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
import * as pulumi from "@pulumi/pulumi"; /** * An authorized organizations description describes a list of organizations * (1) that have been authorized to use certain asset (for example, device) data * owned by different organizations at the enforcement points, or (2) with certain * asset (for example, device) have been authorized to access the resources in * another organization at the enforcement points. * * To get more information about AuthorizedOrgsDesc, see: * * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.authorizedOrgsDescs) * * How-to Guides * * [gcloud docs](https://cloud.google.com/beyondcorp-enterprise/docs/cross-org-authorization) * * > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource, * you must specify a `billingProject` and set `userProjectOverride` to true * in the provider configuration. Otherwise the ACM API will return a 403 error. * Your account must have the `serviceusage.services.use` permission on the * `billingProject` you defined. * * ## Example Usage * * ### Access Context Manager Authorized Orgs Desc Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const test_access = new gcp.accesscontextmanager.AccessPolicy("test-access", { * parent: "organizations/", * title: "my policy", * }); * const authorized_orgs_desc = new gcp.accesscontextmanager.AuthorizedOrgsDesc("authorized-orgs-desc", { * parent: pulumi.interpolate`accessPolicies/${test_access.name}`, * name: pulumi.interpolate`accessPolicies/${test_access.name}/authorizedOrgsDescs/fakeDescName`, * authorizationType: "AUTHORIZATION_TYPE_TRUST", * assetType: "ASSET_TYPE_CREDENTIAL_STRENGTH", * authorizationDirection: "AUTHORIZATION_DIRECTION_TO", * orgs: [ * "organizations/12345", * "organizations/98765", * ], * }); * ``` * * ## Import * * AuthorizedOrgsDesc can be imported using any of these accepted formats: * * * `{{name}}` * * When using the `pulumi import` command, AuthorizedOrgsDesc can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:accesscontextmanager/authorizedOrgsDesc:AuthorizedOrgsDesc default {{name}} * ``` */ export declare class AuthorizedOrgsDesc extends pulumi.CustomResource { /** * Get an existing AuthorizedOrgsDesc resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AuthorizedOrgsDescState, opts?: pulumi.CustomResourceOptions): AuthorizedOrgsDesc; /** * Returns true if the given object is an instance of AuthorizedOrgsDesc. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AuthorizedOrgsDesc; /** * The type of entities that need to use the authorization relationship during * evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and * "ASSET_TYPE_CREDENTIAL_STRENGTH". * Possible values are: `ASSET_TYPE_DEVICE`, `ASSET_TYPE_CREDENTIAL_STRENGTH`. */ readonly assetType: pulumi.Output<string | undefined>; /** * The direction of the authorization relationship between this organization * and the organizations listed in the "orgs" field. The valid values for this * field include the following: * AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic * in the organizations listed in the `orgs` field. * AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` * field to evaluate the traffic in this organization. * For the authorization relationship to take effect, all of the organizations * must authorize and specify the appropriate relationship direction. For * example, if organization A authorized organization B and C to evaluate its * traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization * direction, organizations B and C must specify * "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their * "AuthorizedOrgsDesc" resource. * Possible values are: `AUTHORIZATION_DIRECTION_TO`, `AUTHORIZATION_DIRECTION_FROM`. */ readonly authorizationDirection: pulumi.Output<string | undefined>; /** * A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". * Possible values are: `AUTHORIZATION_TYPE_TRUST`. */ readonly authorizationType: pulumi.Output<string | undefined>; /** * Time the AuthorizedOrgsDesc was created in UTC. */ readonly createTime: pulumi.Output<string>; /** * Resource name for the `AuthorizedOrgsDesc`. Format: * `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. * The `authorizedOrgsDesc` component must begin with a letter, followed by * alphanumeric characters or `_`. * After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. * * * - - - */ readonly name: pulumi.Output<string>; /** * The list of organization ids in this AuthorizedOrgsDesc. * Format: `organizations/<org_number>` * Example: `organizations/123456` */ readonly orgs: pulumi.Output<string[] | undefined>; /** * Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. */ readonly parent: pulumi.Output<string>; /** * Time the AuthorizedOrgsDesc was updated in UTC. */ readonly updateTime: pulumi.Output<string>; /** * Create a AuthorizedOrgsDesc resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AuthorizedOrgsDescArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AuthorizedOrgsDesc resources. */ export interface AuthorizedOrgsDescState { /** * The type of entities that need to use the authorization relationship during * evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and * "ASSET_TYPE_CREDENTIAL_STRENGTH". * Possible values are: `ASSET_TYPE_DEVICE`, `ASSET_TYPE_CREDENTIAL_STRENGTH`. */ assetType?: pulumi.Input<string>; /** * The direction of the authorization relationship between this organization * and the organizations listed in the "orgs" field. The valid values for this * field include the following: * AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic * in the organizations listed in the `orgs` field. * AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` * field to evaluate the traffic in this organization. * For the authorization relationship to take effect, all of the organizations * must authorize and specify the appropriate relationship direction. For * example, if organization A authorized organization B and C to evaluate its * traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization * direction, organizations B and C must specify * "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their * "AuthorizedOrgsDesc" resource. * Possible values are: `AUTHORIZATION_DIRECTION_TO`, `AUTHORIZATION_DIRECTION_FROM`. */ authorizationDirection?: pulumi.Input<string>; /** * A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". * Possible values are: `AUTHORIZATION_TYPE_TRUST`. */ authorizationType?: pulumi.Input<string>; /** * Time the AuthorizedOrgsDesc was created in UTC. */ createTime?: pulumi.Input<string>; /** * Resource name for the `AuthorizedOrgsDesc`. Format: * `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. * The `authorizedOrgsDesc` component must begin with a letter, followed by * alphanumeric characters or `_`. * After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. * * * - - - */ name?: pulumi.Input<string>; /** * The list of organization ids in this AuthorizedOrgsDesc. * Format: `organizations/<org_number>` * Example: `organizations/123456` */ orgs?: pulumi.Input<pulumi.Input<string>[]>; /** * Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. */ parent?: pulumi.Input<string>; /** * Time the AuthorizedOrgsDesc was updated in UTC. */ updateTime?: pulumi.Input<string>; } /** * The set of arguments for constructing a AuthorizedOrgsDesc resource. */ export interface AuthorizedOrgsDescArgs { /** * The type of entities that need to use the authorization relationship during * evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and * "ASSET_TYPE_CREDENTIAL_STRENGTH". * Possible values are: `ASSET_TYPE_DEVICE`, `ASSET_TYPE_CREDENTIAL_STRENGTH`. */ assetType?: pulumi.Input<string>; /** * The direction of the authorization relationship between this organization * and the organizations listed in the "orgs" field. The valid values for this * field include the following: * AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic * in the organizations listed in the `orgs` field. * AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` * field to evaluate the traffic in this organization. * For the authorization relationship to take effect, all of the organizations * must authorize and specify the appropriate relationship direction. For * example, if organization A authorized organization B and C to evaluate its * traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization * direction, organizations B and C must specify * "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their * "AuthorizedOrgsDesc" resource. * Possible values are: `AUTHORIZATION_DIRECTION_TO`, `AUTHORIZATION_DIRECTION_FROM`. */ authorizationDirection?: pulumi.Input<string>; /** * A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". * Possible values are: `AUTHORIZATION_TYPE_TRUST`. */ authorizationType?: pulumi.Input<string>; /** * Resource name for the `AuthorizedOrgsDesc`. Format: * `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. * The `authorizedOrgsDesc` component must begin with a letter, followed by * alphanumeric characters or `_`. * After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. * * * - - - */ name?: pulumi.Input<string>; /** * The list of organization ids in this AuthorizedOrgsDesc. * Format: `organizations/<org_number>` * Example: `organizations/123456` */ orgs?: pulumi.Input<pulumi.Input<string>[]>; /** * Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. */ parent: pulumi.Input<string>; }