@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
470 lines (469 loc) • 20.5 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* An `Organization` is the top-level container in Apigee.
*
* To get more information about Organization, see:
*
* * [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations)
* * How-to Guides
* * [Creating an API organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org)
*
* ## Example Usage
*
* ### Apigee Organization Cloud Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const current = gcp.organizations.getClientConfig({});
* const apigeeNetwork = new gcp.compute.Network("apigee_network", {name: "apigee-network"});
* const apigeeRange = new gcp.compute.GlobalAddress("apigee_range", {
* name: "apigee-range",
* purpose: "VPC_PEERING",
* addressType: "INTERNAL",
* prefixLength: 16,
* network: apigeeNetwork.id,
* });
* const apigeeVpcConnection = new gcp.servicenetworking.Connection("apigee_vpc_connection", {
* network: apigeeNetwork.id,
* service: "servicenetworking.googleapis.com",
* reservedPeeringRanges: [apigeeRange.name],
* });
* const org = new gcp.apigee.Organization("org", {
* analyticsRegion: "us-central1",
* projectId: current.then(current => current.project),
* authorizedNetwork: apigeeNetwork.id,
* }, {
* dependsOn: [apigeeVpcConnection],
* });
* ```
* ### Apigee Organization Cloud Basic Disable Vpc Peering
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const current = gcp.organizations.getClientConfig({});
* const org = new gcp.apigee.Organization("org", {
* description: "Terraform-provisioned basic Apigee Org without VPC Peering.",
* analyticsRegion: "us-central1",
* projectId: current.then(current => current.project),
* disableVpcPeering: true,
* });
* ```
* ### Apigee Organization Cloud Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const current = gcp.organizations.getClientConfig({});
* const apigeeNetwork = new gcp.compute.Network("apigee_network", {name: "apigee-network"});
* const apigeeRange = new gcp.compute.GlobalAddress("apigee_range", {
* name: "apigee-range",
* purpose: "VPC_PEERING",
* addressType: "INTERNAL",
* prefixLength: 16,
* network: apigeeNetwork.id,
* });
* const apigeeVpcConnection = new gcp.servicenetworking.Connection("apigee_vpc_connection", {
* network: apigeeNetwork.id,
* service: "servicenetworking.googleapis.com",
* reservedPeeringRanges: [apigeeRange.name],
* });
* const apigeeKeyring = new gcp.kms.KeyRing("apigee_keyring", {
* name: "apigee-keyring",
* location: "us-central1",
* });
* const apigeeKey = new gcp.kms.CryptoKey("apigee_key", {
* name: "apigee-key",
* keyRing: apigeeKeyring.id,
* });
* const apigeeSa = new gcp.projects.ServiceIdentity("apigee_sa", {
* project: project.projectId,
* service: apigee.service,
* });
* const apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember("apigee_sa_keyuser", {
* cryptoKeyId: apigeeKey.id,
* role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
* member: apigeeSa.member,
* });
* const org = new gcp.apigee.Organization("org", {
* analyticsRegion: "us-central1",
* displayName: "apigee-org",
* description: "Auto-provisioned Apigee Org.",
* projectId: current.then(current => current.project),
* authorizedNetwork: apigeeNetwork.id,
* runtimeDatabaseEncryptionKeyName: apigeeKey.id,
* }, {
* dependsOn: [
* apigeeVpcConnection,
* apigeeSaKeyuser,
* ],
* });
* ```
* ### Apigee Organization Cloud Full Disable Vpc Peering
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const current = gcp.organizations.getClientConfig({});
* const apigeeKeyring = new gcp.kms.KeyRing("apigee_keyring", {
* name: "apigee-keyring",
* location: "us-central1",
* });
* const apigeeKey = new gcp.kms.CryptoKey("apigee_key", {
* name: "apigee-key",
* keyRing: apigeeKeyring.id,
* });
* const apigeeSa = new gcp.projects.ServiceIdentity("apigee_sa", {
* project: project.projectId,
* service: apigee.service,
* });
* const apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember("apigee_sa_keyuser", {
* cryptoKeyId: apigeeKey.id,
* role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
* member: apigeeSa.member,
* });
* const org = new gcp.apigee.Organization("org", {
* analyticsRegion: "us-central1",
* displayName: "apigee-org",
* description: "Terraform-provisioned Apigee Org without VPC Peering.",
* projectId: current.then(current => current.project),
* disableVpcPeering: true,
* runtimeDatabaseEncryptionKeyName: apigeeKey.id,
* }, {
* dependsOn: [apigeeSaKeyuser],
* });
* ```
*
* ## Import
*
* Organization can be imported using any of these accepted formats:
*
* * `organizations/{{name}}`
*
* * `{{name}}`
*
* When using the `pulumi import` command, Organization can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:apigee/organization:Organization default organizations/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:apigee/organization:Organization default {{name}}
* ```
*/
export declare class Organization extends pulumi.CustomResource {
/**
* Get an existing Organization resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationState, opts?: pulumi.CustomResourceOptions): Organization;
/**
* Returns true if the given object is an instance of Organization. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Organization;
/**
* Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).
*/
readonly analyticsRegion: pulumi.Output<string | undefined>;
/**
* Cloud KMS key name used for encrypting API consumer data.
*/
readonly apiConsumerDataEncryptionKeyName: pulumi.Output<string | undefined>;
/**
* This field is needed only for customers using non-default data residency regions.
* Apigee stores some control plane data only in single region.
* This field determines which single region Apigee should use.
*/
readonly apiConsumerDataLocation: pulumi.Output<string | undefined>;
/**
* Output only. Project ID of the Apigee Tenant Project.
*/
readonly apigeeProjectId: pulumi.Output<string>;
/**
* Compute Engine network used for Service Networking to be peered with Apigee runtime instances.
* See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).
* Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default".
*/
readonly authorizedNetwork: pulumi.Output<string | undefined>;
/**
* Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).
*/
readonly billingType: pulumi.Output<string>;
/**
* Output only. Base64-encoded public certificate for the root CA of the Apigee organization.
* Valid only when `RuntimeType` is CLOUD. A base64-encoded string.
*/
readonly caCertificate: pulumi.Output<string>;
/**
* Cloud KMS key name used for encrypting control plane data that is stored in a multi region.
* Only used for the data residency region "US" or "EU".
*/
readonly controlPlaneEncryptionKeyName: pulumi.Output<string | undefined>;
/**
* Description of the Apigee organization.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Flag that specifies whether the VPC Peering through Private Google Access should be
* disabled between the consumer network and Apigee. Required if an `authorizedNetwork`
* on the consumer project is not provided, in which case the flag should be set to `true`.
* Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation
* of any Apigee runtime instance and can be updated only when there are no runtime instances.
*/
readonly disableVpcPeering: pulumi.Output<boolean | undefined>;
/**
* The display name of the Apigee organization.
*/
readonly displayName: pulumi.Output<string | undefined>;
/**
* Output only. Name of the Apigee organization.
*/
readonly name: pulumi.Output<string>;
/**
* The project ID associated with the Apigee organization.
*
*
* - - -
*/
readonly projectId: pulumi.Output<string>;
/**
* Properties defined in the Apigee organization profile.
* Structure is documented below.
*/
readonly properties: pulumi.Output<outputs.apigee.OrganizationProperties>;
/**
* Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType
* is not EVALUATION). It controls how long Organization data will be retained after the initial delete
* operation completes. During this period, the Organization may be restored to its last known state.
* After this period, the Organization will no longer be able to be restored.
* Default value is `DELETION_RETENTION_UNSPECIFIED`.
* Possible values are: `DELETION_RETENTION_UNSPECIFIED`, `MINIMUM`.
*/
readonly retention: pulumi.Output<string | undefined>;
/**
* Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.
* Update is not allowed after the organization is created.
* If not specified, a Google-Managed encryption key will be used.
* Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`.
*/
readonly runtimeDatabaseEncryptionKeyName: pulumi.Output<string | undefined>;
/**
* Runtime type of the Apigee organization based on the Apigee subscription purchased.
* Default value is `CLOUD`.
* Possible values are: `CLOUD`, `HYBRID`.
*/
readonly runtimeType: pulumi.Output<string | undefined>;
/**
* Output only. Subscription type of the Apigee organization.
* Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).
*/
readonly subscriptionType: pulumi.Output<string>;
/**
* Create a Organization resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: OrganizationArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Organization resources.
*/
export interface OrganizationState {
/**
* Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).
*/
analyticsRegion?: pulumi.Input<string>;
/**
* Cloud KMS key name used for encrypting API consumer data.
*/
apiConsumerDataEncryptionKeyName?: pulumi.Input<string>;
/**
* This field is needed only for customers using non-default data residency regions.
* Apigee stores some control plane data only in single region.
* This field determines which single region Apigee should use.
*/
apiConsumerDataLocation?: pulumi.Input<string>;
/**
* Output only. Project ID of the Apigee Tenant Project.
*/
apigeeProjectId?: pulumi.Input<string>;
/**
* Compute Engine network used for Service Networking to be peered with Apigee runtime instances.
* See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).
* Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default".
*/
authorizedNetwork?: pulumi.Input<string>;
/**
* Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).
*/
billingType?: pulumi.Input<string>;
/**
* Output only. Base64-encoded public certificate for the root CA of the Apigee organization.
* Valid only when `RuntimeType` is CLOUD. A base64-encoded string.
*/
caCertificate?: pulumi.Input<string>;
/**
* Cloud KMS key name used for encrypting control plane data that is stored in a multi region.
* Only used for the data residency region "US" or "EU".
*/
controlPlaneEncryptionKeyName?: pulumi.Input<string>;
/**
* Description of the Apigee organization.
*/
description?: pulumi.Input<string>;
/**
* Flag that specifies whether the VPC Peering through Private Google Access should be
* disabled between the consumer network and Apigee. Required if an `authorizedNetwork`
* on the consumer project is not provided, in which case the flag should be set to `true`.
* Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation
* of any Apigee runtime instance and can be updated only when there are no runtime instances.
*/
disableVpcPeering?: pulumi.Input<boolean>;
/**
* The display name of the Apigee organization.
*/
displayName?: pulumi.Input<string>;
/**
* Output only. Name of the Apigee organization.
*/
name?: pulumi.Input<string>;
/**
* The project ID associated with the Apigee organization.
*
*
* - - -
*/
projectId?: pulumi.Input<string>;
/**
* Properties defined in the Apigee organization profile.
* Structure is documented below.
*/
properties?: pulumi.Input<inputs.apigee.OrganizationProperties>;
/**
* Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType
* is not EVALUATION). It controls how long Organization data will be retained after the initial delete
* operation completes. During this period, the Organization may be restored to its last known state.
* After this period, the Organization will no longer be able to be restored.
* Default value is `DELETION_RETENTION_UNSPECIFIED`.
* Possible values are: `DELETION_RETENTION_UNSPECIFIED`, `MINIMUM`.
*/
retention?: pulumi.Input<string>;
/**
* Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.
* Update is not allowed after the organization is created.
* If not specified, a Google-Managed encryption key will be used.
* Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`.
*/
runtimeDatabaseEncryptionKeyName?: pulumi.Input<string>;
/**
* Runtime type of the Apigee organization based on the Apigee subscription purchased.
* Default value is `CLOUD`.
* Possible values are: `CLOUD`, `HYBRID`.
*/
runtimeType?: pulumi.Input<string>;
/**
* Output only. Subscription type of the Apigee organization.
* Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).
*/
subscriptionType?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Organization resource.
*/
export interface OrganizationArgs {
/**
* Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).
*/
analyticsRegion?: pulumi.Input<string>;
/**
* Cloud KMS key name used for encrypting API consumer data.
*/
apiConsumerDataEncryptionKeyName?: pulumi.Input<string>;
/**
* This field is needed only for customers using non-default data residency regions.
* Apigee stores some control plane data only in single region.
* This field determines which single region Apigee should use.
*/
apiConsumerDataLocation?: pulumi.Input<string>;
/**
* Compute Engine network used for Service Networking to be peered with Apigee runtime instances.
* See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).
* Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default".
*/
authorizedNetwork?: pulumi.Input<string>;
/**
* Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).
*/
billingType?: pulumi.Input<string>;
/**
* Cloud KMS key name used for encrypting control plane data that is stored in a multi region.
* Only used for the data residency region "US" or "EU".
*/
controlPlaneEncryptionKeyName?: pulumi.Input<string>;
/**
* Description of the Apigee organization.
*/
description?: pulumi.Input<string>;
/**
* Flag that specifies whether the VPC Peering through Private Google Access should be
* disabled between the consumer network and Apigee. Required if an `authorizedNetwork`
* on the consumer project is not provided, in which case the flag should be set to `true`.
* Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation
* of any Apigee runtime instance and can be updated only when there are no runtime instances.
*/
disableVpcPeering?: pulumi.Input<boolean>;
/**
* The display name of the Apigee organization.
*/
displayName?: pulumi.Input<string>;
/**
* The project ID associated with the Apigee organization.
*
*
* - - -
*/
projectId: pulumi.Input<string>;
/**
* Properties defined in the Apigee organization profile.
* Structure is documented below.
*/
properties?: pulumi.Input<inputs.apigee.OrganizationProperties>;
/**
* Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType
* is not EVALUATION). It controls how long Organization data will be retained after the initial delete
* operation completes. During this period, the Organization may be restored to its last known state.
* After this period, the Organization will no longer be able to be restored.
* Default value is `DELETION_RETENTION_UNSPECIFIED`.
* Possible values are: `DELETION_RETENTION_UNSPECIFIED`, `MINIMUM`.
*/
retention?: pulumi.Input<string>;
/**
* Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.
* Update is not allowed after the organization is created.
* If not specified, a Google-Managed encryption key will be used.
* Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`.
*/
runtimeDatabaseEncryptionKeyName?: pulumi.Input<string>;
/**
* Runtime type of the Apigee organization based on the Apigee subscription purchased.
* Default value is `CLOUD`.
* Possible values are: `CLOUD`, `HYBRID`.
*/
runtimeType?: pulumi.Input<string>;
}