import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * An `Organization` is the top-level container in Apigee. * * To get more information about Organization, see: * * * [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations) * * How-to Guides * * [Creating an API organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org) * * ## Example Usage * * ### Apigee Organization Cloud Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const current = gcp.organizations.getClientConfig({}); * const apigeeNetwork = new gcp.compute.Network("apigee_network", {name: "apigee-network"}); * const apigeeRange = new gcp.compute.GlobalAddress("apigee_range", { * name: "apigee-range", * purpose: "VPC_PEERING", * addressType: "INTERNAL", * prefixLength: 16, * network: apigeeNetwork.id, * }); * const apigeeVpcConnection = new gcp.servicenetworking.Connection("apigee_vpc_connection", { * network: apigeeNetwork.id, * service: "servicenetworking.googleapis.com", * reservedPeeringRanges: [apigeeRange.name], * }); * const org = new gcp.apigee.Organization("org", { * analyticsRegion: "us-central1", * projectId: current.then(current => current.project), * authorizedNetwork: apigeeNetwork.id, * }, { * dependsOn: [apigeeVpcConnection], * }); * ``` * ### Apigee Organization Cloud Basic Disable Vpc Peering * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const current = gcp.organizations.getClientConfig({}); * const org = new gcp.apigee.Organization("org", { * description: "Terraform-provisioned basic Apigee Org without VPC Peering.", * analyticsRegion: "us-central1", * projectId: current.then(current => current.project), * disableVpcPeering: true, * }); * ``` * ### Apigee Organization Cloud Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const current = gcp.organizations.getClientConfig({}); * const apigeeNetwork = new gcp.compute.Network("apigee_network", {name: "apigee-network"}); * const apigeeRange = new gcp.compute.GlobalAddress("apigee_range", { * name: "apigee-range", * purpose: "VPC_PEERING", * addressType: "INTERNAL", * prefixLength: 16, * network: apigeeNetwork.id, * }); * const apigeeVpcConnection = new gcp.servicenetworking.Connection("apigee_vpc_connection", { * network: apigeeNetwork.id, * service: "servicenetworking.googleapis.com", * reservedPeeringRanges: [apigeeRange.name], * }); * const apigeeKeyring = new gcp.kms.KeyRing("apigee_keyring", { * name: "apigee-keyring", * location: "us-central1", * }); * const apigeeKey = new gcp.kms.CryptoKey("apigee_key", { * name: "apigee-key", * keyRing: apigeeKeyring.id, * }); * const apigeeSa = new gcp.projects.ServiceIdentity("apigee_sa", { * project: project.projectId, * service: apigee.service, * }); * const apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember("apigee_sa_keyuser", { * cryptoKeyId: apigeeKey.id, * role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", * member: apigeeSa.member, * }); * const org = new gcp.apigee.Organization("org", { * analyticsRegion: "us-central1", * displayName: "apigee-org", * description: "Auto-provisioned Apigee Org.", * projectId: current.then(current => current.project), * authorizedNetwork: apigeeNetwork.id, * runtimeDatabaseEncryptionKeyName: apigeeKey.id, * }, { * dependsOn: [ * apigeeVpcConnection, * apigeeSaKeyuser, * ], * }); * ``` * ### Apigee Organization Cloud Full Disable Vpc Peering * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const current = gcp.organizations.getClientConfig({}); * const apigeeKeyring = new gcp.kms.KeyRing("apigee_keyring", { * name: "apigee-keyring", * location: "us-central1", * }); * const apigeeKey = new gcp.kms.CryptoKey("apigee_key", { * name: "apigee-key", * keyRing: apigeeKeyring.id, * }); * const apigeeSa = new gcp.projects.ServiceIdentity("apigee_sa", { * project: project.projectId, * service: apigee.service, * }); * const apigeeSaKeyuser = new gcp.kms.CryptoKeyIAMMember("apigee_sa_keyuser", { * cryptoKeyId: apigeeKey.id, * role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", * member: apigeeSa.member, * }); * const org = new gcp.apigee.Organization("org", { * analyticsRegion: "us-central1", * displayName: "apigee-org", * description: "Terraform-provisioned Apigee Org without VPC Peering.", * projectId: current.then(current => current.project), * disableVpcPeering: true, * runtimeDatabaseEncryptionKeyName: apigeeKey.id, * }, { * dependsOn: [apigeeSaKeyuser], * }); * ``` * * ## Import * * Organization can be imported using any of these accepted formats: * * * `organizations/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, Organization can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:apigee/organization:Organization default organizations/{{name}} * ``` * * ```sh * $ pulumi import gcp:apigee/organization:Organization default {{name}} * ``` */ export declare class Organization extends pulumi.CustomResource { /** * Get an existing Organization resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: OrganizationState, opts?: pulumi.CustomResourceOptions): Organization; /** * Returns true if the given object is an instance of Organization. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Organization; /** * Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). */ readonly analyticsRegion: pulumi.Output; /** * Cloud KMS key name used for encrypting API consumer data. */ readonly apiConsumerDataEncryptionKeyName: pulumi.Output; /** * This field is needed only for customers using non-default data residency regions. * Apigee stores some control plane data only in single region. * This field determines which single region Apigee should use. */ readonly apiConsumerDataLocation: pulumi.Output; /** * Output only. Project ID of the Apigee Tenant Project. */ readonly apigeeProjectId: pulumi.Output; /** * Compute Engine network used for Service Networking to be peered with Apigee runtime instances. * See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). * Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default". */ readonly authorizedNetwork: pulumi.Output; /** * Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing). */ readonly billingType: pulumi.Output; /** * Output only. Base64-encoded public certificate for the root CA of the Apigee organization. * Valid only when `RuntimeType` is CLOUD. A base64-encoded string. */ readonly caCertificate: pulumi.Output; /** * Cloud KMS key name used for encrypting control plane data that is stored in a multi region. * Only used for the data residency region "US" or "EU". */ readonly controlPlaneEncryptionKeyName: pulumi.Output; /** * Description of the Apigee organization. */ readonly description: pulumi.Output; /** * Flag that specifies whether the VPC Peering through Private Google Access should be * disabled between the consumer network and Apigee. Required if an `authorizedNetwork` * on the consumer project is not provided, in which case the flag should be set to `true`. * Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation * of any Apigee runtime instance and can be updated only when there are no runtime instances. */ readonly disableVpcPeering: pulumi.Output; /** * The display name of the Apigee organization. */ readonly displayName: pulumi.Output; /** * Output only. Name of the Apigee organization. */ readonly name: pulumi.Output; /** * The project ID associated with the Apigee organization. * * * - - - */ readonly projectId: pulumi.Output; /** * Properties defined in the Apigee organization profile. * Structure is documented below. */ readonly properties: pulumi.Output; /** * Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType * is not EVALUATION). It controls how long Organization data will be retained after the initial delete * operation completes. During this period, the Organization may be restored to its last known state. * After this period, the Organization will no longer be able to be restored. * Default value is `DELETION_RETENTION_UNSPECIFIED`. * Possible values are: `DELETION_RETENTION_UNSPECIFIED`, `MINIMUM`. */ readonly retention: pulumi.Output; /** * Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. * Update is not allowed after the organization is created. * If not specified, a Google-Managed encryption key will be used. * Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`. */ readonly runtimeDatabaseEncryptionKeyName: pulumi.Output; /** * Runtime type of the Apigee organization based on the Apigee subscription purchased. * Default value is `CLOUD`. * Possible values are: `CLOUD`, `HYBRID`. */ readonly runtimeType: pulumi.Output; /** * Output only. Subscription type of the Apigee organization. * Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). */ readonly subscriptionType: pulumi.Output; /** * Create a Organization resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: OrganizationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Organization resources. */ export interface OrganizationState { /** * Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). */ analyticsRegion?: pulumi.Input; /** * Cloud KMS key name used for encrypting API consumer data. */ apiConsumerDataEncryptionKeyName?: pulumi.Input; /** * This field is needed only for customers using non-default data residency regions. * Apigee stores some control plane data only in single region. * This field determines which single region Apigee should use. */ apiConsumerDataLocation?: pulumi.Input; /** * Output only. Project ID of the Apigee Tenant Project. */ apigeeProjectId?: pulumi.Input; /** * Compute Engine network used for Service Networking to be peered with Apigee runtime instances. * See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). * Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default". */ authorizedNetwork?: pulumi.Input; /** * Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing). */ billingType?: pulumi.Input; /** * Output only. Base64-encoded public certificate for the root CA of the Apigee organization. * Valid only when `RuntimeType` is CLOUD. A base64-encoded string. */ caCertificate?: pulumi.Input; /** * Cloud KMS key name used for encrypting control plane data that is stored in a multi region. * Only used for the data residency region "US" or "EU". */ controlPlaneEncryptionKeyName?: pulumi.Input; /** * Description of the Apigee organization. */ description?: pulumi.Input; /** * Flag that specifies whether the VPC Peering through Private Google Access should be * disabled between the consumer network and Apigee. Required if an `authorizedNetwork` * on the consumer project is not provided, in which case the flag should be set to `true`. * Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation * of any Apigee runtime instance and can be updated only when there are no runtime instances. */ disableVpcPeering?: pulumi.Input; /** * The display name of the Apigee organization. */ displayName?: pulumi.Input; /** * Output only. Name of the Apigee organization. */ name?: pulumi.Input; /** * The project ID associated with the Apigee organization. * * * - - - */ projectId?: pulumi.Input; /** * Properties defined in the Apigee organization profile. * Structure is documented below. */ properties?: pulumi.Input; /** * Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType * is not EVALUATION). It controls how long Organization data will be retained after the initial delete * operation completes. During this period, the Organization may be restored to its last known state. * After this period, the Organization will no longer be able to be restored. * Default value is `DELETION_RETENTION_UNSPECIFIED`. * Possible values are: `DELETION_RETENTION_UNSPECIFIED`, `MINIMUM`. */ retention?: pulumi.Input; /** * Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. * Update is not allowed after the organization is created. * If not specified, a Google-Managed encryption key will be used. * Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`. */ runtimeDatabaseEncryptionKeyName?: pulumi.Input; /** * Runtime type of the Apigee organization based on the Apigee subscription purchased. * Default value is `CLOUD`. * Possible values are: `CLOUD`, `HYBRID`. */ runtimeType?: pulumi.Input; /** * Output only. Subscription type of the Apigee organization. * Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). */ subscriptionType?: pulumi.Input; } /** * The set of arguments for constructing a Organization resource. */ export interface OrganizationArgs { /** * Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). */ analyticsRegion?: pulumi.Input; /** * Cloud KMS key name used for encrypting API consumer data. */ apiConsumerDataEncryptionKeyName?: pulumi.Input; /** * This field is needed only for customers using non-default data residency regions. * Apigee stores some control plane data only in single region. * This field determines which single region Apigee should use. */ apiConsumerDataLocation?: pulumi.Input; /** * Compute Engine network used for Service Networking to be peered with Apigee runtime instances. * See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). * Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default". */ authorizedNetwork?: pulumi.Input; /** * Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing). */ billingType?: pulumi.Input; /** * Cloud KMS key name used for encrypting control plane data that is stored in a multi region. * Only used for the data residency region "US" or "EU". */ controlPlaneEncryptionKeyName?: pulumi.Input; /** * Description of the Apigee organization. */ description?: pulumi.Input; /** * Flag that specifies whether the VPC Peering through Private Google Access should be * disabled between the consumer network and Apigee. Required if an `authorizedNetwork` * on the consumer project is not provided, in which case the flag should be set to `true`. * Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation * of any Apigee runtime instance and can be updated only when there are no runtime instances. */ disableVpcPeering?: pulumi.Input; /** * The display name of the Apigee organization. */ displayName?: pulumi.Input; /** * The project ID associated with the Apigee organization. * * * - - - */ projectId: pulumi.Input; /** * Properties defined in the Apigee organization profile. * Structure is documented below. */ properties?: pulumi.Input; /** * Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType * is not EVALUATION). It controls how long Organization data will be retained after the initial delete * operation completes. During this period, the Organization may be restored to its last known state. * After this period, the Organization will no longer be able to be restored. * Default value is `DELETION_RETENTION_UNSPECIFIED`. * Possible values are: `DELETION_RETENTION_UNSPECIFIED`, `MINIMUM`. */ retention?: pulumi.Input; /** * Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. * Update is not allowed after the organization is created. * If not specified, a Google-Managed encryption key will be used. * Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`. */ runtimeDatabaseEncryptionKeyName?: pulumi.Input; /** * Runtime type of the Apigee organization based on the Apigee subscription purchased. * Default value is `CLOUD`. * Possible values are: `CLOUD`, `HYBRID`. */ runtimeType?: pulumi.Input; }