import * as pulumi from "@pulumi/pulumi"; /** * An authorized organizations description describes a list of organizations * (1) that have been authorized to use certain asset (for example, device) data * owned by different organizations at the enforcement points, or (2) with certain * asset (for example, device) have been authorized to access the resources in * another organization at the enforcement points. * * To get more information about AuthorizedOrgsDesc, see: * * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.authorizedOrgsDescs) * * How-to Guides * * [gcloud docs](https://cloud.google.com/beyondcorp-enterprise/docs/cross-org-authorization) * * > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource, * you must specify a `billingProject` and set `userProjectOverride` to true * in the provider configuration. Otherwise the ACM API will return a 403 error. * Your account must have the `serviceusage.services.use` permission on the * `billingProject` you defined. * * ## Example Usage * * ### Access Context Manager Authorized Orgs Desc Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const test_access = new gcp.accesscontextmanager.AccessPolicy("test-access", { * parent: "organizations/123456789", * title: "my policy", * }); * const authorized_orgs_desc = new gcp.accesscontextmanager.AuthorizedOrgsDesc("authorized-orgs-desc", { * parent: pulumi.interpolate`accessPolicies/${test_access.name}`, * name: pulumi.interpolate`accessPolicies/${test_access.name}/authorizedOrgsDescs/fakeDescName`, * authorizationType: "AUTHORIZATION_TYPE_TRUST", * assetType: "ASSET_TYPE_CREDENTIAL_STRENGTH", * authorizationDirection: "AUTHORIZATION_DIRECTION_TO", * orgs: [ * "organizations/12345", * "organizations/98765", * ], * }); * ``` * * ## Import * * AuthorizedOrgsDesc can be imported using any of these accepted formats: * * * `{{name}}` * * When using the `pulumi import` command, AuthorizedOrgsDesc can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:accesscontextmanager/authorizedOrgsDesc:AuthorizedOrgsDesc default {{name}} * ``` */ export declare class AuthorizedOrgsDesc extends pulumi.CustomResource { /** * Get an existing AuthorizedOrgsDesc resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AuthorizedOrgsDescState, opts?: pulumi.CustomResourceOptions): AuthorizedOrgsDesc; /** * Returns true if the given object is an instance of AuthorizedOrgsDesc. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AuthorizedOrgsDesc; /** * The type of entities that need to use the authorization relationship during * evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and * "ASSET_TYPE_CREDENTIAL_STRENGTH". * Possible values are: `ASSET_TYPE_DEVICE`, `ASSET_TYPE_CREDENTIAL_STRENGTH`. */ readonly assetType: pulumi.Output; /** * The direction of the authorization relationship between this organization * and the organizations listed in the "orgs" field. The valid values for this * field include the following: * AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic * in the organizations listed in the `orgs` field. * AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` * field to evaluate the traffic in this organization. * For the authorization relationship to take effect, all of the organizations * must authorize and specify the appropriate relationship direction. For * example, if organization A authorized organization B and C to evaluate its * traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization * direction, organizations B and C must specify * "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their * "AuthorizedOrgsDesc" resource. * Possible values are: `AUTHORIZATION_DIRECTION_TO`, `AUTHORIZATION_DIRECTION_FROM`. */ readonly authorizationDirection: pulumi.Output; /** * A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". * Possible values are: `AUTHORIZATION_TYPE_TRUST`. */ readonly authorizationType: pulumi.Output; /** * Time the AuthorizedOrgsDesc was created in UTC. */ readonly createTime: pulumi.Output; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ readonly deletionPolicy: pulumi.Output; /** * Resource name for the `AuthorizedOrgsDesc`. Format: * `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. * The `authorizedOrgsDesc` component must begin with a letter, followed by * alphanumeric characters or `_`. * After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. */ readonly name: pulumi.Output; /** * The list of organization ids in this AuthorizedOrgsDesc. * Format: `organizations/` * Example: `organizations/123456` */ readonly orgs: pulumi.Output; /** * Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. */ readonly parent: pulumi.Output; /** * Time the AuthorizedOrgsDesc was updated in UTC. */ readonly updateTime: pulumi.Output; /** * Create a AuthorizedOrgsDesc resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AuthorizedOrgsDescArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AuthorizedOrgsDesc resources. */ export interface AuthorizedOrgsDescState { /** * The type of entities that need to use the authorization relationship during * evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and * "ASSET_TYPE_CREDENTIAL_STRENGTH". * Possible values are: `ASSET_TYPE_DEVICE`, `ASSET_TYPE_CREDENTIAL_STRENGTH`. */ assetType?: pulumi.Input; /** * The direction of the authorization relationship between this organization * and the organizations listed in the "orgs" field. The valid values for this * field include the following: * AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic * in the organizations listed in the `orgs` field. * AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` * field to evaluate the traffic in this organization. * For the authorization relationship to take effect, all of the organizations * must authorize and specify the appropriate relationship direction. For * example, if organization A authorized organization B and C to evaluate its * traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization * direction, organizations B and C must specify * "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their * "AuthorizedOrgsDesc" resource. * Possible values are: `AUTHORIZATION_DIRECTION_TO`, `AUTHORIZATION_DIRECTION_FROM`. */ authorizationDirection?: pulumi.Input; /** * A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". * Possible values are: `AUTHORIZATION_TYPE_TRUST`. */ authorizationType?: pulumi.Input; /** * Time the AuthorizedOrgsDesc was created in UTC. */ createTime?: pulumi.Input; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * Resource name for the `AuthorizedOrgsDesc`. Format: * `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. * The `authorizedOrgsDesc` component must begin with a letter, followed by * alphanumeric characters or `_`. * After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. */ name?: pulumi.Input; /** * The list of organization ids in this AuthorizedOrgsDesc. * Format: `organizations/` * Example: `organizations/123456` */ orgs?: pulumi.Input[] | undefined>; /** * Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. */ parent?: pulumi.Input; /** * Time the AuthorizedOrgsDesc was updated in UTC. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a AuthorizedOrgsDesc resource. */ export interface AuthorizedOrgsDescArgs { /** * The type of entities that need to use the authorization relationship during * evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and * "ASSET_TYPE_CREDENTIAL_STRENGTH". * Possible values are: `ASSET_TYPE_DEVICE`, `ASSET_TYPE_CREDENTIAL_STRENGTH`. */ assetType?: pulumi.Input; /** * The direction of the authorization relationship between this organization * and the organizations listed in the "orgs" field. The valid values for this * field include the following: * AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic * in the organizations listed in the `orgs` field. * AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` * field to evaluate the traffic in this organization. * For the authorization relationship to take effect, all of the organizations * must authorize and specify the appropriate relationship direction. For * example, if organization A authorized organization B and C to evaluate its * traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization * direction, organizations B and C must specify * "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their * "AuthorizedOrgsDesc" resource. * Possible values are: `AUTHORIZATION_DIRECTION_TO`, `AUTHORIZATION_DIRECTION_FROM`. */ authorizationDirection?: pulumi.Input; /** * A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". * Possible values are: `AUTHORIZATION_TYPE_TRUST`. */ authorizationType?: pulumi.Input; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * Resource name for the `AuthorizedOrgsDesc`. Format: * `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. * The `authorizedOrgsDesc` component must begin with a letter, followed by * alphanumeric characters or `_`. * After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. */ name?: pulumi.Input; /** * The list of organization ids in this AuthorizedOrgsDesc. * Format: `organizations/` * Example: `organizations/123456` */ orgs?: pulumi.Input[] | undefined>; /** * Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. */ parent: pulumi.Input; } //# sourceMappingURL=authorizedOrgsDesc.d.ts.map