Authorize the Synchronizer to download environment data from the control plane.
To get more information about SyncAuthorization, see:
resource "google_project" "project" {
project_id = "my-project"
name = "my-project"
org_id = "123456789"
billing_account = "000000-0000000-0000000-000000"
}
resource "google_project_service" "apigee" {
project = google_project.project.project_id
service = "apigee.googleapis.com"
}
resource "google_apigee_organization" "apigee_org" {
analytics_region = "us-central1"
project_id = google_project.project.project_id
runtime_type = "HYBRID"
depends_on = [google_project_service.apigee]
}
resource "google_service_account" "service_account" {
account_id = "my-account"
display_name = "Service Account"
}
resource "google_project_iam_member" "synchronizer-iam" {
project = google_project.project.project_id
role = "roles/apigee.synchronizerManager"
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "google_apigee_sync_authorization" "apigee_sync_authorization" {
name = google_apigee_organization.apigee_org.name
identities = [
"serviceAccount:${google_service_account.service_account.email}",
]
depends_on = [google_project_iam_member.synchronizer-iam]
}
The following arguments are supported:
identities
-
(Required)
Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:service-account-name
.
The service-account-name
is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com
You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.
The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts.
name
-
(Required)
Name of the Apigee organization.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format organizations/{{name}}/syncAuthorization
etag
-
Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other.
Used internally during updates.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.SyncAuthorization can be imported using any of these accepted formats:
organizations/{{name}}/syncAuthorization
{{name}}
In Terraform v1.5.0 and later, use an import
block to import SyncAuthorization using one of the formats above. For example:
import {
id = "organizations/{{name}}/syncAuthorization"
to = google_apigee_sync_authorization.default
}
When using the terraform import
command, SyncAuthorization can be imported using one of the formats above. For example:
$ terraform import google_apigee_sync_authorization.default organizations/{{name}}/syncAuthorization
$ terraform import google_apigee_sync_authorization.default {{name}}