An authorized organizations description describes a list of organizations (1) that have been authorized to use certain asset (for example, device) data owned by different organizations at the enforcement points, or (2) with certain asset (for example, device) have been authorized to access the resources in another organization at the enforcement points.
To get more information about AuthorizedOrgsDesc, see:
resource "google_access_context_manager_authorized_orgs_desc" "authorized-orgs-desc" {
parent = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}"
name = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/authorizedOrgsDescs/fakeDescName"
authorization_type = "AUTHORIZATION_TYPE_TRUST"
asset_type = "ASSET_TYPE_CREDENTIAL_STRENGTH"
authorization_direction = "AUTHORIZATION_DIRECTION_TO"
orgs = ["organizations/12345", "organizations/98765"]
}
resource "google_access_context_manager_access_policy" "test-access" {
parent = "organizations/"
title = "my policy"
}
The following arguments are supported:
parent
-
(Required)
Required. Resource name for the access policy which owns this AuthorizedOrgsDesc
.
name
-
(Required)
Resource name for the AuthorizedOrgsDesc
. Format:
accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}
.
The authorized_orgs_desc
component must begin with a letter, followed by
alphanumeric characters or _
.
After you create an AuthorizedOrgsDesc
, you cannot change its name
.
orgs
-
(Optional)
The list of organization ids in this AuthorizedOrgsDesc.
Format: organizations/<org_number>
Example: organizations/123456
asset_type
-
(Optional)
The type of entities that need to use the authorization relationship during
evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and
"ASSET_TYPE_CREDENTIAL_STRENGTH".
Possible values are: ASSET_TYPE_DEVICE
, ASSET_TYPE_CREDENTIAL_STRENGTH
.
authorization_direction
-
(Optional)
The direction of the authorization relationship between this organization
and the organizations listed in the "orgs" field. The valid values for this
field include the following:
AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic
in the organizations listed in the orgs
field.
AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the orgs
field to evaluate the traffic in this organization.
For the authorization relationship to take effect, all of the organizations
must authorize and specify the appropriate relationship direction. For
example, if organization A authorized organization B and C to evaluate its
traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization
direction, organizations B and C must specify
"AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their
"AuthorizedOrgsDesc" resource.
Possible values are: AUTHORIZATION_DIRECTION_TO
, AUTHORIZATION_DIRECTION_FROM
.
authorization_type
-
(Optional)
A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST".
Possible values are: AUTHORIZATION_TYPE_TRUST
.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format {{name}}
create_time
-
Time the AuthorizedOrgsDesc was created in UTC.
update_time
-
Time the AuthorizedOrgsDesc was updated in UTC.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.AuthorizedOrgsDesc can be imported using any of these accepted formats:
{{name}}
In Terraform v1.5.0 and later, use an import
block to import AuthorizedOrgsDesc using one of the formats above. For example:
import {
id = "{{name}}"
to = google_access_context_manager_authorized_orgs_desc.default
}
When using the terraform import
command, AuthorizedOrgsDesc can be imported using one of the formats above. For example:
$ terraform import google_access_context_manager_authorized_orgs_desc.default {{name}}