authorized_orgs_descs
Creates, updates, deletes, gets or lists an authorized_orgs_descs resource.
Overview
| Name | authorized_orgs_descs |
| Type | Resource |
| Id | google.accesscontextmanager.authorized_orgs_descs |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Resource name for the AuthorizedOrgsDesc. Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}. The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _. After you create an AuthorizedOrgsDesc, you cannot change its name. |
assetType | string | The asset type of this authorized orgs desc. Valid values are ASSET_TYPE_DEVICE, and ASSET_TYPE_CREDENTIAL_STRENGTH. |
authorizationDirection | string | The direction of the authorization relationship between this organization and the organizations listed in the orgs field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic in the organizations listed in the orgs field. AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the orgs field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying AUTHORIZATION_DIRECTION_TO as the authorization direction, organizations B and C must specify AUTHORIZATION_DIRECTION_FROM as the authorization direction in their AuthorizedOrgsDesc resource. |
authorizationType | string | A granular control type for authorization levels. Valid value is AUTHORIZATION_TYPE_TRUST. |
orgs | array | The list of organization ids in this AuthorizedOrgsDesc. Format: organizations/ Example: organizations/123456 |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Resource name for the AuthorizedOrgsDesc. Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}. The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _. After you create an AuthorizedOrgsDesc, you cannot change its name. |
assetType | string | The asset type of this authorized orgs desc. Valid values are ASSET_TYPE_DEVICE, and ASSET_TYPE_CREDENTIAL_STRENGTH. |
authorizationDirection | string | The direction of the authorization relationship between this organization and the organizations listed in the orgs field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic in the organizations listed in the orgs field. AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the orgs field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying AUTHORIZATION_DIRECTION_TO as the authorization direction, organizations B and C must specify AUTHORIZATION_DIRECTION_FROM as the authorization direction in their AuthorizedOrgsDesc resource. |
authorizationType | string | A granular control type for authorization levels. Valid value is AUTHORIZATION_TYPE_TRUST. |
orgs | array | The list of organization ids in this AuthorizedOrgsDesc. Format: organizations/ Example: organizations/123456 |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | accessPoliciesId, authorizedOrgsDescsId | Gets an authorized orgs desc based on the resource name. | |
list | select | accessPoliciesId | pageSize, pageToken | Lists all authorized orgs descs for an access policy. |
create | insert | accessPoliciesId | Creates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. The name of this AuthorizedOrgsDesc will be assigned during creation. | |
patch | update | accessPoliciesId, authorizedOrgsDescsId | updateMask | Updates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. Only the organization list in AuthorizedOrgsDesc can be updated. The name, authorization_type, asset_type and authorization_direction cannot be updated. |
delete | delete | accessPoliciesId, authorizedOrgsDescsId | Deletes an authorized orgs desc based on the resource name. The long-running operation from this RPC has a successful status after the authorized orgs desc is removed from long-lasting storage. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
accessPoliciesId | string | |
authorizedOrgsDescsId | string | |
pageSize | integer (int32) | |
pageToken | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get
- list
Gets an authorized orgs desc based on the resource name.
SELECT
name,
assetType,
authorizationDirection,
authorizationType,
orgs
FROM google.accesscontextmanager.authorized_orgs_descs
WHERE accessPoliciesId = '{{ accessPoliciesId }}' -- required
AND authorizedOrgsDescsId = '{{ authorizedOrgsDescsId }}' -- required;
Lists all authorized orgs descs for an access policy.
SELECT
name,
assetType,
authorizationDirection,
authorizationType,
orgs
FROM google.accesscontextmanager.authorized_orgs_descs
WHERE accessPoliciesId = '{{ accessPoliciesId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';
INSERT examples
- create
- Manifest
Creates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. The name of this AuthorizedOrgsDesc will be assigned during creation.
INSERT INTO google.accesscontextmanager.authorized_orgs_descs (
data__name,
data__authorizationType,
data__assetType,
data__authorizationDirection,
data__orgs,
accessPoliciesId
)
SELECT
'{{ name }}',
'{{ authorizationType }}',
'{{ assetType }}',
'{{ authorizationDirection }}',
'{{ orgs }}',
'{{ accessPoliciesId }}'
RETURNING
name,
done,
error,
metadata,
response
;
# Description fields are for documentation purposes
- name: authorized_orgs_descs
props:
- name: accessPoliciesId
value: string
description: Required parameter for the authorized_orgs_descs resource.
- name: name
value: string
description: >
Identifier. Resource name for the `AuthorizedOrgsDesc`. Format: `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. The `authorized_orgs_desc` component must begin with a letter, followed by alphanumeric characters or `_`. After you create an `AuthorizedOrgsDesc`, you cannot change its `name`.
- name: authorizationType
value: string
description: >
A granular control type for authorization levels. Valid value is `AUTHORIZATION_TYPE_TRUST`.
valid_values: ['AUTHORIZATION_TYPE_UNSPECIFIED', 'AUTHORIZATION_TYPE_TRUST']
- name: assetType
value: string
description: >
The asset type of this authorized orgs desc. Valid values are `ASSET_TYPE_DEVICE`, and `ASSET_TYPE_CREDENTIAL_STRENGTH`.
valid_values: ['ASSET_TYPE_UNSPECIFIED', 'ASSET_TYPE_DEVICE', 'ASSET_TYPE_CREDENTIAL_STRENGTH']
- name: authorizationDirection
value: string
description: >
The direction of the authorization relationship between this organization and the organizations listed in the `orgs` field. The valid values for this field include the following: `AUTHORIZATION_DIRECTION_FROM`: Allows this organization to evaluate traffic in the organizations listed in the `orgs` field. `AUTHORIZATION_DIRECTION_TO`: Allows the organizations listed in the `orgs` field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying `AUTHORIZATION_DIRECTION_TO` as the authorization direction, organizations B and C must specify `AUTHORIZATION_DIRECTION_FROM` as the authorization direction in their `AuthorizedOrgsDesc` resource.
valid_values: ['AUTHORIZATION_DIRECTION_UNSPECIFIED', 'AUTHORIZATION_DIRECTION_TO', 'AUTHORIZATION_DIRECTION_FROM']
- name: orgs
value: array
description: >
The list of organization ids in this AuthorizedOrgsDesc. Format: `organizations/` Example: `organizations/123456`
UPDATE examples
- patch
Updates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. Only the organization list in AuthorizedOrgsDesc can be updated. The name, authorization_type, asset_type and authorization_direction cannot be updated.
UPDATE google.accesscontextmanager.authorized_orgs_descs
SET
data__name = '{{ name }}',
data__authorizationType = '{{ authorizationType }}',
data__assetType = '{{ assetType }}',
data__authorizationDirection = '{{ authorizationDirection }}',
data__orgs = '{{ orgs }}'
WHERE
accessPoliciesId = '{{ accessPoliciesId }}' --required
AND authorizedOrgsDescsId = '{{ authorizedOrgsDescsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
done,
error,
metadata,
response;
DELETE examples
- delete
Deletes an authorized orgs desc based on the resource name. The long-running operation from this RPC has a successful status after the authorized orgs desc is removed from long-lasting storage.
DELETE FROM google.accesscontextmanager.authorized_orgs_descs
WHERE accessPoliciesId = '{{ accessPoliciesId }}' --required
AND authorizedOrgsDescsId = '{{ authorizedOrgsDescsId }}' --required;