Documentation ¶
Index ¶
- type GetRuleArgs
- type GetRuleOutputArgs
- type GetRuleResult
- type GetRuleResultOutput
- func (GetRuleResultOutput) ElementType() reflect.Type
- func (o GetRuleResultOutput) Id() pulumi.StringOutput
- func (o GetRuleResultOutput) IncludedPermissions() pulumi.StringArrayOutput
- func (o GetRuleResultOutput) Name() pulumi.StringOutput
- func (o GetRuleResultOutput) Stage() pulumi.StringOutput
- func (o GetRuleResultOutput) Title() pulumi.StringOutput
- func (o GetRuleResultOutput) ToGetRuleResultOutput() GetRuleResultOutput
- func (o GetRuleResultOutput) ToGetRuleResultOutputWithContext(ctx context.Context) GetRuleResultOutput
- type GetTestablePermissionsArgs
- type GetTestablePermissionsOutputArgs
- type GetTestablePermissionsPermission
- type GetTestablePermissionsPermissionArgs
- func (GetTestablePermissionsPermissionArgs) ElementType() reflect.Type
- func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput
- func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput
- type GetTestablePermissionsPermissionArray
- func (GetTestablePermissionsPermissionArray) ElementType() reflect.Type
- func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput
- func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput
- type GetTestablePermissionsPermissionArrayInput
- type GetTestablePermissionsPermissionArrayOutput
- func (GetTestablePermissionsPermissionArrayOutput) ElementType() reflect.Type
- func (o GetTestablePermissionsPermissionArrayOutput) Index(i pulumi.IntInput) GetTestablePermissionsPermissionOutput
- func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput
- func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput
- type GetTestablePermissionsPermissionInput
- type GetTestablePermissionsPermissionOutput
- func (o GetTestablePermissionsPermissionOutput) ApiDisabled() pulumi.BoolOutput
- func (o GetTestablePermissionsPermissionOutput) CustomSupportLevel() pulumi.StringOutput
- func (GetTestablePermissionsPermissionOutput) ElementType() reflect.Type
- func (o GetTestablePermissionsPermissionOutput) Name() pulumi.StringOutput
- func (o GetTestablePermissionsPermissionOutput) Stage() pulumi.StringOutput
- func (o GetTestablePermissionsPermissionOutput) Title() pulumi.StringOutput
- func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput
- func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput
- type GetTestablePermissionsResult
- type GetTestablePermissionsResultOutput
- func (o GetTestablePermissionsResultOutput) CustomSupportLevel() pulumi.StringPtrOutput
- func (GetTestablePermissionsResultOutput) ElementType() reflect.Type
- func (o GetTestablePermissionsResultOutput) FullResourceName() pulumi.StringOutput
- func (o GetTestablePermissionsResultOutput) Id() pulumi.StringOutput
- func (o GetTestablePermissionsResultOutput) Permissions() GetTestablePermissionsPermissionArrayOutput
- func (o GetTestablePermissionsResultOutput) Stages() pulumi.StringArrayOutput
- func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput() GetTestablePermissionsResultOutput
- func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext(ctx context.Context) GetTestablePermissionsResultOutput
- type GetWorkloadIdentityPoolProviderAw
- type GetWorkloadIdentityPoolProviderAwArgs
- func (GetWorkloadIdentityPoolProviderAwArgs) ElementType() reflect.Type
- func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput
- func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput
- type GetWorkloadIdentityPoolProviderAwArray
- func (GetWorkloadIdentityPoolProviderAwArray) ElementType() reflect.Type
- func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput
- func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput
- type GetWorkloadIdentityPoolProviderAwArrayInput
- type GetWorkloadIdentityPoolProviderAwArrayOutput
- func (GetWorkloadIdentityPoolProviderAwArrayOutput) ElementType() reflect.Type
- func (o GetWorkloadIdentityPoolProviderAwArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderAwOutput
- func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput
- func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput
- type GetWorkloadIdentityPoolProviderAwInput
- type GetWorkloadIdentityPoolProviderAwOutput
- func (o GetWorkloadIdentityPoolProviderAwOutput) AccountId() pulumi.StringOutput
- func (GetWorkloadIdentityPoolProviderAwOutput) ElementType() reflect.Type
- func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput
- func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput
- type GetWorkloadIdentityPoolProviderOidc
- type GetWorkloadIdentityPoolProviderOidcArgs
- func (GetWorkloadIdentityPoolProviderOidcArgs) ElementType() reflect.Type
- func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput
- func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput
- type GetWorkloadIdentityPoolProviderOidcArray
- func (GetWorkloadIdentityPoolProviderOidcArray) ElementType() reflect.Type
- func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput
- func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput
- type GetWorkloadIdentityPoolProviderOidcArrayInput
- type GetWorkloadIdentityPoolProviderOidcArrayOutput
- func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ElementType() reflect.Type
- func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderOidcOutput
- func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput
- func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput
- type GetWorkloadIdentityPoolProviderOidcInput
- type GetWorkloadIdentityPoolProviderOidcOutput
- func (o GetWorkloadIdentityPoolProviderOidcOutput) AllowedAudiences() pulumi.StringArrayOutput
- func (GetWorkloadIdentityPoolProviderOidcOutput) ElementType() reflect.Type
- func (o GetWorkloadIdentityPoolProviderOidcOutput) IssuerUri() pulumi.StringOutput
- func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput
- func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput
- type LookupWorkloadIdentityPoolArgs
- type LookupWorkloadIdentityPoolOutputArgs
- type LookupWorkloadIdentityPoolProviderArgs
- type LookupWorkloadIdentityPoolProviderOutputArgs
- type LookupWorkloadIdentityPoolProviderResult
- type LookupWorkloadIdentityPoolProviderResultOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) AttributeCondition() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) AttributeMapping() pulumi.StringMapOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) Aws() GetWorkloadIdentityPoolProviderAwArrayOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) Description() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) Disabled() pulumi.BoolOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) DisplayName() pulumi.StringOutput
- func (LookupWorkloadIdentityPoolProviderResultOutput) ElementType() reflect.Type
- func (o LookupWorkloadIdentityPoolProviderResultOutput) Id() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) Name() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) Oidcs() GetWorkloadIdentityPoolProviderOidcArrayOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) Project() pulumi.StringPtrOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) State() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput() LookupWorkloadIdentityPoolProviderResultOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolProviderResultOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput
- type LookupWorkloadIdentityPoolResult
- type LookupWorkloadIdentityPoolResultOutput
- func (o LookupWorkloadIdentityPoolResultOutput) Description() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolResultOutput) Disabled() pulumi.BoolOutput
- func (o LookupWorkloadIdentityPoolResultOutput) DisplayName() pulumi.StringOutput
- func (LookupWorkloadIdentityPoolResultOutput) ElementType() reflect.Type
- func (o LookupWorkloadIdentityPoolResultOutput) Id() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolResultOutput) Name() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolResultOutput) Project() pulumi.StringPtrOutput
- func (o LookupWorkloadIdentityPoolResultOutput) State() pulumi.StringOutput
- func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput() LookupWorkloadIdentityPoolResultOutput
- func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolResultOutput
- func (o LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput
- type WorkloadIdentityPool
- func (*WorkloadIdentityPool) ElementType() reflect.Type
- func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
- func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
- func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolPtrOutput() WorkloadIdentityPoolPtrOutput
- func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolPtrOutput
- type WorkloadIdentityPoolArgs
- type WorkloadIdentityPoolArray
- type WorkloadIdentityPoolArrayInput
- type WorkloadIdentityPoolArrayOutput
- func (WorkloadIdentityPoolArrayOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolArrayOutput) Index(i pulumi.IntInput) WorkloadIdentityPoolOutput
- func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput
- func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput
- type WorkloadIdentityPoolInput
- type WorkloadIdentityPoolMap
- type WorkloadIdentityPoolMapInput
- type WorkloadIdentityPoolMapOutput
- func (WorkloadIdentityPoolMapOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolMapOutput) MapIndex(k pulumi.StringInput) WorkloadIdentityPoolOutput
- func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput
- func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput
- type WorkloadIdentityPoolOutput
- func (WorkloadIdentityPoolOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
- func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
- func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolPtrOutput() WorkloadIdentityPoolPtrOutput
- func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolPtrOutput
- type WorkloadIdentityPoolProvider
- func (*WorkloadIdentityPoolProvider) ElementType() reflect.Type
- func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput
- func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput
- func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderPtrOutput() WorkloadIdentityPoolProviderPtrOutput
- func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderPtrOutput
- type WorkloadIdentityPoolProviderArgs
- type WorkloadIdentityPoolProviderArray
- func (WorkloadIdentityPoolProviderArray) ElementType() reflect.Type
- func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput
- func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput
- type WorkloadIdentityPoolProviderArrayInput
- type WorkloadIdentityPoolProviderArrayOutput
- func (WorkloadIdentityPoolProviderArrayOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderArrayOutput) Index(i pulumi.IntInput) WorkloadIdentityPoolProviderOutput
- func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput
- func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput
- type WorkloadIdentityPoolProviderAws
- type WorkloadIdentityPoolProviderAwsArgs
- func (WorkloadIdentityPoolProviderAwsArgs) ElementType() reflect.Type
- func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput
- func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput
- func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
- func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
- type WorkloadIdentityPoolProviderAwsInput
- type WorkloadIdentityPoolProviderAwsOutput
- func (o WorkloadIdentityPoolProviderAwsOutput) AccountId() pulumi.StringOutput
- func (WorkloadIdentityPoolProviderAwsOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput
- func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput
- func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
- func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
- type WorkloadIdentityPoolProviderAwsPtrInput
- type WorkloadIdentityPoolProviderAwsPtrOutput
- func (o WorkloadIdentityPoolProviderAwsPtrOutput) AccountId() pulumi.StringPtrOutput
- func (o WorkloadIdentityPoolProviderAwsPtrOutput) Elem() WorkloadIdentityPoolProviderAwsOutput
- func (WorkloadIdentityPoolProviderAwsPtrOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
- func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
- type WorkloadIdentityPoolProviderInput
- type WorkloadIdentityPoolProviderMap
- func (WorkloadIdentityPoolProviderMap) ElementType() reflect.Type
- func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput
- func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput
- type WorkloadIdentityPoolProviderMapInput
- type WorkloadIdentityPoolProviderMapOutput
- func (WorkloadIdentityPoolProviderMapOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderMapOutput) MapIndex(k pulumi.StringInput) WorkloadIdentityPoolProviderOutput
- func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput
- func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput
- type WorkloadIdentityPoolProviderOidc
- type WorkloadIdentityPoolProviderOidcArgs
- func (WorkloadIdentityPoolProviderOidcArgs) ElementType() reflect.Type
- func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput
- func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput
- func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
- func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
- type WorkloadIdentityPoolProviderOidcInput
- type WorkloadIdentityPoolProviderOidcOutput
- func (o WorkloadIdentityPoolProviderOidcOutput) AllowedAudiences() pulumi.StringArrayOutput
- func (WorkloadIdentityPoolProviderOidcOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderOidcOutput) IssuerUri() pulumi.StringOutput
- func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput
- func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput
- func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
- func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
- type WorkloadIdentityPoolProviderOidcPtrInput
- type WorkloadIdentityPoolProviderOidcPtrOutput
- func (o WorkloadIdentityPoolProviderOidcPtrOutput) AllowedAudiences() pulumi.StringArrayOutput
- func (o WorkloadIdentityPoolProviderOidcPtrOutput) Elem() WorkloadIdentityPoolProviderOidcOutput
- func (WorkloadIdentityPoolProviderOidcPtrOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderOidcPtrOutput) IssuerUri() pulumi.StringPtrOutput
- func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
- func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
- type WorkloadIdentityPoolProviderOutput
- func (WorkloadIdentityPoolProviderOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput
- func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput
- func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderPtrOutput() WorkloadIdentityPoolProviderPtrOutput
- func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderPtrOutput
- type WorkloadIdentityPoolProviderPtrInput
- type WorkloadIdentityPoolProviderPtrOutput
- func (o WorkloadIdentityPoolProviderPtrOutput) Elem() WorkloadIdentityPoolProviderOutput
- func (WorkloadIdentityPoolProviderPtrOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolProviderPtrOutput) ToWorkloadIdentityPoolProviderPtrOutput() WorkloadIdentityPoolProviderPtrOutput
- func (o WorkloadIdentityPoolProviderPtrOutput) ToWorkloadIdentityPoolProviderPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderPtrOutput
- type WorkloadIdentityPoolProviderState
- type WorkloadIdentityPoolPtrInput
- type WorkloadIdentityPoolPtrOutput
- func (o WorkloadIdentityPoolPtrOutput) Elem() WorkloadIdentityPoolOutput
- func (WorkloadIdentityPoolPtrOutput) ElementType() reflect.Type
- func (o WorkloadIdentityPoolPtrOutput) ToWorkloadIdentityPoolPtrOutput() WorkloadIdentityPoolPtrOutput
- func (o WorkloadIdentityPoolPtrOutput) ToWorkloadIdentityPoolPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolPtrOutput
- type WorkloadIdentityPoolState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GetRuleArgs ¶
type GetRuleArgs struct { // The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}` Name string `pulumi:"name"` }
A collection of arguments for invoking getRule.
type GetRuleOutputArgs ¶ added in v5.21.0
type GetRuleOutputArgs struct { // The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}` Name pulumi.StringInput `pulumi:"name"` }
A collection of arguments for invoking getRule.
func (GetRuleOutputArgs) ElementType ¶ added in v5.21.0
func (GetRuleOutputArgs) ElementType() reflect.Type
type GetRuleResult ¶
type GetRuleResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get` IncludedPermissions []string `pulumi:"includedPermissions"` Name string `pulumi:"name"` // indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`. Stage string `pulumi:"stage"` // is a friendly title for the role, such as "Role Viewer" Title string `pulumi:"title"` }
A collection of values returned by getRule.
func GetRule ¶
func GetRule(ctx *pulumi.Context, args *GetRuleArgs, opts ...pulumi.InvokeOption) (*GetRuleResult, error)
Use this data source to get information about a Google IAM Role.
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { roleinfo, err := iam.GetRule(ctx, &iam.GetRuleArgs{ Name: "roles/compute.viewer", }, nil) if err != nil { return err } ctx.Export("theRolePermissions", roleinfo.IncludedPermissions) return nil }) }
```
type GetRuleResultOutput ¶ added in v5.21.0
type GetRuleResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getRule.
func GetRuleOutput ¶ added in v5.21.0
func GetRuleOutput(ctx *pulumi.Context, args GetRuleOutputArgs, opts ...pulumi.InvokeOption) GetRuleResultOutput
func (GetRuleResultOutput) ElementType ¶ added in v5.21.0
func (GetRuleResultOutput) ElementType() reflect.Type
func (GetRuleResultOutput) Id ¶ added in v5.21.0
func (o GetRuleResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetRuleResultOutput) IncludedPermissions ¶ added in v5.21.0
func (o GetRuleResultOutput) IncludedPermissions() pulumi.StringArrayOutput
specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get`
func (GetRuleResultOutput) Name ¶ added in v5.21.0
func (o GetRuleResultOutput) Name() pulumi.StringOutput
func (GetRuleResultOutput) Stage ¶ added in v5.21.0
func (o GetRuleResultOutput) Stage() pulumi.StringOutput
indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`.
func (GetRuleResultOutput) Title ¶ added in v5.21.0
func (o GetRuleResultOutput) Title() pulumi.StringOutput
is a friendly title for the role, such as "Role Viewer"
func (GetRuleResultOutput) ToGetRuleResultOutput ¶ added in v5.21.0
func (o GetRuleResultOutput) ToGetRuleResultOutput() GetRuleResultOutput
func (GetRuleResultOutput) ToGetRuleResultOutputWithContext ¶ added in v5.21.0
func (o GetRuleResultOutput) ToGetRuleResultOutputWithContext(ctx context.Context) GetRuleResultOutput
type GetTestablePermissionsArgs ¶
type GetTestablePermissionsArgs struct { // The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"` CustomSupportLevel *string `pulumi:"customSupportLevel"` // See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail. FullResourceName string `pulumi:"fullResourceName"` // The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`. Stages []string `pulumi:"stages"` }
A collection of arguments for invoking getTestablePermissions.
type GetTestablePermissionsOutputArgs ¶ added in v5.21.0
type GetTestablePermissionsOutputArgs struct { // The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"` CustomSupportLevel pulumi.StringPtrInput `pulumi:"customSupportLevel"` // See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail. FullResourceName pulumi.StringInput `pulumi:"fullResourceName"` // The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`. Stages pulumi.StringArrayInput `pulumi:"stages"` }
A collection of arguments for invoking getTestablePermissions.
func (GetTestablePermissionsOutputArgs) ElementType ¶ added in v5.21.0
func (GetTestablePermissionsOutputArgs) ElementType() reflect.Type
type GetTestablePermissionsPermission ¶
type GetTestablePermissionsPermission struct { // Whether the corresponding API has been enabled for the resource. ApiDisabled bool `pulumi:"apiDisabled"` // The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"` CustomSupportLevel string `pulumi:"customSupportLevel"` // Name of the permission. Name string `pulumi:"name"` // Release stage of the permission. Stage string `pulumi:"stage"` // Human readable title of the permission. Title string `pulumi:"title"` }
type GetTestablePermissionsPermissionArgs ¶
type GetTestablePermissionsPermissionArgs struct { // Whether the corresponding API has been enabled for the resource. ApiDisabled pulumi.BoolInput `pulumi:"apiDisabled"` // The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"` CustomSupportLevel pulumi.StringInput `pulumi:"customSupportLevel"` // Name of the permission. Name pulumi.StringInput `pulumi:"name"` // Release stage of the permission. Stage pulumi.StringInput `pulumi:"stage"` // Human readable title of the permission. Title pulumi.StringInput `pulumi:"title"` }
func (GetTestablePermissionsPermissionArgs) ElementType ¶
func (GetTestablePermissionsPermissionArgs) ElementType() reflect.Type
func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput ¶
func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput
func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext ¶
func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput
type GetTestablePermissionsPermissionArray ¶
type GetTestablePermissionsPermissionArray []GetTestablePermissionsPermissionInput
func (GetTestablePermissionsPermissionArray) ElementType ¶
func (GetTestablePermissionsPermissionArray) ElementType() reflect.Type
func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput ¶
func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput
func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext ¶
func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput
type GetTestablePermissionsPermissionArrayInput ¶
type GetTestablePermissionsPermissionArrayInput interface { pulumi.Input ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput ToGetTestablePermissionsPermissionArrayOutputWithContext(context.Context) GetTestablePermissionsPermissionArrayOutput }
GetTestablePermissionsPermissionArrayInput is an input type that accepts GetTestablePermissionsPermissionArray and GetTestablePermissionsPermissionArrayOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionArrayInput` via:
GetTestablePermissionsPermissionArray{ GetTestablePermissionsPermissionArgs{...} }
type GetTestablePermissionsPermissionArrayOutput ¶
type GetTestablePermissionsPermissionArrayOutput struct{ *pulumi.OutputState }
func (GetTestablePermissionsPermissionArrayOutput) ElementType ¶
func (GetTestablePermissionsPermissionArrayOutput) ElementType() reflect.Type
func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput ¶
func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput
func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext ¶
func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput
type GetTestablePermissionsPermissionInput ¶
type GetTestablePermissionsPermissionInput interface { pulumi.Input ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput ToGetTestablePermissionsPermissionOutputWithContext(context.Context) GetTestablePermissionsPermissionOutput }
GetTestablePermissionsPermissionInput is an input type that accepts GetTestablePermissionsPermissionArgs and GetTestablePermissionsPermissionOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionInput` via:
GetTestablePermissionsPermissionArgs{...}
type GetTestablePermissionsPermissionOutput ¶
type GetTestablePermissionsPermissionOutput struct{ *pulumi.OutputState }
func (GetTestablePermissionsPermissionOutput) ApiDisabled ¶
func (o GetTestablePermissionsPermissionOutput) ApiDisabled() pulumi.BoolOutput
Whether the corresponding API has been enabled for the resource.
func (GetTestablePermissionsPermissionOutput) CustomSupportLevel ¶
func (o GetTestablePermissionsPermissionOutput) CustomSupportLevel() pulumi.StringOutput
The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
func (GetTestablePermissionsPermissionOutput) ElementType ¶
func (GetTestablePermissionsPermissionOutput) ElementType() reflect.Type
func (GetTestablePermissionsPermissionOutput) Name ¶
func (o GetTestablePermissionsPermissionOutput) Name() pulumi.StringOutput
Name of the permission.
func (GetTestablePermissionsPermissionOutput) Stage ¶
func (o GetTestablePermissionsPermissionOutput) Stage() pulumi.StringOutput
Release stage of the permission.
func (GetTestablePermissionsPermissionOutput) Title ¶
func (o GetTestablePermissionsPermissionOutput) Title() pulumi.StringOutput
Human readable title of the permission.
func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput ¶
func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput
func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext ¶
func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput
type GetTestablePermissionsResult ¶
type GetTestablePermissionsResult struct { // The the support level of this permission for custom roles. CustomSupportLevel *string `pulumi:"customSupportLevel"` FullResourceName string `pulumi:"fullResourceName"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // A list of permissions matching the provided input. Structure is defined below. Permissions []GetTestablePermissionsPermission `pulumi:"permissions"` Stages []string `pulumi:"stages"` }
A collection of values returned by getTestablePermissions.
func GetTestablePermissions ¶
func GetTestablePermissions(ctx *pulumi.Context, args *GetTestablePermissionsArgs, opts ...pulumi.InvokeOption) (*GetTestablePermissionsResult, error)
Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
## Example Usage
Retrieve all the supported permissions able to be set on `my-project` that are in either GA or BETA. This is useful for dynamically constructing custom roles.
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.GetTestablePermissions(ctx, &iam.GetTestablePermissionsArgs{ FullResourceName: "//cloudresourcemanager.googleapis.com/projects/my-project", Stages: []string{ "GA", "BETA", }, }, nil) if err != nil { return err } return nil }) }
```
type GetTestablePermissionsResultOutput ¶ added in v5.21.0
type GetTestablePermissionsResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getTestablePermissions.
func GetTestablePermissionsOutput ¶ added in v5.21.0
func GetTestablePermissionsOutput(ctx *pulumi.Context, args GetTestablePermissionsOutputArgs, opts ...pulumi.InvokeOption) GetTestablePermissionsResultOutput
func (GetTestablePermissionsResultOutput) CustomSupportLevel ¶ added in v5.21.0
func (o GetTestablePermissionsResultOutput) CustomSupportLevel() pulumi.StringPtrOutput
The the support level of this permission for custom roles.
func (GetTestablePermissionsResultOutput) ElementType ¶ added in v5.21.0
func (GetTestablePermissionsResultOutput) ElementType() reflect.Type
func (GetTestablePermissionsResultOutput) FullResourceName ¶ added in v5.21.0
func (o GetTestablePermissionsResultOutput) FullResourceName() pulumi.StringOutput
func (GetTestablePermissionsResultOutput) Id ¶ added in v5.21.0
func (o GetTestablePermissionsResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetTestablePermissionsResultOutput) Permissions ¶ added in v5.21.0
func (o GetTestablePermissionsResultOutput) Permissions() GetTestablePermissionsPermissionArrayOutput
A list of permissions matching the provided input. Structure is defined below.
func (GetTestablePermissionsResultOutput) Stages ¶ added in v5.21.0
func (o GetTestablePermissionsResultOutput) Stages() pulumi.StringArrayOutput
func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput ¶ added in v5.21.0
func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput() GetTestablePermissionsResultOutput
func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext ¶ added in v5.21.0
func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext(ctx context.Context) GetTestablePermissionsResultOutput
type GetWorkloadIdentityPoolProviderAw ¶
type GetWorkloadIdentityPoolProviderAw struct {
AccountId string `pulumi:"accountId"`
}
type GetWorkloadIdentityPoolProviderAwArgs ¶
type GetWorkloadIdentityPoolProviderAwArgs struct {
AccountId pulumi.StringInput `pulumi:"accountId"`
}
func (GetWorkloadIdentityPoolProviderAwArgs) ElementType ¶
func (GetWorkloadIdentityPoolProviderAwArgs) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput ¶
func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput
func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext ¶
func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput
type GetWorkloadIdentityPoolProviderAwArray ¶
type GetWorkloadIdentityPoolProviderAwArray []GetWorkloadIdentityPoolProviderAwInput
func (GetWorkloadIdentityPoolProviderAwArray) ElementType ¶
func (GetWorkloadIdentityPoolProviderAwArray) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput ¶
func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput
func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext ¶
func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput
type GetWorkloadIdentityPoolProviderAwArrayInput ¶
type GetWorkloadIdentityPoolProviderAwArrayInput interface { pulumi.Input ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput }
GetWorkloadIdentityPoolProviderAwArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArray and GetWorkloadIdentityPoolProviderAwArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwArrayInput` via:
GetWorkloadIdentityPoolProviderAwArray{ GetWorkloadIdentityPoolProviderAwArgs{...} }
type GetWorkloadIdentityPoolProviderAwArrayOutput ¶
type GetWorkloadIdentityPoolProviderAwArrayOutput struct{ *pulumi.OutputState }
func (GetWorkloadIdentityPoolProviderAwArrayOutput) ElementType ¶
func (GetWorkloadIdentityPoolProviderAwArrayOutput) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput ¶
func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput
func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext ¶
func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput
type GetWorkloadIdentityPoolProviderAwInput ¶
type GetWorkloadIdentityPoolProviderAwInput interface { pulumi.Input ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput ToGetWorkloadIdentityPoolProviderAwOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwOutput }
GetWorkloadIdentityPoolProviderAwInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArgs and GetWorkloadIdentityPoolProviderAwOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwInput` via:
GetWorkloadIdentityPoolProviderAwArgs{...}
type GetWorkloadIdentityPoolProviderAwOutput ¶
type GetWorkloadIdentityPoolProviderAwOutput struct{ *pulumi.OutputState }
func (GetWorkloadIdentityPoolProviderAwOutput) AccountId ¶
func (o GetWorkloadIdentityPoolProviderAwOutput) AccountId() pulumi.StringOutput
func (GetWorkloadIdentityPoolProviderAwOutput) ElementType ¶
func (GetWorkloadIdentityPoolProviderAwOutput) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput ¶
func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput
func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext ¶
func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput
type GetWorkloadIdentityPoolProviderOidcArgs ¶
type GetWorkloadIdentityPoolProviderOidcArgs struct { AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"` IssuerUri pulumi.StringInput `pulumi:"issuerUri"` }
func (GetWorkloadIdentityPoolProviderOidcArgs) ElementType ¶
func (GetWorkloadIdentityPoolProviderOidcArgs) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput ¶
func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput
func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext ¶
func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput
type GetWorkloadIdentityPoolProviderOidcArray ¶
type GetWorkloadIdentityPoolProviderOidcArray []GetWorkloadIdentityPoolProviderOidcInput
func (GetWorkloadIdentityPoolProviderOidcArray) ElementType ¶
func (GetWorkloadIdentityPoolProviderOidcArray) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput ¶
func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput
func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext ¶
func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput
type GetWorkloadIdentityPoolProviderOidcArrayInput ¶
type GetWorkloadIdentityPoolProviderOidcArrayInput interface { pulumi.Input ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput }
GetWorkloadIdentityPoolProviderOidcArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArray and GetWorkloadIdentityPoolProviderOidcArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcArrayInput` via:
GetWorkloadIdentityPoolProviderOidcArray{ GetWorkloadIdentityPoolProviderOidcArgs{...} }
type GetWorkloadIdentityPoolProviderOidcArrayOutput ¶
type GetWorkloadIdentityPoolProviderOidcArrayOutput struct{ *pulumi.OutputState }
func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ElementType ¶
func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput ¶
func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput
func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext ¶
func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput
type GetWorkloadIdentityPoolProviderOidcInput ¶
type GetWorkloadIdentityPoolProviderOidcInput interface { pulumi.Input ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcOutput }
GetWorkloadIdentityPoolProviderOidcInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArgs and GetWorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcInput` via:
GetWorkloadIdentityPoolProviderOidcArgs{...}
type GetWorkloadIdentityPoolProviderOidcOutput ¶
type GetWorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }
func (GetWorkloadIdentityPoolProviderOidcOutput) AllowedAudiences ¶
func (o GetWorkloadIdentityPoolProviderOidcOutput) AllowedAudiences() pulumi.StringArrayOutput
func (GetWorkloadIdentityPoolProviderOidcOutput) ElementType ¶
func (GetWorkloadIdentityPoolProviderOidcOutput) ElementType() reflect.Type
func (GetWorkloadIdentityPoolProviderOidcOutput) IssuerUri ¶
func (o GetWorkloadIdentityPoolProviderOidcOutput) IssuerUri() pulumi.StringOutput
func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput ¶
func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput
func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext ¶
func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput
type LookupWorkloadIdentityPoolArgs ¶
type LookupWorkloadIdentityPoolArgs struct { // The project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` // The id of the pool which is the // final component of the resource name. WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"` }
A collection of arguments for invoking getWorkloadIdentityPool.
type LookupWorkloadIdentityPoolOutputArgs ¶ added in v5.21.0
type LookupWorkloadIdentityPoolOutputArgs struct { // The project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` // The id of the pool which is the // final component of the resource name. WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"` }
A collection of arguments for invoking getWorkloadIdentityPool.
func (LookupWorkloadIdentityPoolOutputArgs) ElementType ¶ added in v5.21.0
func (LookupWorkloadIdentityPoolOutputArgs) ElementType() reflect.Type
type LookupWorkloadIdentityPoolProviderArgs ¶
type LookupWorkloadIdentityPoolProviderArgs struct { // The project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` // The id of the pool which is the // final component of the pool resource name. WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"` // The id of the provider which is the // final component of the resource name. WorkloadIdentityPoolProviderId string `pulumi:"workloadIdentityPoolProviderId"` }
A collection of arguments for invoking getWorkloadIdentityPoolProvider.
type LookupWorkloadIdentityPoolProviderOutputArgs ¶ added in v5.21.0
type LookupWorkloadIdentityPoolProviderOutputArgs struct { // The project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` // The id of the pool which is the // final component of the pool resource name. WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"` // The id of the provider which is the // final component of the resource name. WorkloadIdentityPoolProviderId pulumi.StringInput `pulumi:"workloadIdentityPoolProviderId"` }
A collection of arguments for invoking getWorkloadIdentityPoolProvider.
func (LookupWorkloadIdentityPoolProviderOutputArgs) ElementType ¶ added in v5.21.0
func (LookupWorkloadIdentityPoolProviderOutputArgs) ElementType() reflect.Type
type LookupWorkloadIdentityPoolProviderResult ¶
type LookupWorkloadIdentityPoolProviderResult struct { AttributeCondition string `pulumi:"attributeCondition"` AttributeMapping map[string]string `pulumi:"attributeMapping"` Aws []GetWorkloadIdentityPoolProviderAw `pulumi:"aws"` Description string `pulumi:"description"` Disabled bool `pulumi:"disabled"` DisplayName string `pulumi:"displayName"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Name string `pulumi:"name"` Oidcs []GetWorkloadIdentityPoolProviderOidc `pulumi:"oidcs"` Project *string `pulumi:"project"` State string `pulumi:"state"` WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"` WorkloadIdentityPoolProviderId string `pulumi:"workloadIdentityPoolProviderId"` }
A collection of values returned by getWorkloadIdentityPoolProvider.
func LookupWorkloadIdentityPoolProvider ¶
func LookupWorkloadIdentityPoolProvider(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolProviderArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolProviderResult, error)
Get a IAM workload identity provider from Google Cloud by its id.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.LookupWorkloadIdentityPoolProvider(ctx, &iam.LookupWorkloadIdentityPoolProviderArgs{ WorkloadIdentityPoolId: "foo-pool", WorkloadIdentityPoolProviderId: "bar-provider", }, nil) if err != nil { return err } return nil }) }
```
type LookupWorkloadIdentityPoolProviderResultOutput ¶ added in v5.21.0
type LookupWorkloadIdentityPoolProviderResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getWorkloadIdentityPoolProvider.
func LookupWorkloadIdentityPoolProviderOutput ¶ added in v5.21.0
func LookupWorkloadIdentityPoolProviderOutput(ctx *pulumi.Context, args LookupWorkloadIdentityPoolProviderOutputArgs, opts ...pulumi.InvokeOption) LookupWorkloadIdentityPoolProviderResultOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeCondition ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) AttributeCondition() pulumi.StringOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeMapping ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) AttributeMapping() pulumi.StringMapOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) Description ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) Description() pulumi.StringOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) Disabled ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) Disabled() pulumi.BoolOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) DisplayName ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) DisplayName() pulumi.StringOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) ElementType ¶ added in v5.21.0
func (LookupWorkloadIdentityPoolProviderResultOutput) ElementType() reflect.Type
func (LookupWorkloadIdentityPoolProviderResultOutput) Id ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupWorkloadIdentityPoolProviderResultOutput) Name ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) Name() pulumi.StringOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) Project ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) Project() pulumi.StringPtrOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) State ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) State() pulumi.StringOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput() LookupWorkloadIdentityPoolProviderResultOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolProviderResultOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolId ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput
func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput
type LookupWorkloadIdentityPoolResult ¶
type LookupWorkloadIdentityPoolResult struct { Description string `pulumi:"description"` Disabled bool `pulumi:"disabled"` DisplayName string `pulumi:"displayName"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Name string `pulumi:"name"` Project *string `pulumi:"project"` State string `pulumi:"state"` WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"` }
A collection of values returned by getWorkloadIdentityPool.
func LookupWorkloadIdentityPool ¶
func LookupWorkloadIdentityPool(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolResult, error)
Get a IAM workload identity pool from Google Cloud by its id.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.LookupWorkloadIdentityPool(ctx, &iam.LookupWorkloadIdentityPoolArgs{ WorkloadIdentityPoolId: "foo-pool", }, nil) if err != nil { return err } return nil }) }
```
type LookupWorkloadIdentityPoolResultOutput ¶ added in v5.21.0
type LookupWorkloadIdentityPoolResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getWorkloadIdentityPool.
func LookupWorkloadIdentityPoolOutput ¶ added in v5.21.0
func LookupWorkloadIdentityPoolOutput(ctx *pulumi.Context, args LookupWorkloadIdentityPoolOutputArgs, opts ...pulumi.InvokeOption) LookupWorkloadIdentityPoolResultOutput
func (LookupWorkloadIdentityPoolResultOutput) Description ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) Description() pulumi.StringOutput
func (LookupWorkloadIdentityPoolResultOutput) Disabled ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) Disabled() pulumi.BoolOutput
func (LookupWorkloadIdentityPoolResultOutput) DisplayName ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) DisplayName() pulumi.StringOutput
func (LookupWorkloadIdentityPoolResultOutput) ElementType ¶ added in v5.21.0
func (LookupWorkloadIdentityPoolResultOutput) ElementType() reflect.Type
func (LookupWorkloadIdentityPoolResultOutput) Id ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupWorkloadIdentityPoolResultOutput) Name ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) Name() pulumi.StringOutput
func (LookupWorkloadIdentityPoolResultOutput) Project ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) Project() pulumi.StringPtrOutput
func (LookupWorkloadIdentityPoolResultOutput) State ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) State() pulumi.StringOutput
func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput() LookupWorkloadIdentityPoolResultOutput
func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolResultOutput
func (LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId ¶ added in v5.21.0
func (o LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput
type WorkloadIdentityPool ¶
type WorkloadIdentityPool struct { pulumi.CustomResourceState // A description of the pool. Cannot exceed 256 characters. Description pulumi.StringPtrOutput `pulumi:"description"` // Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use // existing tokens to access resources. If the pool is re-enabled, existing tokens grant // access again. Disabled pulumi.BoolPtrOutput `pulumi:"disabled"` // A display name for the pool. Cannot exceed 32 characters. DisplayName pulumi.StringPtrOutput `pulumi:"displayName"` // The resource name of the pool as // 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'. Name pulumi.StringOutput `pulumi:"name"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google // Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 // days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted // pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing // tokens to access resources. If the pool is undeleted, existing tokens grant access again. State pulumi.StringOutput `pulumi:"state"` // The ID to use for the pool, which becomes the final component of the resource name. This // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"` }
Represents a collection of external workload identities. You can define IAM policies to grant these identities access to Google Cloud resources.
To get more information about WorkloadIdentityPool, see:
* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1beta/projects.locations.workloadIdentityPools) * How-to Guides
- [Managing workload identity pools](https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#pools)
## Example Usage ### Iam Workload Identity Pool Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{ WorkloadIdentityPoolId: pulumi.String("example-pool"), }, pulumi.Provider(google_beta)) if err != nil { return err } return nil }) }
``` ### Iam Workload Identity Pool Full
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{ WorkloadIdentityPoolId: pulumi.String("example-pool"), DisplayName: pulumi.String("Name of pool"), Description: pulumi.String("Identity pool for automated test"), Disabled: pulumi.Bool(true), }, pulumi.Provider(google_beta)) if err != nil { return err } return nil }) }
```
## Import
WorkloadIdentityPool can be imported using any of these accepted formats ¶
```sh
$ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}
```
```sh
$ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{project}}/{{workload_identity_pool_id}}
```
```sh
$ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{workload_identity_pool_id}}
```
func GetWorkloadIdentityPool ¶
func GetWorkloadIdentityPool(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WorkloadIdentityPoolState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)
GetWorkloadIdentityPool gets an existing WorkloadIdentityPool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWorkloadIdentityPool ¶
func NewWorkloadIdentityPool(ctx *pulumi.Context, name string, args *WorkloadIdentityPoolArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)
NewWorkloadIdentityPool registers a new resource with the given unique name, arguments, and options.
func (*WorkloadIdentityPool) ElementType ¶
func (*WorkloadIdentityPool) ElementType() reflect.Type
func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutput ¶
func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext ¶
func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
func (*WorkloadIdentityPool) ToWorkloadIdentityPoolPtrOutput ¶
func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolPtrOutput() WorkloadIdentityPoolPtrOutput
func (*WorkloadIdentityPool) ToWorkloadIdentityPoolPtrOutputWithContext ¶
func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolPtrOutput
type WorkloadIdentityPoolArgs ¶
type WorkloadIdentityPoolArgs struct { // A description of the pool. Cannot exceed 256 characters. Description pulumi.StringPtrInput // Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use // existing tokens to access resources. If the pool is re-enabled, existing tokens grant // access again. Disabled pulumi.BoolPtrInput // A display name for the pool. Cannot exceed 32 characters. DisplayName pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // The ID to use for the pool, which becomes the final component of the resource name. This // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolId pulumi.StringInput }
The set of arguments for constructing a WorkloadIdentityPool resource.
func (WorkloadIdentityPoolArgs) ElementType ¶
func (WorkloadIdentityPoolArgs) ElementType() reflect.Type
type WorkloadIdentityPoolArray ¶
type WorkloadIdentityPoolArray []WorkloadIdentityPoolInput
func (WorkloadIdentityPoolArray) ElementType ¶
func (WorkloadIdentityPoolArray) ElementType() reflect.Type
func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput ¶
func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput
func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext ¶
func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput
type WorkloadIdentityPoolArrayInput ¶
type WorkloadIdentityPoolArrayInput interface { pulumi.Input ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput ToWorkloadIdentityPoolArrayOutputWithContext(context.Context) WorkloadIdentityPoolArrayOutput }
WorkloadIdentityPoolArrayInput is an input type that accepts WorkloadIdentityPoolArray and WorkloadIdentityPoolArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolArrayInput` via:
WorkloadIdentityPoolArray{ WorkloadIdentityPoolArgs{...} }
type WorkloadIdentityPoolArrayOutput ¶
type WorkloadIdentityPoolArrayOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolArrayOutput) ElementType ¶
func (WorkloadIdentityPoolArrayOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolArrayOutput) Index ¶
func (o WorkloadIdentityPoolArrayOutput) Index(i pulumi.IntInput) WorkloadIdentityPoolOutput
func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput ¶
func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput
func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext ¶
func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput
type WorkloadIdentityPoolInput ¶
type WorkloadIdentityPoolInput interface { pulumi.Input ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput }
type WorkloadIdentityPoolMap ¶
type WorkloadIdentityPoolMap map[string]WorkloadIdentityPoolInput
func (WorkloadIdentityPoolMap) ElementType ¶
func (WorkloadIdentityPoolMap) ElementType() reflect.Type
func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput ¶
func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput
func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext ¶
func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput
type WorkloadIdentityPoolMapInput ¶
type WorkloadIdentityPoolMapInput interface { pulumi.Input ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput ToWorkloadIdentityPoolMapOutputWithContext(context.Context) WorkloadIdentityPoolMapOutput }
WorkloadIdentityPoolMapInput is an input type that accepts WorkloadIdentityPoolMap and WorkloadIdentityPoolMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolMapInput` via:
WorkloadIdentityPoolMap{ "key": WorkloadIdentityPoolArgs{...} }
type WorkloadIdentityPoolMapOutput ¶
type WorkloadIdentityPoolMapOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolMapOutput) ElementType ¶
func (WorkloadIdentityPoolMapOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolMapOutput) MapIndex ¶
func (o WorkloadIdentityPoolMapOutput) MapIndex(k pulumi.StringInput) WorkloadIdentityPoolOutput
func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput ¶
func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput
func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext ¶
func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput
type WorkloadIdentityPoolOutput ¶
type WorkloadIdentityPoolOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolOutput) ElementType ¶
func (WorkloadIdentityPoolOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput ¶
func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext ¶
func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolPtrOutput ¶
func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolPtrOutput() WorkloadIdentityPoolPtrOutput
func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolPtrOutputWithContext ¶
func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolPtrOutput
type WorkloadIdentityPoolProvider ¶
type WorkloadIdentityPoolProvider struct { pulumi.CustomResourceState // [A Common Expression Language](https://opensource.google/projects/cel) expression, in // plain text, to restrict what otherwise valid authentication credentials issued by the // provider should not be accepted. // The expression must output a boolean representing whether to allow the federation. // The following keywords may be referenced in the expressions: // * `assertion`: JSON representing the authentication credential issued by the provider. // * `google`: The Google attributes mapped from the assertion in the `attributeMappings`. // * `attribute`: The custom attributes mapped from the assertion in the `attributeMappings`. // The maximum length of the attribute condition expression is 4096 characters. If // unspecified, all valid authentication credential are accepted. // The following example shows how to only allow credentials with a mapped `google.groups` // value of `admins`: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AttributeCondition pulumi.StringPtrOutput `pulumi:"attributeCondition"` // Maps attributes from authentication credentials issued by an external identity provider // to Google Cloud attributes, such as `subject` and `segment`. // Each key must be a string specifying the Google Cloud IAM attribute to map to. // The following keys are supported: // * `google.subject`: The principal IAM is authenticating. You can reference this value // in IAM bindings. This is also the subject that appears in Cloud Logging logs. // Cannot exceed 127 characters. // * `google.groups`: Groups the external identity belongs to. You can grant groups // access to resources using an IAM `principalSet` binding; access applies to all // members of the group. // You can also provide custom attributes by specifying `attribute.{custom_attribute}`, // where `{custom_attribute}` is the name of the custom attribute to be mapped. You can // define a maximum of 50 custom attributes. The maximum length of a mapped attribute key // is 100 characters, and the key may only contain the characters [a-z0-9_]. // You can reference these attributes in IAM policies to define fine-grained access for a // workload to Google Cloud resources. For example: // * `google.subject`: // `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` // * `google.groups`: // `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` // * `attribute.{custom_attribute}`: // `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` // Each value must be a [Common Expression Language](https://opensource.google/projects/cel) // function that maps an identity provider credential to the normalized attribute specified // by the corresponding map key. // You can use the `assertion` keyword in the expression to access a JSON representation of // the authentication credential issued by the provider. // The maximum length of an attribute mapping expression is 2048 characters. When evaluated, // the total size of all mapped attributes must not exceed 8KB. // For AWS providers, the following rules apply: // - If no attribute mapping is defined, the following default mapping applies: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` // - If any custom attribute mappings are defined, they must include a mapping to the // `google.subject` attribute. // For OIDC providers, the following rules apply: // - Custom attribute mappings must be defined, and must include a mapping to the // `google.subject` attribute. For example, the following maps the `sub` claim of the // incoming credential to the `subject` attribute on a Google token. // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"` // An Amazon Web Services identity provider. Not compatible with the property oidc. // Structure is documented below. Aws WorkloadIdentityPoolProviderAwsPtrOutput `pulumi:"aws"` // A description for the provider. Cannot exceed 256 characters. Description pulumi.StringPtrOutput `pulumi:"description"` // Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. // However, existing tokens still grant access. Disabled pulumi.BoolPtrOutput `pulumi:"disabled"` // A display name for the provider. Cannot exceed 32 characters. DisplayName pulumi.StringPtrOutput `pulumi:"displayName"` // The resource name of the provider as // 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'. Name pulumi.StringOutput `pulumi:"name"` // An OpenId Connect 1.0 identity provider. Not compatible with the property aws. // Structure is documented below. Oidc WorkloadIdentityPoolProviderOidcPtrOutput `pulumi:"oidc"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The state of the provider. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The provider is active, and may be used to // validate authentication credentials. * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently // deleted after approximately 30 days. You can restore a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider. // You cannot reuse the ID of a soft-deleted provider until it is permanently deleted. State pulumi.StringOutput `pulumi:"state"` // The ID used for the pool, which is the final component of the pool resource name. This // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"` // The ID for the provider, which becomes the final component of the resource name. This // value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolProviderId pulumi.StringOutput `pulumi:"workloadIdentityPoolProviderId"` }
A configuration for an external identity provider.
To get more information about WorkloadIdentityPoolProvider, see:
* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1beta/projects.locations.workloadIdentityPools.providers) * How-to Guides
- [Managing workload identity providers](https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#managing_workload_identity_providers)
## Example Usage ### Iam Workload Identity Pool Provider Aws Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{ WorkloadIdentityPoolId: pulumi.String("example-pool"), }, pulumi.Provider(google_beta)) if err != nil { return err } _, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{ WorkloadIdentityPoolId: pool.WorkloadIdentityPoolId, WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"), Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{ AccountId: pulumi.String("999999999999"), }, }, pulumi.Provider(google_beta)) if err != nil { return err } return nil }) }
``` ### Iam Workload Identity Pool Provider Aws Full
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{ WorkloadIdentityPoolId: pulumi.String("example-pool"), }, pulumi.Provider(google_beta)) if err != nil { return err } _, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{ WorkloadIdentityPoolId: pool.WorkloadIdentityPoolId, WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"), DisplayName: pulumi.String("Name of provider"), Description: pulumi.String("AWS identity pool provider for automated test"), Disabled: pulumi.Bool(true), AttributeCondition: pulumi.String("attribute.aws_role==\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\""), AttributeMapping: pulumi.StringMap{ "google.subject": pulumi.String("assertion.arn"), "attribute.aws_account": pulumi.String("assertion.account"), "attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""), }, Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{ AccountId: pulumi.String("999999999999"), }, }, pulumi.Provider(google_beta)) if err != nil { return err } return nil }) }
``` ### Iam Workload Identity Pool Provider Oidc Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{ WorkloadIdentityPoolId: pulumi.String("example-pool"), }, pulumi.Provider(google_beta)) if err != nil { return err } _, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{ WorkloadIdentityPoolId: pool.WorkloadIdentityPoolId, WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"), AttributeMapping: pulumi.StringMap{ "google.subject": pulumi.String("assertion.sub"), }, Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{ IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"), }, }, pulumi.Provider(google_beta)) if err != nil { return err } return nil }) }
``` ### Iam Workload Identity Pool Provider Oidc Full
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{ WorkloadIdentityPoolId: pulumi.String("example-pool"), }, pulumi.Provider(google_beta)) if err != nil { return err } _, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{ WorkloadIdentityPoolId: pool.WorkloadIdentityPoolId, WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"), DisplayName: pulumi.String("Name of provider"), Description: pulumi.String("OIDC identity pool provider for automated test"), Disabled: pulumi.Bool(true), AttributeCondition: pulumi.String("\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"), AttributeMapping: pulumi.StringMap{ "google.subject": pulumi.String("\"azure::\" + assertion.tid + \"::\" + assertion.sub"), "attribute.tid": pulumi.String("assertion.tid"), "attribute.managed_identity_name": pulumi.String(fmt.Sprintf("%v%v%v%v", " {\n", " \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n", " \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n", " }[assertion.oid]\n")), }, Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{ AllowedAudiences: pulumi.StringArray{ pulumi.String("https://example.com/gcp-oidc-federation"), pulumi.String("example.com/gcp-oidc-federation"), }, IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"), }, }, pulumi.Provider(google_beta)) if err != nil { return err } return nil }) }
```
## Import
WorkloadIdentityPoolProvider can be imported using any of these accepted formats ¶
```sh
$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}
```
```sh
$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}
```
```sh
$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}
```
func GetWorkloadIdentityPoolProvider ¶
func GetWorkloadIdentityPoolProvider(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WorkloadIdentityPoolProviderState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)
GetWorkloadIdentityPoolProvider gets an existing WorkloadIdentityPoolProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWorkloadIdentityPoolProvider ¶
func NewWorkloadIdentityPoolProvider(ctx *pulumi.Context, name string, args *WorkloadIdentityPoolProviderArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)
NewWorkloadIdentityPoolProvider registers a new resource with the given unique name, arguments, and options.
func (*WorkloadIdentityPoolProvider) ElementType ¶
func (*WorkloadIdentityPoolProvider) ElementType() reflect.Type
func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput ¶
func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput
func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext ¶
func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput
func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderPtrOutput ¶
func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderPtrOutput() WorkloadIdentityPoolProviderPtrOutput
func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderPtrOutputWithContext ¶
func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderPtrOutput
type WorkloadIdentityPoolProviderArgs ¶
type WorkloadIdentityPoolProviderArgs struct { // [A Common Expression Language](https://opensource.google/projects/cel) expression, in // plain text, to restrict what otherwise valid authentication credentials issued by the // provider should not be accepted. // The expression must output a boolean representing whether to allow the federation. // The following keywords may be referenced in the expressions: // * `assertion`: JSON representing the authentication credential issued by the provider. // * `google`: The Google attributes mapped from the assertion in the `attributeMappings`. // * `attribute`: The custom attributes mapped from the assertion in the `attributeMappings`. // The maximum length of the attribute condition expression is 4096 characters. If // unspecified, all valid authentication credential are accepted. // The following example shows how to only allow credentials with a mapped `google.groups` // value of `admins`: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AttributeCondition pulumi.StringPtrInput // Maps attributes from authentication credentials issued by an external identity provider // to Google Cloud attributes, such as `subject` and `segment`. // Each key must be a string specifying the Google Cloud IAM attribute to map to. // The following keys are supported: // * `google.subject`: The principal IAM is authenticating. You can reference this value // in IAM bindings. This is also the subject that appears in Cloud Logging logs. // Cannot exceed 127 characters. // * `google.groups`: Groups the external identity belongs to. You can grant groups // access to resources using an IAM `principalSet` binding; access applies to all // members of the group. // You can also provide custom attributes by specifying `attribute.{custom_attribute}`, // where `{custom_attribute}` is the name of the custom attribute to be mapped. You can // define a maximum of 50 custom attributes. The maximum length of a mapped attribute key // is 100 characters, and the key may only contain the characters [a-z0-9_]. // You can reference these attributes in IAM policies to define fine-grained access for a // workload to Google Cloud resources. For example: // * `google.subject`: // `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` // * `google.groups`: // `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` // * `attribute.{custom_attribute}`: // `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` // Each value must be a [Common Expression Language](https://opensource.google/projects/cel) // function that maps an identity provider credential to the normalized attribute specified // by the corresponding map key. // You can use the `assertion` keyword in the expression to access a JSON representation of // the authentication credential issued by the provider. // The maximum length of an attribute mapping expression is 2048 characters. When evaluated, // the total size of all mapped attributes must not exceed 8KB. // For AWS providers, the following rules apply: // - If no attribute mapping is defined, the following default mapping applies: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` // - If any custom attribute mappings are defined, they must include a mapping to the // `google.subject` attribute. // For OIDC providers, the following rules apply: // - Custom attribute mappings must be defined, and must include a mapping to the // `google.subject` attribute. For example, the following maps the `sub` claim of the // incoming credential to the `subject` attribute on a Google token. // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AttributeMapping pulumi.StringMapInput // An Amazon Web Services identity provider. Not compatible with the property oidc. // Structure is documented below. Aws WorkloadIdentityPoolProviderAwsPtrInput // A description for the provider. Cannot exceed 256 characters. Description pulumi.StringPtrInput // Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. // However, existing tokens still grant access. Disabled pulumi.BoolPtrInput // A display name for the provider. Cannot exceed 32 characters. DisplayName pulumi.StringPtrInput // An OpenId Connect 1.0 identity provider. Not compatible with the property aws. // Structure is documented below. Oidc WorkloadIdentityPoolProviderOidcPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // The ID used for the pool, which is the final component of the pool resource name. This // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolId pulumi.StringInput // The ID for the provider, which becomes the final component of the resource name. This // value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolProviderId pulumi.StringInput }
The set of arguments for constructing a WorkloadIdentityPoolProvider resource.
func (WorkloadIdentityPoolProviderArgs) ElementType ¶
func (WorkloadIdentityPoolProviderArgs) ElementType() reflect.Type
type WorkloadIdentityPoolProviderArray ¶
type WorkloadIdentityPoolProviderArray []WorkloadIdentityPoolProviderInput
func (WorkloadIdentityPoolProviderArray) ElementType ¶
func (WorkloadIdentityPoolProviderArray) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput ¶
func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput
func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext ¶
func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput
type WorkloadIdentityPoolProviderArrayInput ¶
type WorkloadIdentityPoolProviderArrayInput interface { pulumi.Input ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput ToWorkloadIdentityPoolProviderArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderArrayOutput }
WorkloadIdentityPoolProviderArrayInput is an input type that accepts WorkloadIdentityPoolProviderArray and WorkloadIdentityPoolProviderArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderArrayInput` via:
WorkloadIdentityPoolProviderArray{ WorkloadIdentityPoolProviderArgs{...} }
type WorkloadIdentityPoolProviderArrayOutput ¶
type WorkloadIdentityPoolProviderArrayOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderArrayOutput) ElementType ¶
func (WorkloadIdentityPoolProviderArrayOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput ¶
func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput
func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext ¶
func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput
type WorkloadIdentityPoolProviderAws ¶
type WorkloadIdentityPoolProviderAws struct { // The AWS account ID. AccountId string `pulumi:"accountId"` }
type WorkloadIdentityPoolProviderAwsArgs ¶
type WorkloadIdentityPoolProviderAwsArgs struct { // The AWS account ID. AccountId pulumi.StringInput `pulumi:"accountId"` }
func (WorkloadIdentityPoolProviderAwsArgs) ElementType ¶
func (WorkloadIdentityPoolProviderAwsArgs) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput ¶
func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput
func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext ¶
func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput
func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput ¶
func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext ¶
func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
type WorkloadIdentityPoolProviderAwsInput ¶
type WorkloadIdentityPoolProviderAwsInput interface { pulumi.Input ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput ToWorkloadIdentityPoolProviderAwsOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsOutput }
WorkloadIdentityPoolProviderAwsInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs and WorkloadIdentityPoolProviderAwsOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsInput` via:
WorkloadIdentityPoolProviderAwsArgs{...}
type WorkloadIdentityPoolProviderAwsOutput ¶
type WorkloadIdentityPoolProviderAwsOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderAwsOutput) AccountId ¶
func (o WorkloadIdentityPoolProviderAwsOutput) AccountId() pulumi.StringOutput
The AWS account ID.
func (WorkloadIdentityPoolProviderAwsOutput) ElementType ¶
func (WorkloadIdentityPoolProviderAwsOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput ¶
func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput
func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext ¶
func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput
func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput ¶
func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext ¶
func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
type WorkloadIdentityPoolProviderAwsPtrInput ¶
type WorkloadIdentityPoolProviderAwsPtrInput interface { pulumi.Input ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsPtrOutput }
WorkloadIdentityPoolProviderAwsPtrInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs, WorkloadIdentityPoolProviderAwsPtr and WorkloadIdentityPoolProviderAwsPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsPtrInput` via:
WorkloadIdentityPoolProviderAwsArgs{...} or: nil
func WorkloadIdentityPoolProviderAwsPtr ¶
func WorkloadIdentityPoolProviderAwsPtr(v *WorkloadIdentityPoolProviderAwsArgs) WorkloadIdentityPoolProviderAwsPtrInput
type WorkloadIdentityPoolProviderAwsPtrOutput ¶
type WorkloadIdentityPoolProviderAwsPtrOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderAwsPtrOutput) AccountId ¶
func (o WorkloadIdentityPoolProviderAwsPtrOutput) AccountId() pulumi.StringPtrOutput
The AWS account ID.
func (WorkloadIdentityPoolProviderAwsPtrOutput) ElementType ¶
func (WorkloadIdentityPoolProviderAwsPtrOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput ¶
func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext ¶
func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
type WorkloadIdentityPoolProviderInput ¶
type WorkloadIdentityPoolProviderInput interface { pulumi.Input ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput }
type WorkloadIdentityPoolProviderMap ¶
type WorkloadIdentityPoolProviderMap map[string]WorkloadIdentityPoolProviderInput
func (WorkloadIdentityPoolProviderMap) ElementType ¶
func (WorkloadIdentityPoolProviderMap) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput ¶
func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput
func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext ¶
func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput
type WorkloadIdentityPoolProviderMapInput ¶
type WorkloadIdentityPoolProviderMapInput interface { pulumi.Input ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput ToWorkloadIdentityPoolProviderMapOutputWithContext(context.Context) WorkloadIdentityPoolProviderMapOutput }
WorkloadIdentityPoolProviderMapInput is an input type that accepts WorkloadIdentityPoolProviderMap and WorkloadIdentityPoolProviderMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderMapInput` via:
WorkloadIdentityPoolProviderMap{ "key": WorkloadIdentityPoolProviderArgs{...} }
type WorkloadIdentityPoolProviderMapOutput ¶
type WorkloadIdentityPoolProviderMapOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderMapOutput) ElementType ¶
func (WorkloadIdentityPoolProviderMapOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderMapOutput) MapIndex ¶
func (o WorkloadIdentityPoolProviderMapOutput) MapIndex(k pulumi.StringInput) WorkloadIdentityPoolProviderOutput
func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput ¶
func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput
func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext ¶
func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput
type WorkloadIdentityPoolProviderOidc ¶
type WorkloadIdentityPoolProviderOidc struct { // Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange // requests are rejected if the token audience does not match one of the configured // values. Each audience may be at most 256 characters. A maximum of 10 audiences may // be configured. // If this list is empty, the OIDC token audience must be equal to the full canonical // resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. // For example: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AllowedAudiences []string `pulumi:"allowedAudiences"` // The OIDC issuer URL. IssuerUri string `pulumi:"issuerUri"` }
type WorkloadIdentityPoolProviderOidcArgs ¶
type WorkloadIdentityPoolProviderOidcArgs struct { // Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange // requests are rejected if the token audience does not match one of the configured // values. Each audience may be at most 256 characters. A maximum of 10 audiences may // be configured. // If this list is empty, the OIDC token audience must be equal to the full canonical // resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. // For example: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"` // The OIDC issuer URL. IssuerUri pulumi.StringInput `pulumi:"issuerUri"` }
func (WorkloadIdentityPoolProviderOidcArgs) ElementType ¶
func (WorkloadIdentityPoolProviderOidcArgs) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput ¶
func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput
func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext ¶
func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput
func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput ¶
func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext ¶
func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
type WorkloadIdentityPoolProviderOidcInput ¶
type WorkloadIdentityPoolProviderOidcInput interface { pulumi.Input ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput ToWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcOutput }
WorkloadIdentityPoolProviderOidcInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs and WorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcInput` via:
WorkloadIdentityPoolProviderOidcArgs{...}
type WorkloadIdentityPoolProviderOidcOutput ¶
type WorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderOidcOutput) AllowedAudiences ¶
func (o WorkloadIdentityPoolProviderOidcOutput) AllowedAudiences() pulumi.StringArrayOutput
Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```go package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
```
func (WorkloadIdentityPoolProviderOidcOutput) ElementType ¶
func (WorkloadIdentityPoolProviderOidcOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderOidcOutput) IssuerUri ¶
func (o WorkloadIdentityPoolProviderOidcOutput) IssuerUri() pulumi.StringOutput
The OIDC issuer URL.
func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput ¶
func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput
func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext ¶
func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput
func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput ¶
func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext ¶
func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
type WorkloadIdentityPoolProviderOidcPtrInput ¶
type WorkloadIdentityPoolProviderOidcPtrInput interface { pulumi.Input ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcPtrOutput }
WorkloadIdentityPoolProviderOidcPtrInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs, WorkloadIdentityPoolProviderOidcPtr and WorkloadIdentityPoolProviderOidcPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcPtrInput` via:
WorkloadIdentityPoolProviderOidcArgs{...} or: nil
func WorkloadIdentityPoolProviderOidcPtr ¶
func WorkloadIdentityPoolProviderOidcPtr(v *WorkloadIdentityPoolProviderOidcArgs) WorkloadIdentityPoolProviderOidcPtrInput
type WorkloadIdentityPoolProviderOidcPtrOutput ¶
type WorkloadIdentityPoolProviderOidcPtrOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderOidcPtrOutput) AllowedAudiences ¶
func (o WorkloadIdentityPoolProviderOidcPtrOutput) AllowedAudiences() pulumi.StringArrayOutput
Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```go package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
```
func (WorkloadIdentityPoolProviderOidcPtrOutput) ElementType ¶
func (WorkloadIdentityPoolProviderOidcPtrOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderOidcPtrOutput) IssuerUri ¶
func (o WorkloadIdentityPoolProviderOidcPtrOutput) IssuerUri() pulumi.StringPtrOutput
The OIDC issuer URL.
func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput ¶
func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext ¶
func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
type WorkloadIdentityPoolProviderOutput ¶
type WorkloadIdentityPoolProviderOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderOutput) ElementType ¶
func (WorkloadIdentityPoolProviderOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput ¶
func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput
func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext ¶
func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput
func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderPtrOutput ¶
func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderPtrOutput() WorkloadIdentityPoolProviderPtrOutput
func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderPtrOutputWithContext ¶
func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderPtrOutput
type WorkloadIdentityPoolProviderPtrInput ¶
type WorkloadIdentityPoolProviderPtrInput interface { pulumi.Input ToWorkloadIdentityPoolProviderPtrOutput() WorkloadIdentityPoolProviderPtrOutput ToWorkloadIdentityPoolProviderPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderPtrOutput }
type WorkloadIdentityPoolProviderPtrOutput ¶
type WorkloadIdentityPoolProviderPtrOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolProviderPtrOutput) ElementType ¶
func (WorkloadIdentityPoolProviderPtrOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolProviderPtrOutput) ToWorkloadIdentityPoolProviderPtrOutput ¶
func (o WorkloadIdentityPoolProviderPtrOutput) ToWorkloadIdentityPoolProviderPtrOutput() WorkloadIdentityPoolProviderPtrOutput
func (WorkloadIdentityPoolProviderPtrOutput) ToWorkloadIdentityPoolProviderPtrOutputWithContext ¶
func (o WorkloadIdentityPoolProviderPtrOutput) ToWorkloadIdentityPoolProviderPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderPtrOutput
type WorkloadIdentityPoolProviderState ¶
type WorkloadIdentityPoolProviderState struct { // [A Common Expression Language](https://opensource.google/projects/cel) expression, in // plain text, to restrict what otherwise valid authentication credentials issued by the // provider should not be accepted. // The expression must output a boolean representing whether to allow the federation. // The following keywords may be referenced in the expressions: // * `assertion`: JSON representing the authentication credential issued by the provider. // * `google`: The Google attributes mapped from the assertion in the `attributeMappings`. // * `attribute`: The custom attributes mapped from the assertion in the `attributeMappings`. // The maximum length of the attribute condition expression is 4096 characters. If // unspecified, all valid authentication credential are accepted. // The following example shows how to only allow credentials with a mapped `google.groups` // value of `admins`: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AttributeCondition pulumi.StringPtrInput // Maps attributes from authentication credentials issued by an external identity provider // to Google Cloud attributes, such as `subject` and `segment`. // Each key must be a string specifying the Google Cloud IAM attribute to map to. // The following keys are supported: // * `google.subject`: The principal IAM is authenticating. You can reference this value // in IAM bindings. This is also the subject that appears in Cloud Logging logs. // Cannot exceed 127 characters. // * `google.groups`: Groups the external identity belongs to. You can grant groups // access to resources using an IAM `principalSet` binding; access applies to all // members of the group. // You can also provide custom attributes by specifying `attribute.{custom_attribute}`, // where `{custom_attribute}` is the name of the custom attribute to be mapped. You can // define a maximum of 50 custom attributes. The maximum length of a mapped attribute key // is 100 characters, and the key may only contain the characters [a-z0-9_]. // You can reference these attributes in IAM policies to define fine-grained access for a // workload to Google Cloud resources. For example: // * `google.subject`: // `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` // * `google.groups`: // `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` // * `attribute.{custom_attribute}`: // `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` // Each value must be a [Common Expression Language](https://opensource.google/projects/cel) // function that maps an identity provider credential to the normalized attribute specified // by the corresponding map key. // You can use the `assertion` keyword in the expression to access a JSON representation of // the authentication credential issued by the provider. // The maximum length of an attribute mapping expression is 2048 characters. When evaluated, // the total size of all mapped attributes must not exceed 8KB. // For AWS providers, the following rules apply: // - If no attribute mapping is defined, the following default mapping applies: // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` // - If any custom attribute mappings are defined, they must include a mapping to the // `google.subject` attribute. // For OIDC providers, the following rules apply: // - Custom attribute mappings must be defined, and must include a mapping to the // `google.subject` attribute. For example, the following maps the `sub` claim of the // incoming credential to the `subject` attribute on a Google token. // “`go // package main // // import ( // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // ) // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // return nil // }) // } // “` AttributeMapping pulumi.StringMapInput // An Amazon Web Services identity provider. Not compatible with the property oidc. // Structure is documented below. Aws WorkloadIdentityPoolProviderAwsPtrInput // A description for the provider. Cannot exceed 256 characters. Description pulumi.StringPtrInput // Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. // However, existing tokens still grant access. Disabled pulumi.BoolPtrInput // A display name for the provider. Cannot exceed 32 characters. DisplayName pulumi.StringPtrInput // The resource name of the provider as // 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'. Name pulumi.StringPtrInput // An OpenId Connect 1.0 identity provider. Not compatible with the property aws. // Structure is documented below. Oidc WorkloadIdentityPoolProviderOidcPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // The state of the provider. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The provider is active, and may be used to // validate authentication credentials. * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently // deleted after approximately 30 days. You can restore a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider. // You cannot reuse the ID of a soft-deleted provider until it is permanently deleted. State pulumi.StringPtrInput // The ID used for the pool, which is the final component of the pool resource name. This // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolId pulumi.StringPtrInput // The ID for the provider, which becomes the final component of the resource name. This // value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolProviderId pulumi.StringPtrInput }
func (WorkloadIdentityPoolProviderState) ElementType ¶
func (WorkloadIdentityPoolProviderState) ElementType() reflect.Type
type WorkloadIdentityPoolPtrInput ¶
type WorkloadIdentityPoolPtrInput interface { pulumi.Input ToWorkloadIdentityPoolPtrOutput() WorkloadIdentityPoolPtrOutput ToWorkloadIdentityPoolPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolPtrOutput }
type WorkloadIdentityPoolPtrOutput ¶
type WorkloadIdentityPoolPtrOutput struct{ *pulumi.OutputState }
func (WorkloadIdentityPoolPtrOutput) Elem ¶ added in v5.21.0
func (o WorkloadIdentityPoolPtrOutput) Elem() WorkloadIdentityPoolOutput
func (WorkloadIdentityPoolPtrOutput) ElementType ¶
func (WorkloadIdentityPoolPtrOutput) ElementType() reflect.Type
func (WorkloadIdentityPoolPtrOutput) ToWorkloadIdentityPoolPtrOutput ¶
func (o WorkloadIdentityPoolPtrOutput) ToWorkloadIdentityPoolPtrOutput() WorkloadIdentityPoolPtrOutput
func (WorkloadIdentityPoolPtrOutput) ToWorkloadIdentityPoolPtrOutputWithContext ¶
func (o WorkloadIdentityPoolPtrOutput) ToWorkloadIdentityPoolPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolPtrOutput
type WorkloadIdentityPoolState ¶
type WorkloadIdentityPoolState struct { // A description of the pool. Cannot exceed 256 characters. Description pulumi.StringPtrInput // Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use // existing tokens to access resources. If the pool is re-enabled, existing tokens grant // access again. Disabled pulumi.BoolPtrInput // A display name for the pool. Cannot exceed 32 characters. DisplayName pulumi.StringPtrInput // The resource name of the pool as // 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'. Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google // Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 // days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted // pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing // tokens to access resources. If the pool is undeleted, existing tokens grant access again. State pulumi.StringPtrInput // The ID to use for the pool, which becomes the final component of the resource name. This // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // `gcp-` is reserved for use by Google, and may not be specified. WorkloadIdentityPoolId pulumi.StringPtrInput }
func (WorkloadIdentityPoolState) ElementType ¶
func (WorkloadIdentityPoolState) ElementType() reflect.Type