iam

package
v6.35.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 23, 2022 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DenyPolicy added in v6.19.0

type DenyPolicy struct {
	pulumi.CustomResourceState

	// The display name of the rule.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The name of the policy.
	Name pulumi.StringOutput `pulumi:"name"`
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayOutput `pulumi:"rules"`
}

## Example Usage

## Import

DenyPolicy can be imported using any of these accepted formats

```sh

$ pulumi import gcp:iam/denyPolicy:DenyPolicy default {{parent}}/{{name}}

```

func GetDenyPolicy added in v6.19.0

func GetDenyPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DenyPolicyState, opts ...pulumi.ResourceOption) (*DenyPolicy, error)

GetDenyPolicy gets an existing DenyPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDenyPolicy added in v6.19.0

func NewDenyPolicy(ctx *pulumi.Context,
	name string, args *DenyPolicyArgs, opts ...pulumi.ResourceOption) (*DenyPolicy, error)

NewDenyPolicy registers a new resource with the given unique name, arguments, and options.

func (*DenyPolicy) ElementType added in v6.19.0

func (*DenyPolicy) ElementType() reflect.Type

func (*DenyPolicy) ToDenyPolicyOutput added in v6.19.0

func (i *DenyPolicy) ToDenyPolicyOutput() DenyPolicyOutput

func (*DenyPolicy) ToDenyPolicyOutputWithContext added in v6.19.0

func (i *DenyPolicy) ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput

type DenyPolicyArgs added in v6.19.0

type DenyPolicyArgs struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringInput
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayInput
}

The set of arguments for constructing a DenyPolicy resource.

func (DenyPolicyArgs) ElementType added in v6.19.0

func (DenyPolicyArgs) ElementType() reflect.Type

type DenyPolicyArray added in v6.19.0

type DenyPolicyArray []DenyPolicyInput

func (DenyPolicyArray) ElementType added in v6.19.0

func (DenyPolicyArray) ElementType() reflect.Type

func (DenyPolicyArray) ToDenyPolicyArrayOutput added in v6.19.0

func (i DenyPolicyArray) ToDenyPolicyArrayOutput() DenyPolicyArrayOutput

func (DenyPolicyArray) ToDenyPolicyArrayOutputWithContext added in v6.19.0

func (i DenyPolicyArray) ToDenyPolicyArrayOutputWithContext(ctx context.Context) DenyPolicyArrayOutput

type DenyPolicyArrayInput added in v6.19.0

type DenyPolicyArrayInput interface {
	pulumi.Input

	ToDenyPolicyArrayOutput() DenyPolicyArrayOutput
	ToDenyPolicyArrayOutputWithContext(context.Context) DenyPolicyArrayOutput
}

DenyPolicyArrayInput is an input type that accepts DenyPolicyArray and DenyPolicyArrayOutput values. You can construct a concrete instance of `DenyPolicyArrayInput` via:

DenyPolicyArray{ DenyPolicyArgs{...} }

type DenyPolicyArrayOutput added in v6.19.0

type DenyPolicyArrayOutput struct{ *pulumi.OutputState }

func (DenyPolicyArrayOutput) ElementType added in v6.19.0

func (DenyPolicyArrayOutput) ElementType() reflect.Type

func (DenyPolicyArrayOutput) Index added in v6.19.0

func (DenyPolicyArrayOutput) ToDenyPolicyArrayOutput added in v6.19.0

func (o DenyPolicyArrayOutput) ToDenyPolicyArrayOutput() DenyPolicyArrayOutput

func (DenyPolicyArrayOutput) ToDenyPolicyArrayOutputWithContext added in v6.19.0

func (o DenyPolicyArrayOutput) ToDenyPolicyArrayOutputWithContext(ctx context.Context) DenyPolicyArrayOutput

type DenyPolicyInput added in v6.19.0

type DenyPolicyInput interface {
	pulumi.Input

	ToDenyPolicyOutput() DenyPolicyOutput
	ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput
}

type DenyPolicyMap added in v6.19.0

type DenyPolicyMap map[string]DenyPolicyInput

func (DenyPolicyMap) ElementType added in v6.19.0

func (DenyPolicyMap) ElementType() reflect.Type

func (DenyPolicyMap) ToDenyPolicyMapOutput added in v6.19.0

func (i DenyPolicyMap) ToDenyPolicyMapOutput() DenyPolicyMapOutput

func (DenyPolicyMap) ToDenyPolicyMapOutputWithContext added in v6.19.0

func (i DenyPolicyMap) ToDenyPolicyMapOutputWithContext(ctx context.Context) DenyPolicyMapOutput

type DenyPolicyMapInput added in v6.19.0

type DenyPolicyMapInput interface {
	pulumi.Input

	ToDenyPolicyMapOutput() DenyPolicyMapOutput
	ToDenyPolicyMapOutputWithContext(context.Context) DenyPolicyMapOutput
}

DenyPolicyMapInput is an input type that accepts DenyPolicyMap and DenyPolicyMapOutput values. You can construct a concrete instance of `DenyPolicyMapInput` via:

DenyPolicyMap{ "key": DenyPolicyArgs{...} }

type DenyPolicyMapOutput added in v6.19.0

type DenyPolicyMapOutput struct{ *pulumi.OutputState }

func (DenyPolicyMapOutput) ElementType added in v6.19.0

func (DenyPolicyMapOutput) ElementType() reflect.Type

func (DenyPolicyMapOutput) MapIndex added in v6.19.0

func (DenyPolicyMapOutput) ToDenyPolicyMapOutput added in v6.19.0

func (o DenyPolicyMapOutput) ToDenyPolicyMapOutput() DenyPolicyMapOutput

func (DenyPolicyMapOutput) ToDenyPolicyMapOutputWithContext added in v6.19.0

func (o DenyPolicyMapOutput) ToDenyPolicyMapOutputWithContext(ctx context.Context) DenyPolicyMapOutput

type DenyPolicyOutput added in v6.19.0

type DenyPolicyOutput struct{ *pulumi.OutputState }

func (DenyPolicyOutput) DisplayName added in v6.23.0

func (o DenyPolicyOutput) DisplayName() pulumi.StringPtrOutput

The display name of the rule.

func (DenyPolicyOutput) ElementType added in v6.19.0

func (DenyPolicyOutput) ElementType() reflect.Type

func (DenyPolicyOutput) Etag added in v6.23.0

The hash of the resource. Used internally during updates.

func (DenyPolicyOutput) Name added in v6.23.0

The name of the policy.

func (DenyPolicyOutput) Parent added in v6.23.0

The attachment point is identified by its URL-encoded full resource name.

func (DenyPolicyOutput) Rules added in v6.23.0

Rules to be applied. Structure is documented below.

func (DenyPolicyOutput) ToDenyPolicyOutput added in v6.19.0

func (o DenyPolicyOutput) ToDenyPolicyOutput() DenyPolicyOutput

func (DenyPolicyOutput) ToDenyPolicyOutputWithContext added in v6.19.0

func (o DenyPolicyOutput) ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput

type DenyPolicyRule added in v6.19.0

type DenyPolicyRule struct {
	// A deny rule in an IAM deny policy.
	// Structure is documented below.
	DenyRule *DenyPolicyRuleDenyRule `pulumi:"denyRule"`
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
}

type DenyPolicyRuleArgs added in v6.19.0

type DenyPolicyRuleArgs struct {
	// A deny rule in an IAM deny policy.
	// Structure is documented below.
	DenyRule DenyPolicyRuleDenyRulePtrInput `pulumi:"denyRule"`
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
}

func (DenyPolicyRuleArgs) ElementType added in v6.19.0

func (DenyPolicyRuleArgs) ElementType() reflect.Type

func (DenyPolicyRuleArgs) ToDenyPolicyRuleOutput added in v6.19.0

func (i DenyPolicyRuleArgs) ToDenyPolicyRuleOutput() DenyPolicyRuleOutput

func (DenyPolicyRuleArgs) ToDenyPolicyRuleOutputWithContext added in v6.19.0

func (i DenyPolicyRuleArgs) ToDenyPolicyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleOutput

type DenyPolicyRuleArray added in v6.19.0

type DenyPolicyRuleArray []DenyPolicyRuleInput

func (DenyPolicyRuleArray) ElementType added in v6.19.0

func (DenyPolicyRuleArray) ElementType() reflect.Type

func (DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutput added in v6.19.0

func (i DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput

func (DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutputWithContext added in v6.19.0

func (i DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutputWithContext(ctx context.Context) DenyPolicyRuleArrayOutput

type DenyPolicyRuleArrayInput added in v6.19.0

type DenyPolicyRuleArrayInput interface {
	pulumi.Input

	ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput
	ToDenyPolicyRuleArrayOutputWithContext(context.Context) DenyPolicyRuleArrayOutput
}

DenyPolicyRuleArrayInput is an input type that accepts DenyPolicyRuleArray and DenyPolicyRuleArrayOutput values. You can construct a concrete instance of `DenyPolicyRuleArrayInput` via:

DenyPolicyRuleArray{ DenyPolicyRuleArgs{...} }

type DenyPolicyRuleArrayOutput added in v6.19.0

type DenyPolicyRuleArrayOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleArrayOutput) ElementType added in v6.19.0

func (DenyPolicyRuleArrayOutput) ElementType() reflect.Type

func (DenyPolicyRuleArrayOutput) Index added in v6.19.0

func (DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutput added in v6.19.0

func (o DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput

func (DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutputWithContext added in v6.19.0

func (o DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutputWithContext(ctx context.Context) DenyPolicyRuleArrayOutput

type DenyPolicyRuleDenyRule added in v6.19.0

type DenyPolicyRuleDenyRule struct {
	// User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
	// Structure is documented below.
	DenialCondition DenyPolicyRuleDenyRuleDenialCondition `pulumi:"denialCondition"`
	// The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`,
	// where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.
	DeniedPermissions []string `pulumi:"deniedPermissions"`
	// The identities that are prevented from using one or more permissions on Google Cloud resources.
	DeniedPrincipals []string `pulumi:"deniedPrincipals"`
	// Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
	// If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.
	// The excluded permissions can be specified using the same syntax as deniedPermissions.
	ExceptionPermissions []string `pulumi:"exceptionPermissions"`
	// The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.
	// For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.
	ExceptionPrincipals []string `pulumi:"exceptionPrincipals"`
}

type DenyPolicyRuleDenyRuleArgs added in v6.19.0

type DenyPolicyRuleDenyRuleArgs struct {
	// User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
	// Structure is documented below.
	DenialCondition DenyPolicyRuleDenyRuleDenialConditionInput `pulumi:"denialCondition"`
	// The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`,
	// where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.
	DeniedPermissions pulumi.StringArrayInput `pulumi:"deniedPermissions"`
	// The identities that are prevented from using one or more permissions on Google Cloud resources.
	DeniedPrincipals pulumi.StringArrayInput `pulumi:"deniedPrincipals"`
	// Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
	// If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.
	// The excluded permissions can be specified using the same syntax as deniedPermissions.
	ExceptionPermissions pulumi.StringArrayInput `pulumi:"exceptionPermissions"`
	// The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.
	// For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.
	ExceptionPrincipals pulumi.StringArrayInput `pulumi:"exceptionPrincipals"`
}

func (DenyPolicyRuleDenyRuleArgs) ElementType added in v6.19.0

func (DenyPolicyRuleDenyRuleArgs) ElementType() reflect.Type

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutput added in v6.19.0

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutputWithContext added in v6.19.0

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutput added in v6.19.0

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutputWithContext added in v6.19.0

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleDenyRuleDenialCondition added in v6.19.0

type DenyPolicyRuleDenyRuleDenialCondition struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type DenyPolicyRuleDenyRuleDenialConditionArgs added in v6.19.0

type DenyPolicyRuleDenyRuleDenialConditionArgs struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ElementType added in v6.19.0

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutput added in v6.19.0

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext added in v6.19.0

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput added in v6.19.0

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext added in v6.19.0

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleDenialConditionInput added in v6.19.0

type DenyPolicyRuleDenyRuleDenialConditionInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput
	ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput
}

DenyPolicyRuleDenyRuleDenialConditionInput is an input type that accepts DenyPolicyRuleDenyRuleDenialConditionArgs and DenyPolicyRuleDenyRuleDenialConditionOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleDenialConditionInput` via:

DenyPolicyRuleDenyRuleDenialConditionArgs{...}

type DenyPolicyRuleDenyRuleDenialConditionOutput added in v6.19.0

type DenyPolicyRuleDenyRuleDenialConditionOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Description added in v6.19.0

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ElementType added in v6.19.0

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Expression added in v6.19.0

Textual representation of an expression in Common Expression Language syntax.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Location added in v6.19.0

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Title added in v6.19.0

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutput added in v6.19.0

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext added in v6.19.0

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput added in v6.19.0

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext added in v6.19.0

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleDenialConditionPtrInput added in v6.19.0

type DenyPolicyRuleDenyRuleDenialConditionPtrInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput
	ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput
}

DenyPolicyRuleDenyRuleDenialConditionPtrInput is an input type that accepts DenyPolicyRuleDenyRuleDenialConditionArgs, DenyPolicyRuleDenyRuleDenialConditionPtr and DenyPolicyRuleDenyRuleDenialConditionPtrOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleDenialConditionPtrInput` via:

        DenyPolicyRuleDenyRuleDenialConditionArgs{...}

or:

        nil

type DenyPolicyRuleDenyRuleDenialConditionPtrOutput added in v6.19.0

type DenyPolicyRuleDenyRuleDenialConditionPtrOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Description added in v6.19.0

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Elem added in v6.19.0

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ElementType added in v6.19.0

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Expression added in v6.19.0

Textual representation of an expression in Common Expression Language syntax.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Location added in v6.19.0

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Title added in v6.19.0

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput added in v6.19.0

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext added in v6.19.0

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleInput added in v6.19.0

type DenyPolicyRuleDenyRuleInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput
	ToDenyPolicyRuleDenyRuleOutputWithContext(context.Context) DenyPolicyRuleDenyRuleOutput
}

DenyPolicyRuleDenyRuleInput is an input type that accepts DenyPolicyRuleDenyRuleArgs and DenyPolicyRuleDenyRuleOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleInput` via:

DenyPolicyRuleDenyRuleArgs{...}

type DenyPolicyRuleDenyRuleOutput added in v6.19.0

type DenyPolicyRuleDenyRuleOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleOutput) DenialCondition added in v6.19.0

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

func (DenyPolicyRuleDenyRuleOutput) DeniedPermissions added in v6.19.0

The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.

func (DenyPolicyRuleDenyRuleOutput) DeniedPrincipals added in v6.19.0

The identities that are prevented from using one or more permissions on Google Cloud resources.

func (DenyPolicyRuleDenyRuleOutput) ElementType added in v6.19.0

func (DenyPolicyRuleDenyRuleOutput) ExceptionPermissions added in v6.19.0

func (o DenyPolicyRuleDenyRuleOutput) ExceptionPermissions() pulumi.StringArrayOutput

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

func (DenyPolicyRuleDenyRuleOutput) ExceptionPrincipals added in v6.19.0

func (o DenyPolicyRuleDenyRuleOutput) ExceptionPrincipals() pulumi.StringArrayOutput

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutput added in v6.19.0

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutputWithContext added in v6.19.0

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutput added in v6.19.0

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext added in v6.19.0

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleDenyRulePtrInput added in v6.19.0

type DenyPolicyRuleDenyRulePtrInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput
	ToDenyPolicyRuleDenyRulePtrOutputWithContext(context.Context) DenyPolicyRuleDenyRulePtrOutput
}

DenyPolicyRuleDenyRulePtrInput is an input type that accepts DenyPolicyRuleDenyRuleArgs, DenyPolicyRuleDenyRulePtr and DenyPolicyRuleDenyRulePtrOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRulePtrInput` via:

        DenyPolicyRuleDenyRuleArgs{...}

or:

        nil

func DenyPolicyRuleDenyRulePtr added in v6.19.0

func DenyPolicyRuleDenyRulePtr(v *DenyPolicyRuleDenyRuleArgs) DenyPolicyRuleDenyRulePtrInput

type DenyPolicyRuleDenyRulePtrOutput added in v6.19.0

type DenyPolicyRuleDenyRulePtrOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRulePtrOutput) DenialCondition added in v6.19.0

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

func (DenyPolicyRuleDenyRulePtrOutput) DeniedPermissions added in v6.19.0

The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.

func (DenyPolicyRuleDenyRulePtrOutput) DeniedPrincipals added in v6.19.0

The identities that are prevented from using one or more permissions on Google Cloud resources.

func (DenyPolicyRuleDenyRulePtrOutput) Elem added in v6.19.0

func (DenyPolicyRuleDenyRulePtrOutput) ElementType added in v6.19.0

func (DenyPolicyRuleDenyRulePtrOutput) ExceptionPermissions added in v6.19.0

func (o DenyPolicyRuleDenyRulePtrOutput) ExceptionPermissions() pulumi.StringArrayOutput

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

func (DenyPolicyRuleDenyRulePtrOutput) ExceptionPrincipals added in v6.19.0

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

func (DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutput added in v6.19.0

func (o DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext added in v6.19.0

func (o DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleInput added in v6.19.0

type DenyPolicyRuleInput interface {
	pulumi.Input

	ToDenyPolicyRuleOutput() DenyPolicyRuleOutput
	ToDenyPolicyRuleOutputWithContext(context.Context) DenyPolicyRuleOutput
}

DenyPolicyRuleInput is an input type that accepts DenyPolicyRuleArgs and DenyPolicyRuleOutput values. You can construct a concrete instance of `DenyPolicyRuleInput` via:

DenyPolicyRuleArgs{...}

type DenyPolicyRuleOutput added in v6.19.0

type DenyPolicyRuleOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleOutput) DenyRule added in v6.19.0

A deny rule in an IAM deny policy. Structure is documented below.

func (DenyPolicyRuleOutput) Description added in v6.19.0

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (DenyPolicyRuleOutput) ElementType added in v6.19.0

func (DenyPolicyRuleOutput) ElementType() reflect.Type

func (DenyPolicyRuleOutput) ToDenyPolicyRuleOutput added in v6.19.0

func (o DenyPolicyRuleOutput) ToDenyPolicyRuleOutput() DenyPolicyRuleOutput

func (DenyPolicyRuleOutput) ToDenyPolicyRuleOutputWithContext added in v6.19.0

func (o DenyPolicyRuleOutput) ToDenyPolicyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleOutput

type DenyPolicyState added in v6.19.0

type DenyPolicyState struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringPtrInput
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayInput
}

func (DenyPolicyState) ElementType added in v6.19.0

func (DenyPolicyState) ElementType() reflect.Type

type GetRuleArgs

type GetRuleArgs struct {
	// The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getRule.

type GetRuleOutputArgs

type GetRuleOutputArgs struct {
	// The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
	Name pulumi.StringInput `pulumi:"name"`
}

A collection of arguments for invoking getRule.

func (GetRuleOutputArgs) ElementType

func (GetRuleOutputArgs) ElementType() reflect.Type

type GetRuleResult

type GetRuleResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get`
	IncludedPermissions []string `pulumi:"includedPermissions"`
	Name                string   `pulumi:"name"`
	// indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`.
	Stage string `pulumi:"stage"`
	// is a friendly title for the role, such as "Role Viewer"
	Title string `pulumi:"title"`
}

A collection of values returned by getRule.

func GetRule

func GetRule(ctx *pulumi.Context, args *GetRuleArgs, opts ...pulumi.InvokeOption) (*GetRuleResult, error)

Use this data source to get information about a Google IAM Role.

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		roleinfo, err := iam.GetRule(ctx, &iam.GetRuleArgs{
			Name: "roles/compute.viewer",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("theRolePermissions", roleinfo.IncludedPermissions)
		return nil
	})
}

```

type GetRuleResultOutput

type GetRuleResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getRule.

func (GetRuleResultOutput) ElementType

func (GetRuleResultOutput) ElementType() reflect.Type

func (GetRuleResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (GetRuleResultOutput) IncludedPermissions

func (o GetRuleResultOutput) IncludedPermissions() pulumi.StringArrayOutput

specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get`

func (GetRuleResultOutput) Name

func (GetRuleResultOutput) Stage

indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`.

func (GetRuleResultOutput) Title

is a friendly title for the role, such as "Role Viewer"

func (GetRuleResultOutput) ToGetRuleResultOutput

func (o GetRuleResultOutput) ToGetRuleResultOutput() GetRuleResultOutput

func (GetRuleResultOutput) ToGetRuleResultOutputWithContext

func (o GetRuleResultOutput) ToGetRuleResultOutputWithContext(ctx context.Context) GetRuleResultOutput

type GetTestablePermissionsArgs

type GetTestablePermissionsArgs struct {
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel *string `pulumi:"customSupportLevel"`
	// See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail.
	FullResourceName string `pulumi:"fullResourceName"`
	// The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`.
	Stages []string `pulumi:"stages"`
}

A collection of arguments for invoking getTestablePermissions.

type GetTestablePermissionsOutputArgs

type GetTestablePermissionsOutputArgs struct {
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel pulumi.StringPtrInput `pulumi:"customSupportLevel"`
	// See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail.
	FullResourceName pulumi.StringInput `pulumi:"fullResourceName"`
	// The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`.
	Stages pulumi.StringArrayInput `pulumi:"stages"`
}

A collection of arguments for invoking getTestablePermissions.

func (GetTestablePermissionsOutputArgs) ElementType

type GetTestablePermissionsPermission

type GetTestablePermissionsPermission struct {
	// Whether the corresponding API has been enabled for the resource.
	ApiDisabled bool `pulumi:"apiDisabled"`
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel string `pulumi:"customSupportLevel"`
	// Name of the permission.
	Name string `pulumi:"name"`
	// Release stage of the permission.
	Stage string `pulumi:"stage"`
	// Human readable title of the permission.
	Title string `pulumi:"title"`
}

type GetTestablePermissionsPermissionArgs

type GetTestablePermissionsPermissionArgs struct {
	// Whether the corresponding API has been enabled for the resource.
	ApiDisabled pulumi.BoolInput `pulumi:"apiDisabled"`
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel pulumi.StringInput `pulumi:"customSupportLevel"`
	// Name of the permission.
	Name pulumi.StringInput `pulumi:"name"`
	// Release stage of the permission.
	Stage pulumi.StringInput `pulumi:"stage"`
	// Human readable title of the permission.
	Title pulumi.StringInput `pulumi:"title"`
}

func (GetTestablePermissionsPermissionArgs) ElementType

func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput

func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput

func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext

func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput

type GetTestablePermissionsPermissionArray

type GetTestablePermissionsPermissionArray []GetTestablePermissionsPermissionInput

func (GetTestablePermissionsPermissionArray) ElementType

func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput

func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput

func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext

func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionArrayInput

type GetTestablePermissionsPermissionArrayInput interface {
	pulumi.Input

	ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput
	ToGetTestablePermissionsPermissionArrayOutputWithContext(context.Context) GetTestablePermissionsPermissionArrayOutput
}

GetTestablePermissionsPermissionArrayInput is an input type that accepts GetTestablePermissionsPermissionArray and GetTestablePermissionsPermissionArrayOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionArrayInput` via:

GetTestablePermissionsPermissionArray{ GetTestablePermissionsPermissionArgs{...} }

type GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionArrayOutput struct{ *pulumi.OutputState }

func (GetTestablePermissionsPermissionArrayOutput) ElementType

func (GetTestablePermissionsPermissionArrayOutput) Index

func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput

func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput

func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext

func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionInput

type GetTestablePermissionsPermissionInput interface {
	pulumi.Input

	ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput
	ToGetTestablePermissionsPermissionOutputWithContext(context.Context) GetTestablePermissionsPermissionOutput
}

GetTestablePermissionsPermissionInput is an input type that accepts GetTestablePermissionsPermissionArgs and GetTestablePermissionsPermissionOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionInput` via:

GetTestablePermissionsPermissionArgs{...}

type GetTestablePermissionsPermissionOutput

type GetTestablePermissionsPermissionOutput struct{ *pulumi.OutputState }

func (GetTestablePermissionsPermissionOutput) ApiDisabled

Whether the corresponding API has been enabled for the resource.

func (GetTestablePermissionsPermissionOutput) CustomSupportLevel

The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`

func (GetTestablePermissionsPermissionOutput) ElementType

func (GetTestablePermissionsPermissionOutput) Name

Name of the permission.

func (GetTestablePermissionsPermissionOutput) Stage

Release stage of the permission.

func (GetTestablePermissionsPermissionOutput) Title

Human readable title of the permission.

func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput

func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput

func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext

func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput

type GetTestablePermissionsResult

type GetTestablePermissionsResult struct {
	// The the support level of this permission for custom roles.
	CustomSupportLevel *string `pulumi:"customSupportLevel"`
	FullResourceName   string  `pulumi:"fullResourceName"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// A list of permissions matching the provided input. Structure is defined below.
	Permissions []GetTestablePermissionsPermission `pulumi:"permissions"`
	Stages      []string                           `pulumi:"stages"`
}

A collection of values returned by getTestablePermissions.

func GetTestablePermissions

func GetTestablePermissions(ctx *pulumi.Context, args *GetTestablePermissionsArgs, opts ...pulumi.InvokeOption) (*GetTestablePermissionsResult, error)

Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.

## Example Usage

Retrieve all the supported permissions able to be set on `my-project` that are in either GA or BETA. This is useful for dynamically constructing custom roles.

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.GetTestablePermissions(ctx, &iam.GetTestablePermissionsArgs{
			FullResourceName: "//cloudresourcemanager.googleapis.com/projects/my-project",
			Stages: []string{
				"GA",
				"BETA",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetTestablePermissionsResultOutput

type GetTestablePermissionsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getTestablePermissions.

func (GetTestablePermissionsResultOutput) CustomSupportLevel

The the support level of this permission for custom roles.

func (GetTestablePermissionsResultOutput) ElementType

func (GetTestablePermissionsResultOutput) FullResourceName

func (GetTestablePermissionsResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (GetTestablePermissionsResultOutput) Permissions

A list of permissions matching the provided input. Structure is defined below.

func (GetTestablePermissionsResultOutput) Stages

func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput

func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput() GetTestablePermissionsResultOutput

func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext

func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext(ctx context.Context) GetTestablePermissionsResultOutput

type GetWorkloadIdentityPoolProviderAw

type GetWorkloadIdentityPoolProviderAw struct {
	AccountId string `pulumi:"accountId"`
}

type GetWorkloadIdentityPoolProviderAwArgs

type GetWorkloadIdentityPoolProviderAwArgs struct {
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

func (GetWorkloadIdentityPoolProviderAwArgs) ElementType

func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput

func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput

func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext

func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderAwArray

type GetWorkloadIdentityPoolProviderAwArray []GetWorkloadIdentityPoolProviderAwInput

func (GetWorkloadIdentityPoolProviderAwArray) ElementType

func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput

func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput

func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext

func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwArrayInput

type GetWorkloadIdentityPoolProviderAwArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput
	ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput
}

GetWorkloadIdentityPoolProviderAwArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArray and GetWorkloadIdentityPoolProviderAwArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwArrayInput` via:

GetWorkloadIdentityPoolProviderAwArray{ GetWorkloadIdentityPoolProviderAwArgs{...} }

type GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ElementType

func (GetWorkloadIdentityPoolProviderAwArrayOutput) Index

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput

func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext

func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwInput

type GetWorkloadIdentityPoolProviderAwInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput
	ToGetWorkloadIdentityPoolProviderAwOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwOutput
}

GetWorkloadIdentityPoolProviderAwInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArgs and GetWorkloadIdentityPoolProviderAwOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwInput` via:

GetWorkloadIdentityPoolProviderAwArgs{...}

type GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderAwOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderAwOutput) AccountId

func (GetWorkloadIdentityPoolProviderAwOutput) ElementType

func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput

func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput

func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext

func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderOidc

type GetWorkloadIdentityPoolProviderOidc struct {
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	IssuerUri        string   `pulumi:"issuerUri"`
}

type GetWorkloadIdentityPoolProviderOidcArgs

type GetWorkloadIdentityPoolProviderOidcArgs struct {
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	IssuerUri        pulumi.StringInput      `pulumi:"issuerUri"`
}

func (GetWorkloadIdentityPoolProviderOidcArgs) ElementType

func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput

func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput

func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext

func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput

type GetWorkloadIdentityPoolProviderOidcArray

type GetWorkloadIdentityPoolProviderOidcArray []GetWorkloadIdentityPoolProviderOidcInput

func (GetWorkloadIdentityPoolProviderOidcArray) ElementType

func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput

func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput

func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext

func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcArrayInput

type GetWorkloadIdentityPoolProviderOidcArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput
	ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput
}

GetWorkloadIdentityPoolProviderOidcArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArray and GetWorkloadIdentityPoolProviderOidcArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcArrayInput` via:

GetWorkloadIdentityPoolProviderOidcArray{ GetWorkloadIdentityPoolProviderOidcArgs{...} }

type GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ElementType

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) Index

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput

func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext

func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcInput

type GetWorkloadIdentityPoolProviderOidcInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput
	ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcOutput
}

GetWorkloadIdentityPoolProviderOidcInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArgs and GetWorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcInput` via:

GetWorkloadIdentityPoolProviderOidcArgs{...}

type GetWorkloadIdentityPoolProviderOidcOutput

type GetWorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderOidcOutput) AllowedAudiences

func (GetWorkloadIdentityPoolProviderOidcOutput) ElementType

func (GetWorkloadIdentityPoolProviderOidcOutput) IssuerUri

func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput

func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput

func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext

func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput

type LookupWorkloadIdentityPoolArgs

type LookupWorkloadIdentityPoolArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project *string `pulumi:"project"`
	// The id of the pool which is the
	// final component of the resource name.
	WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"`
}

A collection of arguments for invoking getWorkloadIdentityPool.

type LookupWorkloadIdentityPoolOutputArgs

type LookupWorkloadIdentityPoolOutputArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
	// The id of the pool which is the
	// final component of the resource name.
	WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"`
}

A collection of arguments for invoking getWorkloadIdentityPool.

func (LookupWorkloadIdentityPoolOutputArgs) ElementType

type LookupWorkloadIdentityPoolProviderArgs

type LookupWorkloadIdentityPoolProviderArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project *string `pulumi:"project"`
	// The id of the pool which is the
	// final component of the pool resource name.
	WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"`
	// The id of the provider which is the
	// final component of the resource name.
	WorkloadIdentityPoolProviderId string `pulumi:"workloadIdentityPoolProviderId"`
}

A collection of arguments for invoking getWorkloadIdentityPoolProvider.

type LookupWorkloadIdentityPoolProviderOutputArgs

type LookupWorkloadIdentityPoolProviderOutputArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
	// The id of the pool which is the
	// final component of the pool resource name.
	WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"`
	// The id of the provider which is the
	// final component of the resource name.
	WorkloadIdentityPoolProviderId pulumi.StringInput `pulumi:"workloadIdentityPoolProviderId"`
}

A collection of arguments for invoking getWorkloadIdentityPoolProvider.

func (LookupWorkloadIdentityPoolProviderOutputArgs) ElementType

type LookupWorkloadIdentityPoolProviderResult

type LookupWorkloadIdentityPoolProviderResult struct {
	AttributeCondition string                              `pulumi:"attributeCondition"`
	AttributeMapping   map[string]string                   `pulumi:"attributeMapping"`
	Aws                []GetWorkloadIdentityPoolProviderAw `pulumi:"aws"`
	Description        string                              `pulumi:"description"`
	Disabled           bool                                `pulumi:"disabled"`
	DisplayName        string                              `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                             string                                `pulumi:"id"`
	Name                           string                                `pulumi:"name"`
	Oidcs                          []GetWorkloadIdentityPoolProviderOidc `pulumi:"oidcs"`
	Project                        *string                               `pulumi:"project"`
	State                          string                                `pulumi:"state"`
	WorkloadIdentityPoolId         string                                `pulumi:"workloadIdentityPoolId"`
	WorkloadIdentityPoolProviderId string                                `pulumi:"workloadIdentityPoolProviderId"`
}

A collection of values returned by getWorkloadIdentityPoolProvider.

func LookupWorkloadIdentityPoolProvider

Get a IAM workload identity provider from Google Cloud by its id.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.LookupWorkloadIdentityPoolProvider(ctx, &iam.LookupWorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         "foo-pool",
			WorkloadIdentityPoolProviderId: "bar-provider",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupWorkloadIdentityPoolProviderResultOutput

type LookupWorkloadIdentityPoolProviderResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getWorkloadIdentityPoolProvider.

func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeCondition

func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeMapping

func (LookupWorkloadIdentityPoolProviderResultOutput) Aws

func (LookupWorkloadIdentityPoolProviderResultOutput) Description

func (LookupWorkloadIdentityPoolProviderResultOutput) Disabled

func (LookupWorkloadIdentityPoolProviderResultOutput) DisplayName

func (LookupWorkloadIdentityPoolProviderResultOutput) ElementType

func (LookupWorkloadIdentityPoolProviderResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupWorkloadIdentityPoolProviderResultOutput) Name

func (LookupWorkloadIdentityPoolProviderResultOutput) Oidcs

func (LookupWorkloadIdentityPoolProviderResultOutput) Project

func (LookupWorkloadIdentityPoolProviderResultOutput) State

func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput

func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput() LookupWorkloadIdentityPoolProviderResultOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext

func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolProviderResultOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolId

func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId

func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

type LookupWorkloadIdentityPoolResult

type LookupWorkloadIdentityPoolResult struct {
	Description string `pulumi:"description"`
	Disabled    bool   `pulumi:"disabled"`
	DisplayName string `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                     string  `pulumi:"id"`
	Name                   string  `pulumi:"name"`
	Project                *string `pulumi:"project"`
	State                  string  `pulumi:"state"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

A collection of values returned by getWorkloadIdentityPool.

func LookupWorkloadIdentityPool

func LookupWorkloadIdentityPool(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolResult, error)

Get a IAM workload identity pool from Google Cloud by its id.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.LookupWorkloadIdentityPool(ctx, &iam.LookupWorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: "foo-pool",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupWorkloadIdentityPoolResultOutput

type LookupWorkloadIdentityPoolResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getWorkloadIdentityPool.

func (LookupWorkloadIdentityPoolResultOutput) Description

func (LookupWorkloadIdentityPoolResultOutput) Disabled

func (LookupWorkloadIdentityPoolResultOutput) DisplayName

func (LookupWorkloadIdentityPoolResultOutput) ElementType

func (LookupWorkloadIdentityPoolResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupWorkloadIdentityPoolResultOutput) Name

func (LookupWorkloadIdentityPoolResultOutput) Project

func (LookupWorkloadIdentityPoolResultOutput) State

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput() LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId

func (o LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput

type WorkloadIdentityPool

type WorkloadIdentityPool struct {
	pulumi.CustomResourceState

	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The resource name of the pool as
	// 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google
	// Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30
	// days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted
	// pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing
	// tokens to access resources. If the pool is undeleted, existing tokens grant access again.
	State pulumi.StringOutput `pulumi:"state"`
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
}

Represents a collection of external workload identities. You can define IAM policies to grant these identities access to Google Cloud resources.

To get more information about WorkloadIdentityPool, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools) * How-to Guides

## Example Usage ### Iam Workload Identity Pool Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			Description:            pulumi.String("Identity pool for automated test"),
			Disabled:               pulumi.Bool(true),
			DisplayName:            pulumi.String("Name of pool"),
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkloadIdentityPool can be imported using any of these accepted formats

```sh

$ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}

```

```sh

$ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{project}}/{{workload_identity_pool_id}}

```

```sh

$ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{workload_identity_pool_id}}

```

func GetWorkloadIdentityPool

func GetWorkloadIdentityPool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

GetWorkloadIdentityPool gets an existing WorkloadIdentityPool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPool

func NewWorkloadIdentityPool(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

NewWorkloadIdentityPool registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPool) ElementType

func (*WorkloadIdentityPool) ElementType() reflect.Type

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutput

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

type WorkloadIdentityPoolArgs

type WorkloadIdentityPoolArgs struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringInput
}

The set of arguments for constructing a WorkloadIdentityPool resource.

func (WorkloadIdentityPoolArgs) ElementType

func (WorkloadIdentityPoolArgs) ElementType() reflect.Type

type WorkloadIdentityPoolArray

type WorkloadIdentityPoolArray []WorkloadIdentityPoolInput

func (WorkloadIdentityPoolArray) ElementType

func (WorkloadIdentityPoolArray) ElementType() reflect.Type

func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput

func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput

func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext

func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolArrayInput

type WorkloadIdentityPoolArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput
	ToWorkloadIdentityPoolArrayOutputWithContext(context.Context) WorkloadIdentityPoolArrayOutput
}

WorkloadIdentityPoolArrayInput is an input type that accepts WorkloadIdentityPoolArray and WorkloadIdentityPoolArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolArrayInput` via:

WorkloadIdentityPoolArray{ WorkloadIdentityPoolArgs{...} }

type WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolArrayOutput) ElementType

func (WorkloadIdentityPoolArrayOutput) Index

func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput

func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput

func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext

func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolInput

type WorkloadIdentityPoolInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
	ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
}

type WorkloadIdentityPoolMap

type WorkloadIdentityPoolMap map[string]WorkloadIdentityPoolInput

func (WorkloadIdentityPoolMap) ElementType

func (WorkloadIdentityPoolMap) ElementType() reflect.Type

func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput

func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput

func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext

func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolMapInput

type WorkloadIdentityPoolMapInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput
	ToWorkloadIdentityPoolMapOutputWithContext(context.Context) WorkloadIdentityPoolMapOutput
}

WorkloadIdentityPoolMapInput is an input type that accepts WorkloadIdentityPoolMap and WorkloadIdentityPoolMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolMapInput` via:

WorkloadIdentityPoolMap{ "key": WorkloadIdentityPoolArgs{...} }

type WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolMapOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolMapOutput) ElementType

func (WorkloadIdentityPoolMapOutput) MapIndex

func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput

func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput

func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext

func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolOutput

type WorkloadIdentityPoolOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolOutput) Description added in v6.23.0

A description of the pool. Cannot exceed 256 characters.

func (WorkloadIdentityPoolOutput) Disabled added in v6.23.0

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) DisplayName added in v6.23.0

A display name for the pool. Cannot exceed 32 characters.

func (WorkloadIdentityPoolOutput) ElementType

func (WorkloadIdentityPoolOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolOutput) Name added in v6.23.0

The resource name of the pool as 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.

func (WorkloadIdentityPoolOutput) Project added in v6.23.0

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (WorkloadIdentityPoolOutput) State added in v6.23.0

The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) WorkloadIdentityPoolId added in v6.23.0

func (o WorkloadIdentityPoolOutput) WorkloadIdentityPoolId() pulumi.StringOutput

The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkloadIdentityPoolProvider

type WorkloadIdentityPoolProvider struct {
	pulumi.CustomResourceState

	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	// * `assertion`: JSON representing the authentication credential issued by the provider.
	// * `google`: The Google attributes mapped from the assertion in the `attributeMappings`.
	// * `attribute`: The custom attributes mapped from the assertion in the `attributeMappings`.
	//   The maximum length of the attribute condition expression is 4096 characters. If
	//   unspecified, all valid authentication credential are accepted.
	//   The following example shows how to only allow credentials with a mapped `google.groups`
	//   value of `admins`:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AttributeCondition pulumi.StringPtrOutput `pulumi:"attributeCondition"`
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// An Amazon Web Services identity provider. Not compatible with the property oidc.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrOutput `pulumi:"aws"`
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The resource name of the provider as
	// 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.
	Name pulumi.StringOutput `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrOutput `pulumi:"oidc"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The state of the provider. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The provider is active, and may be used to
	// validate authentication credentials. * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently
	// deleted after approximately 30 days. You can restore a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider.
	// You cannot reuse the ID of a soft-deleted provider until it is permanently deleted.
	State pulumi.StringOutput `pulumi:"state"`
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolProviderId pulumi.StringOutput `pulumi:"workloadIdentityPoolProviderId"`
}

A configuration for an external identity provider.

To get more information about WorkloadIdentityPoolProvider, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers) * How-to Guides

## Example Usage ### Iam Workload Identity Pool Provider Aws Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{
				AccountId: pulumi.String("999999999999"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Aws Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("AWS identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("attribute.aws_role==\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\""),
			AttributeMapping: pulumi.StringMap{
				"google.subject":        pulumi.String("assertion.arn"),
				"attribute.aws_account": pulumi.String("assertion.account"),
				"attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""),
			},
			Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{
				AccountId: pulumi.String("999999999999"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Full

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("OIDC identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"),
			AttributeMapping: pulumi.StringMap{
				"google.subject":                  pulumi.String("\"azure::\" + assertion.tid + \"::\" + assertion.sub"),
				"attribute.tid":                   pulumi.String("assertion.tid"),
				"attribute.managed_identity_name": pulumi.String(fmt.Sprintf("      {\n        \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n        \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n      }[assertion.oid]\n")),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				AllowedAudiences: pulumi.StringArray{
					pulumi.String("https://example.com/gcp-oidc-federation"),
					pulumi.String("example.com/gcp-oidc-federation"),
				},
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkloadIdentityPoolProvider can be imported using any of these accepted formats

```sh

$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}

```

```sh

$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}

```

```sh

$ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}

```

func GetWorkloadIdentityPoolProvider

func GetWorkloadIdentityPoolProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolProviderState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)

GetWorkloadIdentityPoolProvider gets an existing WorkloadIdentityPoolProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPoolProvider

func NewWorkloadIdentityPoolProvider(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolProviderArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)

NewWorkloadIdentityPoolProvider registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPoolProvider) ElementType

func (*WorkloadIdentityPoolProvider) ElementType() reflect.Type

func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput

func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput

func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext

func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput

type WorkloadIdentityPoolProviderArgs

type WorkloadIdentityPoolProviderArgs struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	// * `assertion`: JSON representing the authentication credential issued by the provider.
	// * `google`: The Google attributes mapped from the assertion in the `attributeMappings`.
	// * `attribute`: The custom attributes mapped from the assertion in the `attributeMappings`.
	//   The maximum length of the attribute condition expression is 4096 characters. If
	//   unspecified, all valid authentication credential are accepted.
	//   The following example shows how to only allow credentials with a mapped `google.groups`
	//   value of `admins`:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider. Not compatible with the property oidc.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringInput
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolProviderId pulumi.StringInput
}

The set of arguments for constructing a WorkloadIdentityPoolProvider resource.

func (WorkloadIdentityPoolProviderArgs) ElementType

type WorkloadIdentityPoolProviderArray

type WorkloadIdentityPoolProviderArray []WorkloadIdentityPoolProviderInput

func (WorkloadIdentityPoolProviderArray) ElementType

func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput

func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput

func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext

func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderArrayInput

type WorkloadIdentityPoolProviderArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput
	ToWorkloadIdentityPoolProviderArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderArrayOutput
}

WorkloadIdentityPoolProviderArrayInput is an input type that accepts WorkloadIdentityPoolProviderArray and WorkloadIdentityPoolProviderArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderArrayInput` via:

WorkloadIdentityPoolProviderArray{ WorkloadIdentityPoolProviderArgs{...} }

type WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderArrayOutput) ElementType

func (WorkloadIdentityPoolProviderArrayOutput) Index

func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput

func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput

func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext

func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderAws

type WorkloadIdentityPoolProviderAws struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

type WorkloadIdentityPoolProviderAwsArgs

type WorkloadIdentityPoolProviderAwsArgs struct {
	// The AWS account ID.
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

func (WorkloadIdentityPoolProviderAwsArgs) ElementType

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsInput

type WorkloadIdentityPoolProviderAwsInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput
	ToWorkloadIdentityPoolProviderAwsOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsOutput
}

WorkloadIdentityPoolProviderAwsInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs and WorkloadIdentityPoolProviderAwsOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsInput` via:

WorkloadIdentityPoolProviderAwsArgs{...}

type WorkloadIdentityPoolProviderAwsOutput

type WorkloadIdentityPoolProviderAwsOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderAwsOutput) AccountId

The AWS account ID.

func (WorkloadIdentityPoolProviderAwsOutput) ElementType

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsPtrInput

type WorkloadIdentityPoolProviderAwsPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
	ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
}

WorkloadIdentityPoolProviderAwsPtrInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs, WorkloadIdentityPoolProviderAwsPtr and WorkloadIdentityPoolProviderAwsPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsPtrInput` via:

        WorkloadIdentityPoolProviderAwsArgs{...}

or:

        nil

type WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderAwsPtrOutput) AccountId

The AWS account ID.

func (WorkloadIdentityPoolProviderAwsPtrOutput) Elem

func (WorkloadIdentityPoolProviderAwsPtrOutput) ElementType

func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput

func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext

func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderInput

type WorkloadIdentityPoolProviderInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput
	ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput
}

type WorkloadIdentityPoolProviderMap

type WorkloadIdentityPoolProviderMap map[string]WorkloadIdentityPoolProviderInput

func (WorkloadIdentityPoolProviderMap) ElementType

func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput

func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput

func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext

func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderMapInput

type WorkloadIdentityPoolProviderMapInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput
	ToWorkloadIdentityPoolProviderMapOutputWithContext(context.Context) WorkloadIdentityPoolProviderMapOutput
}

WorkloadIdentityPoolProviderMapInput is an input type that accepts WorkloadIdentityPoolProviderMap and WorkloadIdentityPoolProviderMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderMapInput` via:

WorkloadIdentityPoolProviderMap{ "key": WorkloadIdentityPoolProviderArgs{...} }

type WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderMapOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderMapOutput) ElementType

func (WorkloadIdentityPoolProviderMapOutput) MapIndex

func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput

func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput

func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext

func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderOidc

type WorkloadIdentityPoolProviderOidc struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri string `pulumi:"issuerUri"`
}

type WorkloadIdentityPoolProviderOidcArgs

type WorkloadIdentityPoolProviderOidcArgs struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
}

func (WorkloadIdentityPoolProviderOidcArgs) ElementType

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcInput

type WorkloadIdentityPoolProviderOidcInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput
	ToWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcOutput
}

WorkloadIdentityPoolProviderOidcInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs and WorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcInput` via:

WorkloadIdentityPoolProviderOidcArgs{...}

type WorkloadIdentityPoolProviderOidcOutput

type WorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOidcOutput) AllowedAudiences

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```go package main

import (

"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

```

func (WorkloadIdentityPoolProviderOidcOutput) ElementType

func (WorkloadIdentityPoolProviderOidcOutput) IssuerUri

The OIDC issuer URL.

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcPtrInput

type WorkloadIdentityPoolProviderOidcPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
	ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
}

WorkloadIdentityPoolProviderOidcPtrInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs, WorkloadIdentityPoolProviderOidcPtr and WorkloadIdentityPoolProviderOidcPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcPtrInput` via:

        WorkloadIdentityPoolProviderOidcArgs{...}

or:

        nil

type WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOidcPtrOutput) AllowedAudiences

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```go package main

import (

"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

```

func (WorkloadIdentityPoolProviderOidcPtrOutput) Elem

func (WorkloadIdentityPoolProviderOidcPtrOutput) ElementType

func (WorkloadIdentityPoolProviderOidcPtrOutput) IssuerUri

The OIDC issuer URL.

func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput

func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext

func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOutput

type WorkloadIdentityPoolProviderOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOutput) AttributeCondition added in v6.23.0

[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions:

  • `assertion`: JSON representing the authentication credential issued by the provider.
  • `google`: The Google attributes mapped from the assertion in the `attributeMappings`.
  • `attribute`: The custom attributes mapped from the assertion in the `attributeMappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`:

```go package main

import (

"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

```

func (WorkloadIdentityPoolProviderOutput) AttributeMapping added in v6.23.0

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported:

  • `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters.
  • `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example:
  • `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
  • `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
  • `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language](https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, the following rules apply:
  • If no attribute mapping is defined, the following default mapping applies:

```go package main

import (

"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

```

  • If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, the following rules apply:
  • Custom attribute mappings must be defined, and must include a mapping to the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token.

```go package main

import (

"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

```

func (WorkloadIdentityPoolProviderOutput) Aws added in v6.23.0

An Amazon Web Services identity provider. Not compatible with the property oidc. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) Description added in v6.23.0

A description for the provider. Cannot exceed 256 characters.

func (WorkloadIdentityPoolProviderOutput) Disabled added in v6.23.0

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (WorkloadIdentityPoolProviderOutput) DisplayName added in v6.23.0

A display name for the provider. Cannot exceed 32 characters.

func (WorkloadIdentityPoolProviderOutput) ElementType

func (WorkloadIdentityPoolProviderOutput) Name added in v6.23.0

The resource name of the provider as 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.

func (WorkloadIdentityPoolProviderOutput) Oidc added in v6.23.0

An OpenId Connect 1.0 identity provider. Not compatible with the property aws. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) Project added in v6.23.0

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (WorkloadIdentityPoolProviderOutput) State added in v6.23.0

The state of the provider. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The provider is active, and may be used to validate authentication credentials. * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted after approximately 30 days. You can restore a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider until it is permanently deleted.

func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput

func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext

func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolId added in v6.23.0

func (o WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolId() pulumi.StringOutput

The ID used for the pool, which is the final component of the pool resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

func (WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolProviderId added in v6.23.0

func (o WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkloadIdentityPoolProviderState

type WorkloadIdentityPoolProviderState struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	// * `assertion`: JSON representing the authentication credential issued by the provider.
	// * `google`: The Google attributes mapped from the assertion in the `attributeMappings`.
	// * `attribute`: The custom attributes mapped from the assertion in the `attributeMappings`.
	//   The maximum length of the attribute condition expression is 4096 characters. If
	//   unspecified, all valid authentication credential are accepted.
	//   The following example shows how to only allow credentials with a mapped `google.groups`
	//   value of `admins`:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	// “`go
	// package main
	//
	// import (
	// 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	// )
	//
	// func main() {
	// 	pulumi.Run(func(ctx *pulumi.Context) error {
	// 		return nil
	// 	})
	// }
	// “`
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider. Not compatible with the property oidc.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The resource name of the provider as
	// 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.
	Name pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The state of the provider. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The provider is active, and may be used to
	// validate authentication credentials. * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently
	// deleted after approximately 30 days. You can restore a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider.
	// You cannot reuse the ID of a soft-deleted provider until it is permanently deleted.
	State pulumi.StringPtrInput
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringPtrInput
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolProviderId pulumi.StringPtrInput
}

func (WorkloadIdentityPoolProviderState) ElementType

type WorkloadIdentityPoolState

type WorkloadIdentityPoolState struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The resource name of the pool as
	// 'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google
	// Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30
	// days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted
	// pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing
	// tokens to access resources. If the pool is undeleted, existing tokens grant access again.
	State pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringPtrInput
}

func (WorkloadIdentityPoolState) ElementType

func (WorkloadIdentityPoolState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL