iam

package
v8.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 25, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessBoundaryPolicy 

type AccessBoundaryPolicy struct {
	pulumi.CustomResourceState

	// The display name of the rule.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The name of the policy.
	Name pulumi.StringOutput `pulumi:"name"`
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Rules to be applied.
	// Structure is documented below.
	Rules AccessBoundaryPolicyRuleArrayOutput `pulumi:"rules"`
}

Represents a collection of access boundary policies to apply to a given resource. **NOTE**: This is a private feature and users should contact GCP support if they would like to test it.

## Example Usage

### Iam Access Boundary Policy Basic

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("my-project"),
			Name:           pulumi.String("my-project"),
			OrgId:          pulumi.String("123456789"),
			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
			Parent: project.OrgId.ApplyT(func(orgId *string) (string, error) {
				return fmt.Sprintf("organizations/%v", orgId), nil
			}).(pulumi.StringOutput),
			Title: pulumi.String("my policy"),
		})
		if err != nil {
			return err
		}
		_, err = accesscontextmanager.NewAccessLevel(ctx, "test-access", &accesscontextmanager.AccessLevelArgs{
			Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("accessPolicies/%v", name), nil
			}).(pulumi.StringOutput),
			Name: access_policy.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
			}).(pulumi.StringOutput),
			Title: pulumi.String("chromeos_no_lock"),
			Basic: &accesscontextmanager.AccessLevelBasicArgs{
				Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
					&accesscontextmanager.AccessLevelBasicConditionArgs{
						DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
							RequireScreenLock: pulumi.Bool(true),
							OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
								&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
									OsType: pulumi.String("DESKTOP_CHROME_OS"),
								},
							},
						},
						Regions: pulumi.StringArray{
							pulumi.String("CH"),
							pulumi.String("IT"),
							pulumi.String("US"),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = iam.NewAccessBoundaryPolicy(ctx, "example", &iam.AccessBoundaryPolicyArgs{
			Parent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{
				Input: project.ProjectId.ApplyT(func(projectId string) (string, error) {
					return fmt.Sprintf("cloudresourcemanager.googleapis.com/projects/%v", projectId), nil
				}).(pulumi.StringOutput),
			}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {
				return invoke.Result, nil
			}).(pulumi.StringPtrOutput)),
			Name:        pulumi.String("my-ab-policy"),
			DisplayName: pulumi.String("My AB policy"),
			Rules: iam.AccessBoundaryPolicyRuleArray{
				&iam.AccessBoundaryPolicyRuleArgs{
					Description: pulumi.String("AB rule"),
					AccessBoundaryRule: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{
						AvailableResource: pulumi.String("*"),
						AvailablePermissions: pulumi.StringArray{
							pulumi.String("*"),
						},
						AvailabilityCondition: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{
							Title: pulumi.String("Access level expr"),
							Expression: pulumi.All(project.OrgId, test_access.Name).ApplyT(func(_args []interface{}) (string, error) {
								orgId := _args[0].(*string)
								name := _args[1].(string)
								return fmt.Sprintf("request.matchAccessLevels('%v', ['%v'])", orgId, name), nil
							}).(pulumi.StringOutput),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AccessBoundaryPolicy can be imported using any of these accepted formats:

* `{{parent}}/{{name}}`

When using the `pulumi import` command, AccessBoundaryPolicy can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy default {{parent}}/{{name}} ```

func GetAccessBoundaryPolicy 

func GetAccessBoundaryPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccessBoundaryPolicyState, opts ...pulumi.ResourceOption) (*AccessBoundaryPolicy, error)

GetAccessBoundaryPolicy gets an existing AccessBoundaryPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccessBoundaryPolicy 

func NewAccessBoundaryPolicy(ctx *pulumi.Context,
	name string, args *AccessBoundaryPolicyArgs, opts ...pulumi.ResourceOption) (*AccessBoundaryPolicy, error)

NewAccessBoundaryPolicy registers a new resource with the given unique name, arguments, and options.

func (*AccessBoundaryPolicy) ElementType 

func (*AccessBoundaryPolicy) ElementType() reflect.Type

func (*AccessBoundaryPolicy) ToAccessBoundaryPolicyOutput 

func (i *AccessBoundaryPolicy) ToAccessBoundaryPolicyOutput() AccessBoundaryPolicyOutput

func (*AccessBoundaryPolicy) ToAccessBoundaryPolicyOutputWithContext 

func (i *AccessBoundaryPolicy) ToAccessBoundaryPolicyOutputWithContext(ctx context.Context) AccessBoundaryPolicyOutput

type AccessBoundaryPolicyArgs 

type AccessBoundaryPolicyArgs struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringInput
	// Rules to be applied.
	// Structure is documented below.
	Rules AccessBoundaryPolicyRuleArrayInput
}

The set of arguments for constructing a AccessBoundaryPolicy resource.

func (AccessBoundaryPolicyArgs) ElementType 

func (AccessBoundaryPolicyArgs) ElementType() reflect.Type

type AccessBoundaryPolicyArray 

type AccessBoundaryPolicyArray []AccessBoundaryPolicyInput

func (AccessBoundaryPolicyArray) ElementType 

func (AccessBoundaryPolicyArray) ElementType() reflect.Type

func (AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutput 

func (i AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutput() AccessBoundaryPolicyArrayOutput

func (AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutputWithContext 

func (i AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyArrayOutput

type AccessBoundaryPolicyArrayInput 

type AccessBoundaryPolicyArrayInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyArrayOutput() AccessBoundaryPolicyArrayOutput
	ToAccessBoundaryPolicyArrayOutputWithContext(context.Context) AccessBoundaryPolicyArrayOutput
}

AccessBoundaryPolicyArrayInput is an input type that accepts AccessBoundaryPolicyArray and AccessBoundaryPolicyArrayOutput values. You can construct a concrete instance of `AccessBoundaryPolicyArrayInput` via: 

AccessBoundaryPolicyArray{ AccessBoundaryPolicyArgs{...} }

type AccessBoundaryPolicyArrayOutput 

type AccessBoundaryPolicyArrayOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyArrayOutput) ElementType 

func (AccessBoundaryPolicyArrayOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyArrayOutput) Index 

func (o AccessBoundaryPolicyArrayOutput) Index(i pulumi.IntInput) AccessBoundaryPolicyOutput

func (AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutput 

func (o AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutput() AccessBoundaryPolicyArrayOutput

func (AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutputWithContext 

func (o AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyArrayOutput

type AccessBoundaryPolicyInput 

type AccessBoundaryPolicyInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyOutput() AccessBoundaryPolicyOutput
	ToAccessBoundaryPolicyOutputWithContext(ctx context.Context) AccessBoundaryPolicyOutput
}

type AccessBoundaryPolicyMap 

type AccessBoundaryPolicyMap map[string]AccessBoundaryPolicyInput

func (AccessBoundaryPolicyMap) ElementType 

func (AccessBoundaryPolicyMap) ElementType() reflect.Type

func (AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutput 

func (i AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutput() AccessBoundaryPolicyMapOutput

func (AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutputWithContext 

func (i AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutputWithContext(ctx context.Context) AccessBoundaryPolicyMapOutput

type AccessBoundaryPolicyMapInput 

type AccessBoundaryPolicyMapInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyMapOutput() AccessBoundaryPolicyMapOutput
	ToAccessBoundaryPolicyMapOutputWithContext(context.Context) AccessBoundaryPolicyMapOutput
}

AccessBoundaryPolicyMapInput is an input type that accepts AccessBoundaryPolicyMap and AccessBoundaryPolicyMapOutput values. You can construct a concrete instance of `AccessBoundaryPolicyMapInput` via: 

AccessBoundaryPolicyMap{ "key": AccessBoundaryPolicyArgs{...} }

type AccessBoundaryPolicyMapOutput 

type AccessBoundaryPolicyMapOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyMapOutput) ElementType 

func (AccessBoundaryPolicyMapOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyMapOutput) MapIndex 

func (o AccessBoundaryPolicyMapOutput) MapIndex(k pulumi.StringInput) AccessBoundaryPolicyOutput

func (AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutput 

func (o AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutput() AccessBoundaryPolicyMapOutput

func (AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutputWithContext 

func (o AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutputWithContext(ctx context.Context) AccessBoundaryPolicyMapOutput

type AccessBoundaryPolicyOutput 

type AccessBoundaryPolicyOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyOutput) DisplayName 

func (o AccessBoundaryPolicyOutput) DisplayName() pulumi.StringPtrOutput

The display name of the rule.

func (AccessBoundaryPolicyOutput) ElementType 

func (AccessBoundaryPolicyOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyOutput) Etag 

func (o AccessBoundaryPolicyOutput) Etag() pulumi.StringOutput

The hash of the resource. Used internally during updates.

func (AccessBoundaryPolicyOutput) Name 

func (o AccessBoundaryPolicyOutput) Name() pulumi.StringOutput

The name of the policy.

func (AccessBoundaryPolicyOutput) Parent 

func (o AccessBoundaryPolicyOutput) Parent() pulumi.StringOutput

The attachment point is identified by its URL-encoded full resource name.

func (AccessBoundaryPolicyOutput) Rules 

func (o AccessBoundaryPolicyOutput) Rules() AccessBoundaryPolicyRuleArrayOutput

Rules to be applied. Structure is documented below.

func (AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutput 

func (o AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutput() AccessBoundaryPolicyOutput

func (AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutputWithContext 

func (o AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutputWithContext(ctx context.Context) AccessBoundaryPolicyOutput

type AccessBoundaryPolicyRule 

type AccessBoundaryPolicyRule struct {
	// An access boundary rule in an IAM policy.
	// Structure is documented below.
	AccessBoundaryRule *AccessBoundaryPolicyRuleAccessBoundaryRule `pulumi:"accessBoundaryRule"`
	// The description of the rule.
	Description *string `pulumi:"description"`
}

type AccessBoundaryPolicyRuleAccessBoundaryRule 

type AccessBoundaryPolicyRuleAccessBoundaryRule struct {
	// The availability condition further constrains the access allowed by the access boundary rule.
	// Structure is documented below.
	AvailabilityCondition *AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition `pulumi:"availabilityCondition"`
	// A list of permissions that may be allowed for use on the specified resource.
	AvailablePermissions []string `pulumi:"availablePermissions"`
	// The full resource name of a Google Cloud resource entity.
	AvailableResource *string `pulumi:"availableResource"`
}

type AccessBoundaryPolicyRuleAccessBoundaryRuleArgs 

type AccessBoundaryPolicyRuleAccessBoundaryRuleArgs struct {
	// The availability condition further constrains the access allowed by the access boundary rule.
	// Structure is documented below.
	AvailabilityCondition AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput `pulumi:"availabilityCondition"`
	// A list of permissions that may be allowed for use on the specified resource.
	AvailablePermissions pulumi.StringArrayInput `pulumi:"availablePermissions"`
	// The full resource name of a Google Cloud resource entity.
	AvailableResource pulumi.StringPtrInput `pulumi:"availableResource"`
}

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ElementType 

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition 

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location *string `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs 

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ElementType 

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext 

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput 

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs and AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput` via: 

AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{...}

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput 

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Description 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Description() pulumi.StringPtrOutput

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ElementType 

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Expression 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Location 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Location() pulumi.StringPtrOutput

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Title 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Title() pulumi.StringPtrOutput

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput 

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs, AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtr and AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput` via: 

        AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{...}

or:

        nil

func AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtr 

func AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtr(v *AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput 

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Description 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Description() pulumi.StringPtrOutput

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Elem 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Elem() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ElementType 

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Expression 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Location 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Location() pulumi.StringPtrOutput

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Title 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Title() pulumi.StringPtrOutput

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleInput 

type AccessBoundaryPolicyRuleAccessBoundaryRuleInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRuleInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleArgs and AccessBoundaryPolicyRuleAccessBoundaryRuleOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRuleInput` via: 

AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{...}

type AccessBoundaryPolicyRuleAccessBoundaryRuleOutput 

type AccessBoundaryPolicyRuleAccessBoundaryRuleOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailabilityCondition 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailabilityCondition() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailablePermissions 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailablePermissions() pulumi.StringArrayOutput

A list of permissions that may be allowed for use on the specified resource.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailableResource 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailableResource() pulumi.StringPtrOutput

The full resource name of a Google Cloud resource entity.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ElementType 

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext 

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput 

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleArgs, AccessBoundaryPolicyRuleAccessBoundaryRulePtr and AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput` via: 

        AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{...}

or:

        nil

func AccessBoundaryPolicyRuleAccessBoundaryRulePtr 

func AccessBoundaryPolicyRuleAccessBoundaryRulePtr(v *AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput 

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailabilityCondition 

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailabilityCondition() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailablePermissions 

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailablePermissions() pulumi.StringArrayOutput

A list of permissions that may be allowed for use on the specified resource.

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailableResource 

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailableResource() pulumi.StringPtrOutput

The full resource name of a Google Cloud resource entity.

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) Elem 

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) Elem() AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ElementType 

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput 

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext 

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

type AccessBoundaryPolicyRuleArgs 

type AccessBoundaryPolicyRuleArgs struct {
	// An access boundary rule in an IAM policy.
	// Structure is documented below.
	AccessBoundaryRule AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput `pulumi:"accessBoundaryRule"`
	// The description of the rule.
	Description pulumi.StringPtrInput `pulumi:"description"`
}

func (AccessBoundaryPolicyRuleArgs) ElementType 

func (AccessBoundaryPolicyRuleArgs) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutput 

func (i AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutput() AccessBoundaryPolicyRuleOutput

func (AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutputWithContext 

func (i AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleOutput

type AccessBoundaryPolicyRuleArray 

type AccessBoundaryPolicyRuleArray []AccessBoundaryPolicyRuleInput

func (AccessBoundaryPolicyRuleArray) ElementType 

func (AccessBoundaryPolicyRuleArray) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutput 

func (i AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutput() AccessBoundaryPolicyRuleArrayOutput

func (AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutputWithContext 

func (i AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleArrayOutput

type AccessBoundaryPolicyRuleArrayInput 

type AccessBoundaryPolicyRuleArrayInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleArrayOutput() AccessBoundaryPolicyRuleArrayOutput
	ToAccessBoundaryPolicyRuleArrayOutputWithContext(context.Context) AccessBoundaryPolicyRuleArrayOutput
}

AccessBoundaryPolicyRuleArrayInput is an input type that accepts AccessBoundaryPolicyRuleArray and AccessBoundaryPolicyRuleArrayOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleArrayInput` via: 

AccessBoundaryPolicyRuleArray{ AccessBoundaryPolicyRuleArgs{...} }

type AccessBoundaryPolicyRuleArrayOutput 

type AccessBoundaryPolicyRuleArrayOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleArrayOutput) ElementType 

func (AccessBoundaryPolicyRuleArrayOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleArrayOutput) Index 

func (o AccessBoundaryPolicyRuleArrayOutput) Index(i pulumi.IntInput) AccessBoundaryPolicyRuleOutput

func (AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutput 

func (o AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutput() AccessBoundaryPolicyRuleArrayOutput

func (AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutputWithContext 

func (o AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleArrayOutput

type AccessBoundaryPolicyRuleInput 

type AccessBoundaryPolicyRuleInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleOutput() AccessBoundaryPolicyRuleOutput
	ToAccessBoundaryPolicyRuleOutputWithContext(context.Context) AccessBoundaryPolicyRuleOutput
}

AccessBoundaryPolicyRuleInput is an input type that accepts AccessBoundaryPolicyRuleArgs and AccessBoundaryPolicyRuleOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleInput` via: 

AccessBoundaryPolicyRuleArgs{...}

type AccessBoundaryPolicyRuleOutput 

type AccessBoundaryPolicyRuleOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleOutput) AccessBoundaryRule 

func (o AccessBoundaryPolicyRuleOutput) AccessBoundaryRule() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

An access boundary rule in an IAM policy. Structure is documented below.

func (AccessBoundaryPolicyRuleOutput) Description 

func (o AccessBoundaryPolicyRuleOutput) Description() pulumi.StringPtrOutput

The description of the rule.

func (AccessBoundaryPolicyRuleOutput) ElementType 

func (AccessBoundaryPolicyRuleOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutput 

func (o AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutput() AccessBoundaryPolicyRuleOutput

func (AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutputWithContext 

func (o AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleOutput

type AccessBoundaryPolicyState 

type AccessBoundaryPolicyState struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringPtrInput
	// Rules to be applied.
	// Structure is documented below.
	Rules AccessBoundaryPolicyRuleArrayInput
}

func (AccessBoundaryPolicyState) ElementType 

func (AccessBoundaryPolicyState) ElementType() reflect.Type

type DenyPolicy 

type DenyPolicy struct {
	pulumi.CustomResourceState

	// The display name of the rule.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The name of the policy.
	Name pulumi.StringOutput `pulumi:"name"`
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayOutput `pulumi:"rules"`
}

Represents a collection of denial policies to apply to a given resource.

To get more information about DenyPolicy, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v2/policies) * How-to Guides

## Example Usage

### Iam Deny Policy Basic

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("my-project"),
			Name:           pulumi.String("my-project"),
			OrgId:          pulumi.String("123456789"),
			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		_, err = serviceaccount.NewAccount(ctx, "test-account", &serviceaccount.AccountArgs{
			AccountId:   pulumi.String("svc-acc"),
			DisplayName: pulumi.String("Test Service Account"),
			Project:     project.ProjectId,
		})
		if err != nil {
			return err
		}
		_, err = iam.NewDenyPolicy(ctx, "example", &iam.DenyPolicyArgs{
			Parent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{
				Input: project.ProjectId.ApplyT(func(projectId string) (string, error) {
					return fmt.Sprintf("cloudresourcemanager.googleapis.com/projects/%v", projectId), nil
				}).(pulumi.StringOutput),
			}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {
				return invoke.Result, nil
			}).(pulumi.StringPtrOutput)),
			Name:        pulumi.String("my-deny-policy"),
			DisplayName: pulumi.String("A deny rule"),
			Rules: iam.DenyPolicyRuleArray{
				&iam.DenyPolicyRuleArgs{
					Description: pulumi.String("First rule"),
					DenyRule: &iam.DenyPolicyRuleDenyRuleArgs{
						DeniedPrincipals: pulumi.StringArray{
							pulumi.String("principalSet://goog/public:all"),
						},
						DenialCondition: &iam.DenyPolicyRuleDenyRuleDenialConditionArgs{
							Title:      pulumi.String("Some expr"),
							Expression: pulumi.String("!resource.matchTag('12345678/env', 'test')"),
						},
						DeniedPermissions: pulumi.StringArray{
							pulumi.String("cloudresourcemanager.googleapis.com/projects.update"),
						},
					},
				},
				&iam.DenyPolicyRuleArgs{
					Description: pulumi.String("Second rule"),
					DenyRule: &iam.DenyPolicyRuleDenyRuleArgs{
						DeniedPrincipals: pulumi.StringArray{
							pulumi.String("principalSet://goog/public:all"),
						},
						DenialCondition: &iam.DenyPolicyRuleDenyRuleDenialConditionArgs{
							Title:      pulumi.String("Some expr"),
							Expression: pulumi.String("!resource.matchTag('12345678/env', 'test')"),
						},
						DeniedPermissions: pulumi.StringArray{
							pulumi.String("cloudresourcemanager.googleapis.com/projects.update"),
						},
						ExceptionPrincipals: pulumi.StringArray{
							test_account.Email.ApplyT(func(email string) (string, error) {
								return fmt.Sprintf("principal://iam.googleapis.com/projects/-/serviceAccounts/%v", email), nil
							}).(pulumi.StringOutput),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

DenyPolicy can be imported using any of these accepted formats:

* `{{parent}}/{{name}}`

When using the `pulumi import` command, DenyPolicy can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/denyPolicy:DenyPolicy default {{parent}}/{{name}} ```

func GetDenyPolicy 

func GetDenyPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DenyPolicyState, opts ...pulumi.ResourceOption) (*DenyPolicy, error)

GetDenyPolicy gets an existing DenyPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDenyPolicy 

func NewDenyPolicy(ctx *pulumi.Context,
	name string, args *DenyPolicyArgs, opts ...pulumi.ResourceOption) (*DenyPolicy, error)

NewDenyPolicy registers a new resource with the given unique name, arguments, and options.

func (*DenyPolicy) ElementType 

func (*DenyPolicy) ElementType() reflect.Type

func (*DenyPolicy) ToDenyPolicyOutput 

func (i *DenyPolicy) ToDenyPolicyOutput() DenyPolicyOutput

func (*DenyPolicy) ToDenyPolicyOutputWithContext 

func (i *DenyPolicy) ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput

type DenyPolicyArgs 

type DenyPolicyArgs struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringInput
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayInput
}

The set of arguments for constructing a DenyPolicy resource.

func (DenyPolicyArgs) ElementType 

func (DenyPolicyArgs) ElementType() reflect.Type

type DenyPolicyArray 

type DenyPolicyArray []DenyPolicyInput

func (DenyPolicyArray) ElementType 

func (DenyPolicyArray) ElementType() reflect.Type

func (DenyPolicyArray) ToDenyPolicyArrayOutput 

func (i DenyPolicyArray) ToDenyPolicyArrayOutput() DenyPolicyArrayOutput

func (DenyPolicyArray) ToDenyPolicyArrayOutputWithContext 

func (i DenyPolicyArray) ToDenyPolicyArrayOutputWithContext(ctx context.Context) DenyPolicyArrayOutput

type DenyPolicyArrayInput 

type DenyPolicyArrayInput interface {
	pulumi.Input

	ToDenyPolicyArrayOutput() DenyPolicyArrayOutput
	ToDenyPolicyArrayOutputWithContext(context.Context) DenyPolicyArrayOutput
}

DenyPolicyArrayInput is an input type that accepts DenyPolicyArray and DenyPolicyArrayOutput values. You can construct a concrete instance of `DenyPolicyArrayInput` via: 

DenyPolicyArray{ DenyPolicyArgs{...} }

type DenyPolicyArrayOutput 

type DenyPolicyArrayOutput struct{ *pulumi.OutputState }

func (DenyPolicyArrayOutput) ElementType 

func (DenyPolicyArrayOutput) ElementType() reflect.Type

func (DenyPolicyArrayOutput) Index 

func (o DenyPolicyArrayOutput) Index(i pulumi.IntInput) DenyPolicyOutput

func (DenyPolicyArrayOutput) ToDenyPolicyArrayOutput 

func (o DenyPolicyArrayOutput) ToDenyPolicyArrayOutput() DenyPolicyArrayOutput

func (DenyPolicyArrayOutput) ToDenyPolicyArrayOutputWithContext 

func (o DenyPolicyArrayOutput) ToDenyPolicyArrayOutputWithContext(ctx context.Context) DenyPolicyArrayOutput

type DenyPolicyInput 

type DenyPolicyInput interface {
	pulumi.Input

	ToDenyPolicyOutput() DenyPolicyOutput
	ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput
}

type DenyPolicyMap 

type DenyPolicyMap map[string]DenyPolicyInput

func (DenyPolicyMap) ElementType 

func (DenyPolicyMap) ElementType() reflect.Type

func (DenyPolicyMap) ToDenyPolicyMapOutput 

func (i DenyPolicyMap) ToDenyPolicyMapOutput() DenyPolicyMapOutput

func (DenyPolicyMap) ToDenyPolicyMapOutputWithContext 

func (i DenyPolicyMap) ToDenyPolicyMapOutputWithContext(ctx context.Context) DenyPolicyMapOutput

type DenyPolicyMapInput 

type DenyPolicyMapInput interface {
	pulumi.Input

	ToDenyPolicyMapOutput() DenyPolicyMapOutput
	ToDenyPolicyMapOutputWithContext(context.Context) DenyPolicyMapOutput
}

DenyPolicyMapInput is an input type that accepts DenyPolicyMap and DenyPolicyMapOutput values. You can construct a concrete instance of `DenyPolicyMapInput` via: 

DenyPolicyMap{ "key": DenyPolicyArgs{...} }

type DenyPolicyMapOutput 

type DenyPolicyMapOutput struct{ *pulumi.OutputState }

func (DenyPolicyMapOutput) ElementType 

func (DenyPolicyMapOutput) ElementType() reflect.Type

func (DenyPolicyMapOutput) MapIndex 

func (o DenyPolicyMapOutput) MapIndex(k pulumi.StringInput) DenyPolicyOutput

func (DenyPolicyMapOutput) ToDenyPolicyMapOutput 

func (o DenyPolicyMapOutput) ToDenyPolicyMapOutput() DenyPolicyMapOutput

func (DenyPolicyMapOutput) ToDenyPolicyMapOutputWithContext 

func (o DenyPolicyMapOutput) ToDenyPolicyMapOutputWithContext(ctx context.Context) DenyPolicyMapOutput

type DenyPolicyOutput 

type DenyPolicyOutput struct{ *pulumi.OutputState }

func (DenyPolicyOutput) DisplayName 

func (o DenyPolicyOutput) DisplayName() pulumi.StringPtrOutput

The display name of the rule.

func (DenyPolicyOutput) ElementType 

func (DenyPolicyOutput) ElementType() reflect.Type

func (DenyPolicyOutput) Etag 

func (o DenyPolicyOutput) Etag() pulumi.StringOutput

The hash of the resource. Used internally during updates.

func (DenyPolicyOutput) Name 

func (o DenyPolicyOutput) Name() pulumi.StringOutput

The name of the policy.

func (DenyPolicyOutput) Parent 

func (o DenyPolicyOutput) Parent() pulumi.StringOutput

The attachment point is identified by its URL-encoded full resource name.

func (DenyPolicyOutput) Rules 

func (o DenyPolicyOutput) Rules() DenyPolicyRuleArrayOutput

Rules to be applied. Structure is documented below.

func (DenyPolicyOutput) ToDenyPolicyOutput 

func (o DenyPolicyOutput) ToDenyPolicyOutput() DenyPolicyOutput

func (DenyPolicyOutput) ToDenyPolicyOutputWithContext 

func (o DenyPolicyOutput) ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput

type DenyPolicyRule 

type DenyPolicyRule struct {
	// A deny rule in an IAM deny policy.
	// Structure is documented below.
	DenyRule *DenyPolicyRuleDenyRule `pulumi:"denyRule"`
	// The description of the rule.
	Description *string `pulumi:"description"`
}

type DenyPolicyRuleArgs 

type DenyPolicyRuleArgs struct {
	// A deny rule in an IAM deny policy.
	// Structure is documented below.
	DenyRule DenyPolicyRuleDenyRulePtrInput `pulumi:"denyRule"`
	// The description of the rule.
	Description pulumi.StringPtrInput `pulumi:"description"`
}

func (DenyPolicyRuleArgs) ElementType 

func (DenyPolicyRuleArgs) ElementType() reflect.Type

func (DenyPolicyRuleArgs) ToDenyPolicyRuleOutput 

func (i DenyPolicyRuleArgs) ToDenyPolicyRuleOutput() DenyPolicyRuleOutput

func (DenyPolicyRuleArgs) ToDenyPolicyRuleOutputWithContext 

func (i DenyPolicyRuleArgs) ToDenyPolicyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleOutput

type DenyPolicyRuleArray 

type DenyPolicyRuleArray []DenyPolicyRuleInput

func (DenyPolicyRuleArray) ElementType 

func (DenyPolicyRuleArray) ElementType() reflect.Type

func (DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutput 

func (i DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput

func (DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutputWithContext 

func (i DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutputWithContext(ctx context.Context) DenyPolicyRuleArrayOutput

type DenyPolicyRuleArrayInput 

type DenyPolicyRuleArrayInput interface {
	pulumi.Input

	ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput
	ToDenyPolicyRuleArrayOutputWithContext(context.Context) DenyPolicyRuleArrayOutput
}

DenyPolicyRuleArrayInput is an input type that accepts DenyPolicyRuleArray and DenyPolicyRuleArrayOutput values. You can construct a concrete instance of `DenyPolicyRuleArrayInput` via: 

DenyPolicyRuleArray{ DenyPolicyRuleArgs{...} }

type DenyPolicyRuleArrayOutput 

type DenyPolicyRuleArrayOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleArrayOutput) ElementType 

func (DenyPolicyRuleArrayOutput) ElementType() reflect.Type

func (DenyPolicyRuleArrayOutput) Index 

func (o DenyPolicyRuleArrayOutput) Index(i pulumi.IntInput) DenyPolicyRuleOutput

func (DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutput 

func (o DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput

func (DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutputWithContext 

func (o DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutputWithContext(ctx context.Context) DenyPolicyRuleArrayOutput

type DenyPolicyRuleDenyRule 

type DenyPolicyRuleDenyRule struct {
	// User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
	// Structure is documented below.
	DenialCondition *DenyPolicyRuleDenyRuleDenialCondition `pulumi:"denialCondition"`
	// The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`,
	// where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.
	DeniedPermissions []string `pulumi:"deniedPermissions"`
	// The identities that are prevented from using one or more permissions on Google Cloud resources.
	DeniedPrincipals []string `pulumi:"deniedPrincipals"`
	// Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
	// If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.
	// The excluded permissions can be specified using the same syntax as deniedPermissions.
	ExceptionPermissions []string `pulumi:"exceptionPermissions"`
	// The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.
	// For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.
	ExceptionPrincipals []string `pulumi:"exceptionPrincipals"`
}

type DenyPolicyRuleDenyRuleArgs 

type DenyPolicyRuleDenyRuleArgs struct {
	// User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
	// Structure is documented below.
	DenialCondition DenyPolicyRuleDenyRuleDenialConditionPtrInput `pulumi:"denialCondition"`
	// The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`,
	// where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.
	DeniedPermissions pulumi.StringArrayInput `pulumi:"deniedPermissions"`
	// The identities that are prevented from using one or more permissions on Google Cloud resources.
	DeniedPrincipals pulumi.StringArrayInput `pulumi:"deniedPrincipals"`
	// Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
	// If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.
	// The excluded permissions can be specified using the same syntax as deniedPermissions.
	ExceptionPermissions pulumi.StringArrayInput `pulumi:"exceptionPermissions"`
	// The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.
	// For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.
	ExceptionPrincipals pulumi.StringArrayInput `pulumi:"exceptionPrincipals"`
}

func (DenyPolicyRuleDenyRuleArgs) ElementType 

func (DenyPolicyRuleDenyRuleArgs) ElementType() reflect.Type

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutput 

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutputWithContext 

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutput 

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutputWithContext 

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleDenyRuleDenialCondition 

type DenyPolicyRuleDenyRuleDenialCondition struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location *string `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type DenyPolicyRuleDenyRuleDenialConditionArgs 

type DenyPolicyRuleDenyRuleDenialConditionArgs struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ElementType 

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ElementType() reflect.Type

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutput 

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext 

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput 

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext 

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleDenialConditionInput 

type DenyPolicyRuleDenyRuleDenialConditionInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput
	ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput
}

DenyPolicyRuleDenyRuleDenialConditionInput is an input type that accepts DenyPolicyRuleDenyRuleDenialConditionArgs and DenyPolicyRuleDenyRuleDenialConditionOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleDenialConditionInput` via: 

DenyPolicyRuleDenyRuleDenialConditionArgs{...}

type DenyPolicyRuleDenyRuleDenialConditionOutput 

type DenyPolicyRuleDenyRuleDenialConditionOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Description 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) Description() pulumi.StringPtrOutput

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ElementType 

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ElementType() reflect.Type

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Expression 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Location 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) Location() pulumi.StringPtrOutput

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Title 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) Title() pulumi.StringPtrOutput

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutput 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext 

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleDenialConditionPtrInput 

type DenyPolicyRuleDenyRuleDenialConditionPtrInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput
	ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput
}

DenyPolicyRuleDenyRuleDenialConditionPtrInput is an input type that accepts DenyPolicyRuleDenyRuleDenialConditionArgs, DenyPolicyRuleDenyRuleDenialConditionPtr and DenyPolicyRuleDenyRuleDenialConditionPtrOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleDenialConditionPtrInput` via: 

        DenyPolicyRuleDenyRuleDenialConditionArgs{...}

or:

        nil

func DenyPolicyRuleDenyRuleDenialConditionPtr 

func DenyPolicyRuleDenyRuleDenialConditionPtr(v *DenyPolicyRuleDenyRuleDenialConditionArgs) DenyPolicyRuleDenyRuleDenialConditionPtrInput

type DenyPolicyRuleDenyRuleDenialConditionPtrOutput 

type DenyPolicyRuleDenyRuleDenialConditionPtrOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Description 

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Description() pulumi.StringPtrOutput

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Elem 

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Elem() DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ElementType 

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ElementType() reflect.Type

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Expression 

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Location 

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Location() pulumi.StringPtrOutput

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Title 

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Title() pulumi.StringPtrOutput

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput 

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext 

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleInput 

type DenyPolicyRuleDenyRuleInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput
	ToDenyPolicyRuleDenyRuleOutputWithContext(context.Context) DenyPolicyRuleDenyRuleOutput
}

DenyPolicyRuleDenyRuleInput is an input type that accepts DenyPolicyRuleDenyRuleArgs and DenyPolicyRuleDenyRuleOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleInput` via: 

DenyPolicyRuleDenyRuleArgs{...}

type DenyPolicyRuleDenyRuleOutput 

type DenyPolicyRuleDenyRuleOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleOutput) DenialCondition 

func (o DenyPolicyRuleDenyRuleOutput) DenialCondition() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

func (DenyPolicyRuleDenyRuleOutput) DeniedPermissions 

func (o DenyPolicyRuleDenyRuleOutput) DeniedPermissions() pulumi.StringArrayOutput

The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.

func (DenyPolicyRuleDenyRuleOutput) DeniedPrincipals 

func (o DenyPolicyRuleDenyRuleOutput) DeniedPrincipals() pulumi.StringArrayOutput

The identities that are prevented from using one or more permissions on Google Cloud resources.

func (DenyPolicyRuleDenyRuleOutput) ElementType 

func (DenyPolicyRuleDenyRuleOutput) ElementType() reflect.Type

func (DenyPolicyRuleDenyRuleOutput) ExceptionPermissions 

func (o DenyPolicyRuleDenyRuleOutput) ExceptionPermissions() pulumi.StringArrayOutput

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

func (DenyPolicyRuleDenyRuleOutput) ExceptionPrincipals 

func (o DenyPolicyRuleDenyRuleOutput) ExceptionPrincipals() pulumi.StringArrayOutput

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutput 

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutputWithContext 

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutput 

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext 

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleDenyRulePtrInput 

type DenyPolicyRuleDenyRulePtrInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput
	ToDenyPolicyRuleDenyRulePtrOutputWithContext(context.Context) DenyPolicyRuleDenyRulePtrOutput
}

DenyPolicyRuleDenyRulePtrInput is an input type that accepts DenyPolicyRuleDenyRuleArgs, DenyPolicyRuleDenyRulePtr and DenyPolicyRuleDenyRulePtrOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRulePtrInput` via: 

        DenyPolicyRuleDenyRuleArgs{...}

or:

        nil

func DenyPolicyRuleDenyRulePtr 

func DenyPolicyRuleDenyRulePtr(v *DenyPolicyRuleDenyRuleArgs) DenyPolicyRuleDenyRulePtrInput

type DenyPolicyRuleDenyRulePtrOutput 

type DenyPolicyRuleDenyRulePtrOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRulePtrOutput) DenialCondition 

func (o DenyPolicyRuleDenyRulePtrOutput) DenialCondition() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

func (DenyPolicyRuleDenyRulePtrOutput) DeniedPermissions 

func (o DenyPolicyRuleDenyRulePtrOutput) DeniedPermissions() pulumi.StringArrayOutput

The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.

func (DenyPolicyRuleDenyRulePtrOutput) DeniedPrincipals 

func (o DenyPolicyRuleDenyRulePtrOutput) DeniedPrincipals() pulumi.StringArrayOutput

The identities that are prevented from using one or more permissions on Google Cloud resources.

func (DenyPolicyRuleDenyRulePtrOutput) Elem 

func (o DenyPolicyRuleDenyRulePtrOutput) Elem() DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRulePtrOutput) ElementType 

func (DenyPolicyRuleDenyRulePtrOutput) ElementType() reflect.Type

func (DenyPolicyRuleDenyRulePtrOutput) ExceptionPermissions 

func (o DenyPolicyRuleDenyRulePtrOutput) ExceptionPermissions() pulumi.StringArrayOutput

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

func (DenyPolicyRuleDenyRulePtrOutput) ExceptionPrincipals 

func (o DenyPolicyRuleDenyRulePtrOutput) ExceptionPrincipals() pulumi.StringArrayOutput

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

func (DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutput 

func (o DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext 

func (o DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleInput 

type DenyPolicyRuleInput interface {
	pulumi.Input

	ToDenyPolicyRuleOutput() DenyPolicyRuleOutput
	ToDenyPolicyRuleOutputWithContext(context.Context) DenyPolicyRuleOutput
}

DenyPolicyRuleInput is an input type that accepts DenyPolicyRuleArgs and DenyPolicyRuleOutput values. You can construct a concrete instance of `DenyPolicyRuleInput` via: 

DenyPolicyRuleArgs{...}

type DenyPolicyRuleOutput 

type DenyPolicyRuleOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleOutput) DenyRule 

func (o DenyPolicyRuleOutput) DenyRule() DenyPolicyRuleDenyRulePtrOutput

A deny rule in an IAM deny policy. Structure is documented below.

func (DenyPolicyRuleOutput) Description 

func (o DenyPolicyRuleOutput) Description() pulumi.StringPtrOutput

The description of the rule.

func (DenyPolicyRuleOutput) ElementType 

func (DenyPolicyRuleOutput) ElementType() reflect.Type

func (DenyPolicyRuleOutput) ToDenyPolicyRuleOutput 

func (o DenyPolicyRuleOutput) ToDenyPolicyRuleOutput() DenyPolicyRuleOutput

func (DenyPolicyRuleOutput) ToDenyPolicyRuleOutputWithContext 

func (o DenyPolicyRuleOutput) ToDenyPolicyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleOutput

type DenyPolicyState 

type DenyPolicyState struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringPtrInput
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayInput
}

func (DenyPolicyState) ElementType 

func (DenyPolicyState) ElementType() reflect.Type

type GetRuleArgs 

type GetRuleArgs struct {
	// The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getRule.

type GetRuleOutputArgs 

type GetRuleOutputArgs struct {
	// The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
	Name pulumi.StringInput `pulumi:"name"`
}

A collection of arguments for invoking getRule.

func (GetRuleOutputArgs) ElementType 

func (GetRuleOutputArgs) ElementType() reflect.Type

type GetRuleResult 

type GetRuleResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get`
	IncludedPermissions []string `pulumi:"includedPermissions"`
	Name                string   `pulumi:"name"`
	// indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`.
	Stage string `pulumi:"stage"`
	// is a friendly title for the role, such as "Role Viewer"
	Title string `pulumi:"title"`
}

A collection of values returned by getRule.

func GetRule 

func GetRule(ctx *pulumi.Context, args *GetRuleArgs, opts ...pulumi.InvokeOption) (*GetRuleResult, error)

Use this data source to get information about a Google IAM Role.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		roleinfo, err := iam.GetRule(ctx, &iam.GetRuleArgs{
			Name: "roles/compute.viewer",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("theRolePermissions", roleinfo.IncludedPermissions)
		return nil
	})
}

```

type GetRuleResultOutput 

type GetRuleResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getRule.

func GetRuleOutput 

func GetRuleOutput(ctx *pulumi.Context, args GetRuleOutputArgs, opts ...pulumi.InvokeOption) GetRuleResultOutput

func (GetRuleResultOutput) ElementType 

func (GetRuleResultOutput) ElementType() reflect.Type

func (GetRuleResultOutput) Id 

func (o GetRuleResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetRuleResultOutput) IncludedPermissions 

func (o GetRuleResultOutput) IncludedPermissions() pulumi.StringArrayOutput

specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get`

func (GetRuleResultOutput) Name 

func (o GetRuleResultOutput) Name() pulumi.StringOutput

func (GetRuleResultOutput) Stage 

func (o GetRuleResultOutput) Stage() pulumi.StringOutput

indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`.

func (GetRuleResultOutput) Title 

func (o GetRuleResultOutput) Title() pulumi.StringOutput

is a friendly title for the role, such as "Role Viewer"

func (GetRuleResultOutput) ToGetRuleResultOutput 

func (o GetRuleResultOutput) ToGetRuleResultOutput() GetRuleResultOutput

func (GetRuleResultOutput) ToGetRuleResultOutputWithContext 

func (o GetRuleResultOutput) ToGetRuleResultOutputWithContext(ctx context.Context) GetRuleResultOutput

type GetTestablePermissionsArgs 

type GetTestablePermissionsArgs struct {
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel *string `pulumi:"customSupportLevel"`
	// See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail.
	FullResourceName string `pulumi:"fullResourceName"`
	// The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`.
	Stages []string `pulumi:"stages"`
}

A collection of arguments for invoking getTestablePermissions.

type GetTestablePermissionsOutputArgs 

type GetTestablePermissionsOutputArgs struct {
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel pulumi.StringPtrInput `pulumi:"customSupportLevel"`
	// See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail.
	FullResourceName pulumi.StringInput `pulumi:"fullResourceName"`
	// The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`.
	Stages pulumi.StringArrayInput `pulumi:"stages"`
}

A collection of arguments for invoking getTestablePermissions.

func (GetTestablePermissionsOutputArgs) ElementType 

func (GetTestablePermissionsOutputArgs) ElementType() reflect.Type

type GetTestablePermissionsPermission 

type GetTestablePermissionsPermission struct {
	// Whether the corresponding API has been enabled for the resource.
	ApiDisabled bool `pulumi:"apiDisabled"`
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel string `pulumi:"customSupportLevel"`
	// Name of the permission.
	Name string `pulumi:"name"`
	// Release stage of the permission.
	Stage string `pulumi:"stage"`
	// Human readable title of the permission.
	Title string `pulumi:"title"`
}

type GetTestablePermissionsPermissionArgs 

type GetTestablePermissionsPermissionArgs struct {
	// Whether the corresponding API has been enabled for the resource.
	ApiDisabled pulumi.BoolInput `pulumi:"apiDisabled"`
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel pulumi.StringInput `pulumi:"customSupportLevel"`
	// Name of the permission.
	Name pulumi.StringInput `pulumi:"name"`
	// Release stage of the permission.
	Stage pulumi.StringInput `pulumi:"stage"`
	// Human readable title of the permission.
	Title pulumi.StringInput `pulumi:"title"`
}

func (GetTestablePermissionsPermissionArgs) ElementType 

func (GetTestablePermissionsPermissionArgs) ElementType() reflect.Type

func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput 

func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput

func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext 

func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput

type GetTestablePermissionsPermissionArray 

type GetTestablePermissionsPermissionArray []GetTestablePermissionsPermissionInput

func (GetTestablePermissionsPermissionArray) ElementType 

func (GetTestablePermissionsPermissionArray) ElementType() reflect.Type

func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput 

func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput

func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext 

func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionArrayInput 

type GetTestablePermissionsPermissionArrayInput interface {
	pulumi.Input

	ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput
	ToGetTestablePermissionsPermissionArrayOutputWithContext(context.Context) GetTestablePermissionsPermissionArrayOutput
}

GetTestablePermissionsPermissionArrayInput is an input type that accepts GetTestablePermissionsPermissionArray and GetTestablePermissionsPermissionArrayOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionArrayInput` via: 

GetTestablePermissionsPermissionArray{ GetTestablePermissionsPermissionArgs{...} }

type GetTestablePermissionsPermissionArrayOutput 

type GetTestablePermissionsPermissionArrayOutput struct{ *pulumi.OutputState }

func (GetTestablePermissionsPermissionArrayOutput) ElementType 

func (GetTestablePermissionsPermissionArrayOutput) ElementType() reflect.Type

func (GetTestablePermissionsPermissionArrayOutput) Index 

func (o GetTestablePermissionsPermissionArrayOutput) Index(i pulumi.IntInput) GetTestablePermissionsPermissionOutput

func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput 

func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput

func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext 

func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionInput 

type GetTestablePermissionsPermissionInput interface {
	pulumi.Input

	ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput
	ToGetTestablePermissionsPermissionOutputWithContext(context.Context) GetTestablePermissionsPermissionOutput
}

GetTestablePermissionsPermissionInput is an input type that accepts GetTestablePermissionsPermissionArgs and GetTestablePermissionsPermissionOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionInput` via: 

GetTestablePermissionsPermissionArgs{...}

type GetTestablePermissionsPermissionOutput 

type GetTestablePermissionsPermissionOutput struct{ *pulumi.OutputState }

func (GetTestablePermissionsPermissionOutput) ApiDisabled 

func (o GetTestablePermissionsPermissionOutput) ApiDisabled() pulumi.BoolOutput

Whether the corresponding API has been enabled for the resource.

func (GetTestablePermissionsPermissionOutput) CustomSupportLevel 

func (o GetTestablePermissionsPermissionOutput) CustomSupportLevel() pulumi.StringOutput

The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`

func (GetTestablePermissionsPermissionOutput) ElementType 

func (GetTestablePermissionsPermissionOutput) ElementType() reflect.Type

func (GetTestablePermissionsPermissionOutput) Name 

func (o GetTestablePermissionsPermissionOutput) Name() pulumi.StringOutput

Name of the permission.

func (GetTestablePermissionsPermissionOutput) Stage 

func (o GetTestablePermissionsPermissionOutput) Stage() pulumi.StringOutput

Release stage of the permission.

func (GetTestablePermissionsPermissionOutput) Title 

func (o GetTestablePermissionsPermissionOutput) Title() pulumi.StringOutput

Human readable title of the permission.

func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput 

func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput

func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext 

func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput

type GetTestablePermissionsResult 

type GetTestablePermissionsResult struct {
	// The the support level of this permission for custom roles.
	CustomSupportLevel *string `pulumi:"customSupportLevel"`
	FullResourceName   string  `pulumi:"fullResourceName"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// A list of permissions matching the provided input. Structure is defined below.
	Permissions []GetTestablePermissionsPermission `pulumi:"permissions"`
	Stages      []string                           `pulumi:"stages"`
}

A collection of values returned by getTestablePermissions.

func GetTestablePermissions 

func GetTestablePermissions(ctx *pulumi.Context, args *GetTestablePermissionsArgs, opts ...pulumi.InvokeOption) (*GetTestablePermissionsResult, error)

Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.

## Example Usage

Retrieve all the supported permissions able to be set on `my-project` that are in either GA or BETA. This is useful for dynamically constructing custom roles.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.GetTestablePermissions(ctx, &iam.GetTestablePermissionsArgs{
			FullResourceName: "//cloudresourcemanager.googleapis.com/projects/my-project",
			Stages: []string{
				"GA",
				"BETA",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetTestablePermissionsResultOutput 

type GetTestablePermissionsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getTestablePermissions.

func GetTestablePermissionsOutput 

func GetTestablePermissionsOutput(ctx *pulumi.Context, args GetTestablePermissionsOutputArgs, opts ...pulumi.InvokeOption) GetTestablePermissionsResultOutput

func (GetTestablePermissionsResultOutput) CustomSupportLevel 

func (o GetTestablePermissionsResultOutput) CustomSupportLevel() pulumi.StringPtrOutput

The the support level of this permission for custom roles.

func (GetTestablePermissionsResultOutput) ElementType 

func (GetTestablePermissionsResultOutput) ElementType() reflect.Type

func (GetTestablePermissionsResultOutput) FullResourceName 

func (o GetTestablePermissionsResultOutput) FullResourceName() pulumi.StringOutput

func (GetTestablePermissionsResultOutput) Id 

func (o GetTestablePermissionsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetTestablePermissionsResultOutput) Permissions 

func (o GetTestablePermissionsResultOutput) Permissions() GetTestablePermissionsPermissionArrayOutput

A list of permissions matching the provided input. Structure is defined below.

func (GetTestablePermissionsResultOutput) Stages 

func (o GetTestablePermissionsResultOutput) Stages() pulumi.StringArrayOutput

func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput 

func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput() GetTestablePermissionsResultOutput

func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext 

func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext(ctx context.Context) GetTestablePermissionsResultOutput

type GetWorkloadIdentityPoolProviderAw 

type GetWorkloadIdentityPoolProviderAw struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

type GetWorkloadIdentityPoolProviderAwArgs 

type GetWorkloadIdentityPoolProviderAwArgs struct {
	// The AWS account ID.
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

func (GetWorkloadIdentityPoolProviderAwArgs) ElementType 

func (GetWorkloadIdentityPoolProviderAwArgs) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput 

func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput

func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext 

func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderAwArray 

type GetWorkloadIdentityPoolProviderAwArray []GetWorkloadIdentityPoolProviderAwInput

func (GetWorkloadIdentityPoolProviderAwArray) ElementType 

func (GetWorkloadIdentityPoolProviderAwArray) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput 

func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput

func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext 

func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwArrayInput 

type GetWorkloadIdentityPoolProviderAwArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput
	ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput
}

GetWorkloadIdentityPoolProviderAwArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArray and GetWorkloadIdentityPoolProviderAwArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwArrayInput` via: 

GetWorkloadIdentityPoolProviderAwArray{ GetWorkloadIdentityPoolProviderAwArgs{...} }

type GetWorkloadIdentityPoolProviderAwArrayOutput 

type GetWorkloadIdentityPoolProviderAwArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ElementType 

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderAwArrayOutput) Index 

func (o GetWorkloadIdentityPoolProviderAwArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderAwOutput

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput 

func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext 

func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwInput 

type GetWorkloadIdentityPoolProviderAwInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput
	ToGetWorkloadIdentityPoolProviderAwOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwOutput
}

GetWorkloadIdentityPoolProviderAwInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArgs and GetWorkloadIdentityPoolProviderAwOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwInput` via: 

GetWorkloadIdentityPoolProviderAwArgs{...}

type GetWorkloadIdentityPoolProviderAwOutput 

type GetWorkloadIdentityPoolProviderAwOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderAwOutput) AccountId 

func (o GetWorkloadIdentityPoolProviderAwOutput) AccountId() pulumi.StringOutput

The AWS account ID.

func (GetWorkloadIdentityPoolProviderAwOutput) ElementType 

func (GetWorkloadIdentityPoolProviderAwOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput 

func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput

func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext 

func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderOidc 

type GetWorkloadIdentityPoolProviderOidc struct {
	// Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	//
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	// ”'
	// //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// ”'
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the 'jwks_uri' from the discovery document fetched from the
	// .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	// ”'
	// {
	//   "keys": [
	//     {
	//           "kty": "RSA/EC",
	//           "alg": "<algorithm>",
	//           "use": "sig",
	//           "kid": "<key-id>",
	//           "n": "",
	//           "e": "",
	//           "x": "",
	//           "y": "",
	//           "crv": ""
	//     }
	//   ]
	// }
	// ”'
	JwksJson string `pulumi:"jwksJson"`
}

type GetWorkloadIdentityPoolProviderOidcArgs 

type GetWorkloadIdentityPoolProviderOidcArgs struct {
	// Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	//
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	// ”'
	// //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// ”'
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the 'jwks_uri' from the discovery document fetched from the
	// .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	// ”'
	// {
	//   "keys": [
	//     {
	//           "kty": "RSA/EC",
	//           "alg": "<algorithm>",
	//           "use": "sig",
	//           "kid": "<key-id>",
	//           "n": "",
	//           "e": "",
	//           "x": "",
	//           "y": "",
	//           "crv": ""
	//     }
	//   ]
	// }
	// ”'
	JwksJson pulumi.StringInput `pulumi:"jwksJson"`
}

func (GetWorkloadIdentityPoolProviderOidcArgs) ElementType 

func (GetWorkloadIdentityPoolProviderOidcArgs) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput 

func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput

func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext 

func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput

type GetWorkloadIdentityPoolProviderOidcArray 

type GetWorkloadIdentityPoolProviderOidcArray []GetWorkloadIdentityPoolProviderOidcInput

func (GetWorkloadIdentityPoolProviderOidcArray) ElementType 

func (GetWorkloadIdentityPoolProviderOidcArray) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput 

func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput

func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext 

func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcArrayInput 

type GetWorkloadIdentityPoolProviderOidcArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput
	ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput
}

GetWorkloadIdentityPoolProviderOidcArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArray and GetWorkloadIdentityPoolProviderOidcArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcArrayInput` via: 

GetWorkloadIdentityPoolProviderOidcArray{ GetWorkloadIdentityPoolProviderOidcArgs{...} }

type GetWorkloadIdentityPoolProviderOidcArrayOutput 

type GetWorkloadIdentityPoolProviderOidcArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ElementType 

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) Index 

func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderOidcOutput

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput 

func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext 

func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcInput 

type GetWorkloadIdentityPoolProviderOidcInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput
	ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcOutput
}

GetWorkloadIdentityPoolProviderOidcInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArgs and GetWorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcInput` via: 

GetWorkloadIdentityPoolProviderOidcArgs{...}

type GetWorkloadIdentityPoolProviderOidcOutput 

type GetWorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderOidcOutput) AllowedAudiences 

func (o GetWorkloadIdentityPoolProviderOidcOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ”' //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id> https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id> ”'

func (GetWorkloadIdentityPoolProviderOidcOutput) ElementType 

func (GetWorkloadIdentityPoolProviderOidcOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderOidcOutput) IssuerUri 

func (o GetWorkloadIdentityPoolProviderOidcOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URL.

func (GetWorkloadIdentityPoolProviderOidcOutput) JwksJson 

func (o GetWorkloadIdentityPoolProviderOidcOutput) JwksJson() pulumi.StringOutput

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ”' 

{
  "keys": [
    {
          "kty": "RSA/EC",
          "alg": "<algorithm>",
          "use": "sig",
          "kid": "<key-id>",
          "n": "",
          "e": "",
          "x": "",
          "y": "",
          "crv": ""
    }
  ]
}

”'

func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput 

func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput

func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext 

func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput

type GetWorkloadIdentityPoolProviderSaml 

type GetWorkloadIdentityPoolProviderSaml struct {
	// SAML Identity provider configuration metadata xml doc.
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

type GetWorkloadIdentityPoolProviderSamlArgs 

type GetWorkloadIdentityPoolProviderSamlArgs struct {
	// SAML Identity provider configuration metadata xml doc.
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

func (GetWorkloadIdentityPoolProviderSamlArgs) ElementType 

func (GetWorkloadIdentityPoolProviderSamlArgs) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutput 

func (i GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutput() GetWorkloadIdentityPoolProviderSamlOutput

func (GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext 

func (i GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlOutput

type GetWorkloadIdentityPoolProviderSamlArray 

type GetWorkloadIdentityPoolProviderSamlArray []GetWorkloadIdentityPoolProviderSamlInput

func (GetWorkloadIdentityPoolProviderSamlArray) ElementType 

func (GetWorkloadIdentityPoolProviderSamlArray) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutput 

func (i GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutput() GetWorkloadIdentityPoolProviderSamlArrayOutput

func (GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext 

func (i GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlArrayOutput

type GetWorkloadIdentityPoolProviderSamlArrayInput 

type GetWorkloadIdentityPoolProviderSamlArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderSamlArrayOutput() GetWorkloadIdentityPoolProviderSamlArrayOutput
	ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderSamlArrayOutput
}

GetWorkloadIdentityPoolProviderSamlArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderSamlArray and GetWorkloadIdentityPoolProviderSamlArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderSamlArrayInput` via: 

GetWorkloadIdentityPoolProviderSamlArray{ GetWorkloadIdentityPoolProviderSamlArgs{...} }

type GetWorkloadIdentityPoolProviderSamlArrayOutput 

type GetWorkloadIdentityPoolProviderSamlArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) ElementType 

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) Index 

func (o GetWorkloadIdentityPoolProviderSamlArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderSamlOutput

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutput 

func (o GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutput() GetWorkloadIdentityPoolProviderSamlArrayOutput

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext 

func (o GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlArrayOutput

type GetWorkloadIdentityPoolProviderSamlInput 

type GetWorkloadIdentityPoolProviderSamlInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderSamlOutput() GetWorkloadIdentityPoolProviderSamlOutput
	ToGetWorkloadIdentityPoolProviderSamlOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderSamlOutput
}

GetWorkloadIdentityPoolProviderSamlInput is an input type that accepts GetWorkloadIdentityPoolProviderSamlArgs and GetWorkloadIdentityPoolProviderSamlOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderSamlInput` via: 

GetWorkloadIdentityPoolProviderSamlArgs{...}

type GetWorkloadIdentityPoolProviderSamlOutput 

type GetWorkloadIdentityPoolProviderSamlOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderSamlOutput) ElementType 

func (GetWorkloadIdentityPoolProviderSamlOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderSamlOutput) IdpMetadataXml 

func (o GetWorkloadIdentityPoolProviderSamlOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc.

func (GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutput 

func (o GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutput() GetWorkloadIdentityPoolProviderSamlOutput

func (GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext 

func (o GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlOutput

type GetWorkloadIdentityPoolProviderX509 added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509 struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStores []GetWorkloadIdentityPoolProviderX509TrustStore `pulumi:"trustStores"`
}

type GetWorkloadIdentityPoolProviderX509Args added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509Args struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStores GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput `pulumi:"trustStores"`
}

func (GetWorkloadIdentityPoolProviderX509Args) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509Args) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509Output added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509Output() GetWorkloadIdentityPoolProviderX509Output

func (GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509Output

type GetWorkloadIdentityPoolProviderX509Array added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509Array []GetWorkloadIdentityPoolProviderX509Input

func (GetWorkloadIdentityPoolProviderX509Array) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509Array) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutput added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutput() GetWorkloadIdentityPoolProviderX509ArrayOutput

func (GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509ArrayOutput

type GetWorkloadIdentityPoolProviderX509ArrayInput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509ArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509ArrayOutput() GetWorkloadIdentityPoolProviderX509ArrayOutput
	ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509ArrayOutput
}

GetWorkloadIdentityPoolProviderX509ArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509Array and GetWorkloadIdentityPoolProviderX509ArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509ArrayInput` via: 

GetWorkloadIdentityPoolProviderX509Array{ GetWorkloadIdentityPoolProviderX509Args{...} }

type GetWorkloadIdentityPoolProviderX509ArrayOutput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509ArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) Index added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509ArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderX509Output

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutput added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutput() GetWorkloadIdentityPoolProviderX509ArrayOutput

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509ArrayOutput

type GetWorkloadIdentityPoolProviderX509Input added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509Input interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509Output() GetWorkloadIdentityPoolProviderX509Output
	ToGetWorkloadIdentityPoolProviderX509OutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509Output
}

GetWorkloadIdentityPoolProviderX509Input is an input type that accepts GetWorkloadIdentityPoolProviderX509Args and GetWorkloadIdentityPoolProviderX509Output values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509Input` via: 

GetWorkloadIdentityPoolProviderX509Args{...}

type GetWorkloadIdentityPoolProviderX509Output added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509Output struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509Output) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509Output) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509Output added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509Output() GetWorkloadIdentityPoolProviderX509Output

func (GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509Output

func (GetWorkloadIdentityPoolProviderX509Output) TrustStores added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509Output) TrustStores() GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.

type GetWorkloadIdentityPoolProviderX509TrustStore added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStore struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	IntermediateCas []GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	TrustAnchors []GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor `pulumi:"trustAnchors"`
}

type GetWorkloadIdentityPoolProviderX509TrustStoreArgs added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreArgs struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	IntermediateCas GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	TrustAnchors GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput `pulumi:"trustAnchors"`
}

func (GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput() GetWorkloadIdentityPoolProviderX509TrustStoreOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreArray added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreArray []GetWorkloadIdentityPoolProviderX509TrustStoreInput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArray) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreArray) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreArray and GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput` via: 

GetWorkloadIdentityPoolProviderX509TrustStoreArray{ GetWorkloadIdentityPoolProviderX509TrustStoreArgs{...} }

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) Index added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderX509TrustStoreOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreInput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput() GetWorkloadIdentityPoolProviderX509TrustStoreOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreArgs and GetWorkloadIdentityPoolProviderX509TrustStoreOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreInput` via: 

GetWorkloadIdentityPoolProviderX509TrustStoreArgs{...}

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate string `pulumi:"pemCertificate"`
}

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringInput `pulumi:"pemCertificate"`
}

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray []GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray and GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput` via: 

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{ GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...} }

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) Index added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs and GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput` via: 

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...}

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) PemCertificate added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) PemCertificate() pulumi.StringOutput

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) IntermediateCas added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreOutput) IntermediateCas() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput() GetWorkloadIdentityPoolProviderX509TrustStoreOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) TrustAnchors added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreOutput) TrustAnchors() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate string `pulumi:"pemCertificate"`
}

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringInput `pulumi:"pemCertificate"`
}

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray []GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0 

func (i GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray and GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput` via: 

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{ GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...} }

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) Index added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) Index(i pulumi.IntInput) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs and GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput` via: 

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...}

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0 

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ElementType added in v8.1.0 

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ElementType() reflect.Type

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) PemCertificate added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) PemCertificate() pulumi.StringOutput

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0 

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type LookupWorkloadIdentityPoolArgs 

type LookupWorkloadIdentityPoolArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project *string `pulumi:"project"`
	// The id of the pool which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"`
}

A collection of arguments for invoking getWorkloadIdentityPool.

type LookupWorkloadIdentityPoolOutputArgs 

type LookupWorkloadIdentityPoolOutputArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
	// The id of the pool which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"`
}

A collection of arguments for invoking getWorkloadIdentityPool.

func (LookupWorkloadIdentityPoolOutputArgs) ElementType 

func (LookupWorkloadIdentityPoolOutputArgs) ElementType() reflect.Type

type LookupWorkloadIdentityPoolProviderArgs 

type LookupWorkloadIdentityPoolProviderArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project *string `pulumi:"project"`
	// The id of the pool which is the
	// final component of the pool resource name.
	WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"`
	// The id of the provider which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolProviderId string `pulumi:"workloadIdentityPoolProviderId"`
}

A collection of arguments for invoking getWorkloadIdentityPoolProvider.

type LookupWorkloadIdentityPoolProviderOutputArgs 

type LookupWorkloadIdentityPoolProviderOutputArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
	// The id of the pool which is the
	// final component of the pool resource name.
	WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"`
	// The id of the provider which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringInput `pulumi:"workloadIdentityPoolProviderId"`
}

A collection of arguments for invoking getWorkloadIdentityPoolProvider.

func (LookupWorkloadIdentityPoolProviderOutputArgs) ElementType 

func (LookupWorkloadIdentityPoolProviderOutputArgs) ElementType() reflect.Type

type LookupWorkloadIdentityPoolProviderResult 

type LookupWorkloadIdentityPoolProviderResult struct {
	AttributeCondition string                              `pulumi:"attributeCondition"`
	AttributeMapping   map[string]string                   `pulumi:"attributeMapping"`
	Aws                []GetWorkloadIdentityPoolProviderAw `pulumi:"aws"`
	Description        string                              `pulumi:"description"`
	Disabled           bool                                `pulumi:"disabled"`
	DisplayName        string                              `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                             string                                `pulumi:"id"`
	Name                           string                                `pulumi:"name"`
	Oidcs                          []GetWorkloadIdentityPoolProviderOidc `pulumi:"oidcs"`
	Project                        *string                               `pulumi:"project"`
	Samls                          []GetWorkloadIdentityPoolProviderSaml `pulumi:"samls"`
	State                          string                                `pulumi:"state"`
	WorkloadIdentityPoolId         string                                `pulumi:"workloadIdentityPoolId"`
	WorkloadIdentityPoolProviderId string                                `pulumi:"workloadIdentityPoolProviderId"`
	X509s                          []GetWorkloadIdentityPoolProviderX509 `pulumi:"x509s"`
}

A collection of values returned by getWorkloadIdentityPoolProvider.

func LookupWorkloadIdentityPoolProvider 

func LookupWorkloadIdentityPoolProvider(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolProviderArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolProviderResult, error)

Get a IAM workload identity provider from Google Cloud by its id.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.LookupWorkloadIdentityPoolProvider(ctx, &iam.LookupWorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         "foo-pool",
			WorkloadIdentityPoolProviderId: "bar-provider",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupWorkloadIdentityPoolProviderResultOutput 

type LookupWorkloadIdentityPoolProviderResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getWorkloadIdentityPoolProvider.

func LookupWorkloadIdentityPoolProviderOutput 

func LookupWorkloadIdentityPoolProviderOutput(ctx *pulumi.Context, args LookupWorkloadIdentityPoolProviderOutputArgs, opts ...pulumi.InvokeOption) LookupWorkloadIdentityPoolProviderResultOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeCondition 

func (o LookupWorkloadIdentityPoolProviderResultOutput) AttributeCondition() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeMapping 

func (o LookupWorkloadIdentityPoolProviderResultOutput) AttributeMapping() pulumi.StringMapOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) Aws 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Aws() GetWorkloadIdentityPoolProviderAwArrayOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) Description 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Description() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) Disabled 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Disabled() pulumi.BoolOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) DisplayName 

func (o LookupWorkloadIdentityPoolProviderResultOutput) DisplayName() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) ElementType 

func (LookupWorkloadIdentityPoolProviderResultOutput) ElementType() reflect.Type

func (LookupWorkloadIdentityPoolProviderResultOutput) Id 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupWorkloadIdentityPoolProviderResultOutput) Name 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Name() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) Oidcs 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Oidcs() GetWorkloadIdentityPoolProviderOidcArrayOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) Project 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Project() pulumi.StringPtrOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) Samls 

func (o LookupWorkloadIdentityPoolProviderResultOutput) Samls() GetWorkloadIdentityPoolProviderSamlArrayOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) State 

func (o LookupWorkloadIdentityPoolProviderResultOutput) State() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput 

func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput() LookupWorkloadIdentityPoolProviderResultOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext 

func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolProviderResultOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolId 

func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId 

func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) X509s added in v8.1.0 

func (o LookupWorkloadIdentityPoolProviderResultOutput) X509s() GetWorkloadIdentityPoolProviderX509ArrayOutput

type LookupWorkloadIdentityPoolResult 

type LookupWorkloadIdentityPoolResult struct {
	Description string `pulumi:"description"`
	Disabled    bool   `pulumi:"disabled"`
	DisplayName string `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                     string  `pulumi:"id"`
	Name                   string  `pulumi:"name"`
	Project                *string `pulumi:"project"`
	State                  string  `pulumi:"state"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

A collection of values returned by getWorkloadIdentityPool.

func LookupWorkloadIdentityPool 

func LookupWorkloadIdentityPool(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolResult, error)

Get a IAM workload identity pool from Google Cloud by its id. > **Note:** The following resource requires the Beta IAM role `roles/iam.workloadIdentityPoolAdmin` in order to succeed. `OWNER` and `EDITOR` roles do not include the necessary permissions. ## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.LookupWorkloadIdentityPool(ctx, &iam.LookupWorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: "foo-pool",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupWorkloadIdentityPoolResultOutput 

type LookupWorkloadIdentityPoolResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getWorkloadIdentityPool.

func LookupWorkloadIdentityPoolOutput 

func LookupWorkloadIdentityPoolOutput(ctx *pulumi.Context, args LookupWorkloadIdentityPoolOutputArgs, opts ...pulumi.InvokeOption) LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) Description 

func (o LookupWorkloadIdentityPoolResultOutput) Description() pulumi.StringOutput

func (LookupWorkloadIdentityPoolResultOutput) Disabled 

func (o LookupWorkloadIdentityPoolResultOutput) Disabled() pulumi.BoolOutput

func (LookupWorkloadIdentityPoolResultOutput) DisplayName 

func (o LookupWorkloadIdentityPoolResultOutput) DisplayName() pulumi.StringOutput

func (LookupWorkloadIdentityPoolResultOutput) ElementType 

func (LookupWorkloadIdentityPoolResultOutput) ElementType() reflect.Type

func (LookupWorkloadIdentityPoolResultOutput) Id 

func (o LookupWorkloadIdentityPoolResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupWorkloadIdentityPoolResultOutput) Name 

func (o LookupWorkloadIdentityPoolResultOutput) Name() pulumi.StringOutput

func (LookupWorkloadIdentityPoolResultOutput) Project 

func (o LookupWorkloadIdentityPoolResultOutput) Project() pulumi.StringPtrOutput

func (LookupWorkloadIdentityPoolResultOutput) State 

func (o LookupWorkloadIdentityPoolResultOutput) State() pulumi.StringOutput

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput 

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput() LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext 

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId 

func (o LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput

type WorkforcePool 

type WorkforcePool struct {
	pulumi.CustomResourceState

	// Configure access restrictions on the workforce pool users. This is an optional field. If specified web
	// sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	// Structure is documented below.
	AccessRestrictions WorkforcePoolAccessRestrictionsPtrOutput `pulumi:"accessRestrictions"`
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
	// or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The location for the resource.
	Location pulumi.StringOutput `pulumi:"location"`
	// Output only. The resource name of the pool.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}`
	Name pulumi.StringOutput `pulumi:"name"`
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Duration that the Google Cloud access tokens, console sign-in sessions,
	// and `gcloud` sign-in sessions from this pool are valid.
	// Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
	// If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s).
	// A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".
	SessionDuration pulumi.StringPtrOutput `pulumi:"sessionDuration"`
	// Output only. The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted pool using
	//   [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).
	//   You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.
	//   While a pool is deleted, you cannot use it to exchange tokens, or use
	//   existing tokens to access resources. If the pool is undeleted, existing
	//   tokens grant access again.
	State pulumi.StringOutput `pulumi:"state"`
	// The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
	// digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringOutput `pulumi:"workforcePoolId"`
}

Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.

To get more information about WorkforcePool, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools) * How-to Guides

> **Note:** Ask your Google Cloud account team to request access to workforce identity federation for your billing/quota project. The account team notifies you when the project is granted access.

## Example Usage

### Iam Workforce Pool Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
			DisplayName:     pulumi.String("Display name"),
			Description:     pulumi.String("A sample workforce pool."),
			Disabled:        pulumi.Bool(false),
			SessionDuration: pulumi.String("7200s"),
			AccessRestrictions: &iam.WorkforcePoolAccessRestrictionsArgs{
				AllowedServices: iam.WorkforcePoolAccessRestrictionsAllowedServiceArray{
					&iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs{
						Domain: pulumi.String("backstory.chronicle.security"),
					},
				},
				DisableProgrammaticSignin: pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkforcePool can be imported using any of these accepted formats:

* `locations/{{location}}/workforcePools/{{workforce_pool_id}}`

* `{{location}}/{{workforce_pool_id}}`

When using the `pulumi import` command, WorkforcePool can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workforcePool:WorkforcePool default locations/{{location}}/workforcePools/{{workforce_pool_id}} ```

```sh $ pulumi import gcp:iam/workforcePool:WorkforcePool default {{location}}/{{workforce_pool_id}} ```

func GetWorkforcePool 

func GetWorkforcePool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolState, opts ...pulumi.ResourceOption) (*WorkforcePool, error)

GetWorkforcePool gets an existing WorkforcePool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePool 

func NewWorkforcePool(ctx *pulumi.Context,
	name string, args *WorkforcePoolArgs, opts ...pulumi.ResourceOption) (*WorkforcePool, error)

NewWorkforcePool registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePool) ElementType 

func (*WorkforcePool) ElementType() reflect.Type

func (*WorkforcePool) ToWorkforcePoolOutput 

func (i *WorkforcePool) ToWorkforcePoolOutput() WorkforcePoolOutput

func (*WorkforcePool) ToWorkforcePoolOutputWithContext 

func (i *WorkforcePool) ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput

type WorkforcePoolAccessRestrictions 

type WorkforcePoolAccessRestrictions struct {
	// Services allowed for web sign-in with the workforce pool.
	// If not set by default there are no restrictions.
	// Structure is documented below.
	AllowedServices []WorkforcePoolAccessRestrictionsAllowedService `pulumi:"allowedServices"`
	// Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
	// See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
	DisableProgrammaticSignin *bool `pulumi:"disableProgrammaticSignin"`
}

type WorkforcePoolAccessRestrictionsAllowedService 

type WorkforcePoolAccessRestrictionsAllowedService struct {
	// Domain name of the service.
	// Example: console.cloud.google
	Domain *string `pulumi:"domain"`
}

type WorkforcePoolAccessRestrictionsAllowedServiceArgs 

type WorkforcePoolAccessRestrictionsAllowedServiceArgs struct {
	// Domain name of the service.
	// Example: console.cloud.google
	Domain pulumi.StringPtrInput `pulumi:"domain"`
}

func (WorkforcePoolAccessRestrictionsAllowedServiceArgs) ElementType 

func (WorkforcePoolAccessRestrictionsAllowedServiceArgs) ElementType() reflect.Type

func (WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput 

func (i WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput() WorkforcePoolAccessRestrictionsAllowedServiceOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext 

func (i WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceOutput

type WorkforcePoolAccessRestrictionsAllowedServiceArray 

type WorkforcePoolAccessRestrictionsAllowedServiceArray []WorkforcePoolAccessRestrictionsAllowedServiceInput

func (WorkforcePoolAccessRestrictionsAllowedServiceArray) ElementType 

func (WorkforcePoolAccessRestrictionsAllowedServiceArray) ElementType() reflect.Type

func (WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput 

func (i WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput() WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext 

func (i WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

type WorkforcePoolAccessRestrictionsAllowedServiceArrayInput 

type WorkforcePoolAccessRestrictionsAllowedServiceArrayInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput() WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput
	ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput
}

WorkforcePoolAccessRestrictionsAllowedServiceArrayInput is an input type that accepts WorkforcePoolAccessRestrictionsAllowedServiceArray and WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsAllowedServiceArrayInput` via: 

WorkforcePoolAccessRestrictionsAllowedServiceArray{ WorkforcePoolAccessRestrictionsAllowedServiceArgs{...} }

type WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput 

type WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ElementType 

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ElementType() reflect.Type

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) Index 

func (o WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) Index(i pulumi.IntInput) WorkforcePoolAccessRestrictionsAllowedServiceOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput 

func (o WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput() WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext 

func (o WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

type WorkforcePoolAccessRestrictionsAllowedServiceInput 

type WorkforcePoolAccessRestrictionsAllowedServiceInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsAllowedServiceOutput() WorkforcePoolAccessRestrictionsAllowedServiceOutput
	ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsAllowedServiceOutput
}

WorkforcePoolAccessRestrictionsAllowedServiceInput is an input type that accepts WorkforcePoolAccessRestrictionsAllowedServiceArgs and WorkforcePoolAccessRestrictionsAllowedServiceOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsAllowedServiceInput` via: 

WorkforcePoolAccessRestrictionsAllowedServiceArgs{...}

type WorkforcePoolAccessRestrictionsAllowedServiceOutput 

type WorkforcePoolAccessRestrictionsAllowedServiceOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) Domain 

func (o WorkforcePoolAccessRestrictionsAllowedServiceOutput) Domain() pulumi.StringPtrOutput

Domain name of the service. Example: console.cloud.google

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) ElementType 

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) ElementType() reflect.Type

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput 

func (o WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput() WorkforcePoolAccessRestrictionsAllowedServiceOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext 

func (o WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceOutput

type WorkforcePoolAccessRestrictionsArgs 

type WorkforcePoolAccessRestrictionsArgs struct {
	// Services allowed for web sign-in with the workforce pool.
	// If not set by default there are no restrictions.
	// Structure is documented below.
	AllowedServices WorkforcePoolAccessRestrictionsAllowedServiceArrayInput `pulumi:"allowedServices"`
	// Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
	// See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
	DisableProgrammaticSignin pulumi.BoolPtrInput `pulumi:"disableProgrammaticSignin"`
}

func (WorkforcePoolAccessRestrictionsArgs) ElementType 

func (WorkforcePoolAccessRestrictionsArgs) ElementType() reflect.Type

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutput 

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutput() WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutputWithContext 

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutput 

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext 

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsPtrOutput

type WorkforcePoolAccessRestrictionsInput 

type WorkforcePoolAccessRestrictionsInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsOutput() WorkforcePoolAccessRestrictionsOutput
	ToWorkforcePoolAccessRestrictionsOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsOutput
}

WorkforcePoolAccessRestrictionsInput is an input type that accepts WorkforcePoolAccessRestrictionsArgs and WorkforcePoolAccessRestrictionsOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsInput` via: 

WorkforcePoolAccessRestrictionsArgs{...}

type WorkforcePoolAccessRestrictionsOutput 

type WorkforcePoolAccessRestrictionsOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsOutput) AllowedServices 

func (o WorkforcePoolAccessRestrictionsOutput) AllowedServices() WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.

func (WorkforcePoolAccessRestrictionsOutput) DisableProgrammaticSignin 

func (o WorkforcePoolAccessRestrictionsOutput) DisableProgrammaticSignin() pulumi.BoolPtrOutput

Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).

func (WorkforcePoolAccessRestrictionsOutput) ElementType 

func (WorkforcePoolAccessRestrictionsOutput) ElementType() reflect.Type

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutput 

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutput() WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutputWithContext 

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutput 

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext 

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsPtrOutput

type WorkforcePoolAccessRestrictionsPtrInput 

type WorkforcePoolAccessRestrictionsPtrInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput
	ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsPtrOutput
}

WorkforcePoolAccessRestrictionsPtrInput is an input type that accepts WorkforcePoolAccessRestrictionsArgs, WorkforcePoolAccessRestrictionsPtr and WorkforcePoolAccessRestrictionsPtrOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsPtrInput` via: 

        WorkforcePoolAccessRestrictionsArgs{...}

or:

        nil

func WorkforcePoolAccessRestrictionsPtr 

func WorkforcePoolAccessRestrictionsPtr(v *WorkforcePoolAccessRestrictionsArgs) WorkforcePoolAccessRestrictionsPtrInput

type WorkforcePoolAccessRestrictionsPtrOutput 

type WorkforcePoolAccessRestrictionsPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsPtrOutput) AllowedServices 

func (o WorkforcePoolAccessRestrictionsPtrOutput) AllowedServices() WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.

func (WorkforcePoolAccessRestrictionsPtrOutput) DisableProgrammaticSignin 

func (o WorkforcePoolAccessRestrictionsPtrOutput) DisableProgrammaticSignin() pulumi.BoolPtrOutput

Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).

func (WorkforcePoolAccessRestrictionsPtrOutput) Elem 

func (o WorkforcePoolAccessRestrictionsPtrOutput) Elem() WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsPtrOutput) ElementType 

func (WorkforcePoolAccessRestrictionsPtrOutput) ElementType() reflect.Type

func (WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutput 

func (o WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput

func (WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext 

func (o WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsPtrOutput

type WorkforcePoolArgs 

type WorkforcePoolArgs struct {
	// Configure access restrictions on the workforce pool users. This is an optional field. If specified web
	// sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	// Structure is documented below.
	AccessRestrictions WorkforcePoolAccessRestrictionsPtrInput
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
	// or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The location for the resource.
	Location pulumi.StringInput
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	//
	// ***
	Parent pulumi.StringInput
	// Duration that the Google Cloud access tokens, console sign-in sessions,
	// and `gcloud` sign-in sessions from this pool are valid.
	// Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
	// If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s).
	// A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".
	SessionDuration pulumi.StringPtrInput
	// The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
	// digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringInput
}

The set of arguments for constructing a WorkforcePool resource.

func (WorkforcePoolArgs) ElementType 

func (WorkforcePoolArgs) ElementType() reflect.Type

type WorkforcePoolArray 

type WorkforcePoolArray []WorkforcePoolInput

func (WorkforcePoolArray) ElementType 

func (WorkforcePoolArray) ElementType() reflect.Type

func (WorkforcePoolArray) ToWorkforcePoolArrayOutput 

func (i WorkforcePoolArray) ToWorkforcePoolArrayOutput() WorkforcePoolArrayOutput

func (WorkforcePoolArray) ToWorkforcePoolArrayOutputWithContext 

func (i WorkforcePoolArray) ToWorkforcePoolArrayOutputWithContext(ctx context.Context) WorkforcePoolArrayOutput

type WorkforcePoolArrayInput 

type WorkforcePoolArrayInput interface {
	pulumi.Input

	ToWorkforcePoolArrayOutput() WorkforcePoolArrayOutput
	ToWorkforcePoolArrayOutputWithContext(context.Context) WorkforcePoolArrayOutput
}

WorkforcePoolArrayInput is an input type that accepts WorkforcePoolArray and WorkforcePoolArrayOutput values. You can construct a concrete instance of `WorkforcePoolArrayInput` via: 

WorkforcePoolArray{ WorkforcePoolArgs{...} }

type WorkforcePoolArrayOutput 

type WorkforcePoolArrayOutput struct{ *pulumi.OutputState }

func (WorkforcePoolArrayOutput) ElementType 

func (WorkforcePoolArrayOutput) ElementType() reflect.Type

func (WorkforcePoolArrayOutput) Index 

func (o WorkforcePoolArrayOutput) Index(i pulumi.IntInput) WorkforcePoolOutput

func (WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutput 

func (o WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutput() WorkforcePoolArrayOutput

func (WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutputWithContext 

func (o WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutputWithContext(ctx context.Context) WorkforcePoolArrayOutput

type WorkforcePoolInput 

type WorkforcePoolInput interface {
	pulumi.Input

	ToWorkforcePoolOutput() WorkforcePoolOutput
	ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput
}

type WorkforcePoolMap 

type WorkforcePoolMap map[string]WorkforcePoolInput

func (WorkforcePoolMap) ElementType 

func (WorkforcePoolMap) ElementType() reflect.Type

func (WorkforcePoolMap) ToWorkforcePoolMapOutput 

func (i WorkforcePoolMap) ToWorkforcePoolMapOutput() WorkforcePoolMapOutput

func (WorkforcePoolMap) ToWorkforcePoolMapOutputWithContext 

func (i WorkforcePoolMap) ToWorkforcePoolMapOutputWithContext(ctx context.Context) WorkforcePoolMapOutput

type WorkforcePoolMapInput 

type WorkforcePoolMapInput interface {
	pulumi.Input

	ToWorkforcePoolMapOutput() WorkforcePoolMapOutput
	ToWorkforcePoolMapOutputWithContext(context.Context) WorkforcePoolMapOutput
}

WorkforcePoolMapInput is an input type that accepts WorkforcePoolMap and WorkforcePoolMapOutput values. You can construct a concrete instance of `WorkforcePoolMapInput` via: 

WorkforcePoolMap{ "key": WorkforcePoolArgs{...} }

type WorkforcePoolMapOutput 

type WorkforcePoolMapOutput struct{ *pulumi.OutputState }

func (WorkforcePoolMapOutput) ElementType 

func (WorkforcePoolMapOutput) ElementType() reflect.Type

func (WorkforcePoolMapOutput) MapIndex 

func (o WorkforcePoolMapOutput) MapIndex(k pulumi.StringInput) WorkforcePoolOutput

func (WorkforcePoolMapOutput) ToWorkforcePoolMapOutput 

func (o WorkforcePoolMapOutput) ToWorkforcePoolMapOutput() WorkforcePoolMapOutput

func (WorkforcePoolMapOutput) ToWorkforcePoolMapOutputWithContext 

func (o WorkforcePoolMapOutput) ToWorkforcePoolMapOutputWithContext(ctx context.Context) WorkforcePoolMapOutput

type WorkforcePoolOutput 

type WorkforcePoolOutput struct{ *pulumi.OutputState }

func (WorkforcePoolOutput) AccessRestrictions 

func (o WorkforcePoolOutput) AccessRestrictions() WorkforcePoolAccessRestrictionsPtrOutput

Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.

func (WorkforcePoolOutput) Description 

func (o WorkforcePoolOutput) Description() pulumi.StringPtrOutput

A user-specified description of the pool. Cannot exceed 256 characters.

func (WorkforcePoolOutput) Disabled 

func (o WorkforcePoolOutput) Disabled() pulumi.BoolPtrOutput

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkforcePoolOutput) DisplayName 

func (o WorkforcePoolOutput) DisplayName() pulumi.StringPtrOutput

A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.

func (WorkforcePoolOutput) ElementType 

func (WorkforcePoolOutput) ElementType() reflect.Type

func (WorkforcePoolOutput) Location 

func (o WorkforcePoolOutput) Location() pulumi.StringOutput

The location for the resource.

func (WorkforcePoolOutput) Name 

func (o WorkforcePoolOutput) Name() pulumi.StringOutput

Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforcePoolId}`

func (WorkforcePoolOutput) Parent 

func (o WorkforcePoolOutput) Parent() pulumi.StringOutput

Immutable. The resource name of the parent. Format: `organizations/{org-id}`.

***

func (WorkforcePoolOutput) SessionDuration 

func (o WorkforcePoolOutput) SessionDuration() pulumi.StringPtrOutput

Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".

func (WorkforcePoolOutput) State 

func (o WorkforcePoolOutput) State() pulumi.StringOutput

Output only. The state of the pool.

func (WorkforcePoolOutput) ToWorkforcePoolOutput 

func (o WorkforcePoolOutput) ToWorkforcePoolOutput() WorkforcePoolOutput

func (WorkforcePoolOutput) ToWorkforcePoolOutputWithContext 

func (o WorkforcePoolOutput) ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput

func (WorkforcePoolOutput) WorkforcePoolId 

func (o WorkforcePoolOutput) WorkforcePoolId() pulumi.StringOutput

The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkforcePoolProvider 

type WorkforcePoolProvider struct {
	pulumi.CustomResourceState

	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrOutput `pulumi:"attributeCondition"`
	// Maps attributes from the authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
	//   This is also the subject that appears in Cloud Logging logs. This is a required field and
	//   the mapped subject cannot exceed 127 bytes.
	// * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
	//   resources using an IAM `principalSet` binding; access applies to all members of the group.
	// * `google.display_name`: The name of the authenticated user. This is an optional field and
	//   the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	// * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
	//   This is an optional field. When set, the image will be visible as the user's profile picture.
	//   If not set, a generic user icon will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
	//   is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
	//   The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
	//   to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
	//   For example, the following maps the sub claim of the incoming credential to the `subject` attribute
	//   on a Google token:
	// An object containing a list of `"key": value` pairs.
	// Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The configuration for OAuth 2.0 client used to get the additional user
	// attributes. This should be used when users can't get the desired claims
	// in authentication credentials. Currently this configuration is only
	// supported with OIDC protocol.
	// Structure is documented below.
	ExtraAttributesOauth2Client WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput `pulumi:"extraAttributesOauth2Client"`
	// The location for the resource.
	Location pulumi.StringOutput `pulumi:"location"`
	// Output only. The resource name of the provider.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`
	Name pulumi.StringOutput `pulumi:"name"`
	// Represents an OpenId Connect 1.0 identity provider.
	// Structure is documented below.
	Oidc WorkforcePoolProviderOidcPtrOutput `pulumi:"oidc"`
	// The ID for the provider, which becomes the final component of the resource name.
	// This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	ProviderId pulumi.StringOutput `pulumi:"providerId"`
	// Represents a SAML identity provider.
	// Structure is documented below.
	Saml WorkforcePoolProviderSamlPtrOutput `pulumi:"saml"`
	// The current state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently
	//   deleted after approximately 30 days. You can restore a soft-deleted provider using
	//   [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).
	State pulumi.StringOutput `pulumi:"state"`
	// The ID to use for the pool, which becomes the final component of the resource name.
	// The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.
	// It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringOutput `pulumi:"workforcePoolId"`
}

A configuration for an external identity provider.

To get more information about WorkforcePoolProvider, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers) * How-to Guides

> **Note:** Ask your Google Cloud account team to request access to workforce identity federation for your billing/quota project. The account team notifies you when the project is granted access.

## Example Usage

### Iam Workforce Pool Provider Saml Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Saml: &iam.WorkforcePoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String("<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Saml Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Saml: &iam.WorkforcePoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String("<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>"),
			},
			DisplayName:        pulumi.String("Display name"),
			Description:        pulumi.String("A sample SAML workforce pool provider."),
			Disabled:           pulumi.Bool(false),
			AttributeCondition: pulumi.String("true"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Oidc Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Oidc Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
					AdditionalScopes: pulumi.StringArray{
						pulumi.String("groups"),
						pulumi.String("roles"),
					},
				},
			},
			DisplayName:        pulumi.String("Display name"),
			Description:        pulumi.String("A sample OIDC workforce pool provider."),
			Disabled:           pulumi.Bool(false),
			AttributeCondition: pulumi.String("true"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
				ClientId:  pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
				},
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
			},
			ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
				IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
					Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
				ClientId:  pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
				},
			},
			ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
				IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
					Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
				QueryParameters: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{
					Filter: pulumi.String("mail:gcp"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkforcePoolProvider can be imported using any of these accepted formats:

* `locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}`

* `{{location}}/{{workforce_pool_id}}/{{provider_id}}`

When using the `pulumi import` command, WorkforcePoolProvider can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}} ```

```sh $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default {{location}}/{{workforce_pool_id}}/{{provider_id}} ```

func GetWorkforcePoolProvider 

func GetWorkforcePoolProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolProviderState, opts ...pulumi.ResourceOption) (*WorkforcePoolProvider, error)

GetWorkforcePoolProvider gets an existing WorkforcePoolProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePoolProvider 

func NewWorkforcePoolProvider(ctx *pulumi.Context,
	name string, args *WorkforcePoolProviderArgs, opts ...pulumi.ResourceOption) (*WorkforcePoolProvider, error)

NewWorkforcePoolProvider registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePoolProvider) ElementType 

func (*WorkforcePoolProvider) ElementType() reflect.Type

func (*WorkforcePoolProvider) ToWorkforcePoolProviderOutput 

func (i *WorkforcePoolProvider) ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput

func (*WorkforcePoolProvider) ToWorkforcePoolProviderOutputWithContext 

func (i *WorkforcePoolProvider) ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput

type WorkforcePoolProviderArgs 

type WorkforcePoolProviderArgs struct {
	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from the authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
	//   This is also the subject that appears in Cloud Logging logs. This is a required field and
	//   the mapped subject cannot exceed 127 bytes.
	// * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
	//   resources using an IAM `principalSet` binding; access applies to all members of the group.
	// * `google.display_name`: The name of the authenticated user. This is an optional field and
	//   the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	// * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
	//   This is an optional field. When set, the image will be visible as the user's profile picture.
	//   If not set, a generic user icon will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
	//   is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
	//   The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
	//   to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
	//   For example, the following maps the sub claim of the incoming credential to the `subject` attribute
	//   on a Google token:
	// An object containing a list of `"key": value` pairs.
	// Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
	AttributeMapping pulumi.StringMapInput
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The configuration for OAuth 2.0 client used to get the additional user
	// attributes. This should be used when users can't get the desired claims
	// in authentication credentials. Currently this configuration is only
	// supported with OIDC protocol.
	// Structure is documented below.
	ExtraAttributesOauth2Client WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput
	// The location for the resource.
	Location pulumi.StringInput
	// Represents an OpenId Connect 1.0 identity provider.
	// Structure is documented below.
	Oidc WorkforcePoolProviderOidcPtrInput
	// The ID for the provider, which becomes the final component of the resource name.
	// This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	ProviderId pulumi.StringInput
	// Represents a SAML identity provider.
	// Structure is documented below.
	Saml WorkforcePoolProviderSamlPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name.
	// The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.
	// It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringInput
}

The set of arguments for constructing a WorkforcePoolProvider resource.

func (WorkforcePoolProviderArgs) ElementType 

func (WorkforcePoolProviderArgs) ElementType() reflect.Type

type WorkforcePoolProviderArray 

type WorkforcePoolProviderArray []WorkforcePoolProviderInput

func (WorkforcePoolProviderArray) ElementType 

func (WorkforcePoolProviderArray) ElementType() reflect.Type

func (WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutput 

func (i WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutput() WorkforcePoolProviderArrayOutput

func (WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutputWithContext 

func (i WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutputWithContext(ctx context.Context) WorkforcePoolProviderArrayOutput

type WorkforcePoolProviderArrayInput 

type WorkforcePoolProviderArrayInput interface {
	pulumi.Input

	ToWorkforcePoolProviderArrayOutput() WorkforcePoolProviderArrayOutput
	ToWorkforcePoolProviderArrayOutputWithContext(context.Context) WorkforcePoolProviderArrayOutput
}

WorkforcePoolProviderArrayInput is an input type that accepts WorkforcePoolProviderArray and WorkforcePoolProviderArrayOutput values. You can construct a concrete instance of `WorkforcePoolProviderArrayInput` via: 

WorkforcePoolProviderArray{ WorkforcePoolProviderArgs{...} }

type WorkforcePoolProviderArrayOutput 

type WorkforcePoolProviderArrayOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderArrayOutput) ElementType 

func (WorkforcePoolProviderArrayOutput) ElementType() reflect.Type

func (WorkforcePoolProviderArrayOutput) Index 

func (o WorkforcePoolProviderArrayOutput) Index(i pulumi.IntInput) WorkforcePoolProviderOutput

func (WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutput 

func (o WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutput() WorkforcePoolProviderArrayOutput

func (WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutputWithContext 

func (o WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutputWithContext(ctx context.Context) WorkforcePoolProviderArrayOutput

type WorkforcePoolProviderExtraAttributesOauth2Client 

type WorkforcePoolProviderExtraAttributesOauth2Client struct {
	// Represents the IdP and type of claims that should be fetched.
	// * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
	//   in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
	//   See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
	//   'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
	AttributesType string `pulumi:"attributesType"`
	// The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientId string `pulumi:"clientId"`
	// The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientSecret WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret `pulumi:"clientSecret"`
	// The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
	IssuerUri string `pulumi:"issuerUri"`
	// Represents the parameters to control which claims are fetched from an IdP.
	QueryParameters *WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters `pulumi:"queryParameters"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientArgs 

type WorkforcePoolProviderExtraAttributesOauth2ClientArgs struct {
	// Represents the IdP and type of claims that should be fetched.
	// * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
	//   in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
	//   See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
	//   'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
	AttributesType pulumi.StringInput `pulumi:"attributesType"`
	// The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientId pulumi.StringInput `pulumi:"clientId"`
	// The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientSecret WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput `pulumi:"clientSecret"`
	// The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// Represents the parameters to control which claims are fetched from an IdP.
	QueryParameters WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput `pulumi:"queryParameters"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput() WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret struct {
	// The value of the client secret.
	// Structure is documented below.
	Value *WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue `pulumi:"value"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs struct {
	// The value of the client secret.
	// Structure is documented below.
	Value WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput `pulumi:"value"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput` via: 

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) Value 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) Value() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs, WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtr and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput` via: 

        WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{...}

or:

        nil

func WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtr 

func WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtr(v *WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) Elem 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) Elem() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) Value 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) Value() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue struct {
	// The plain text of the client secret value.
	PlainText string `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint *string `pulumi:"thumbprint"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs struct {
	// The plain text of the client secret value.
	PlainText pulumi.StringInput `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint pulumi.StringPtrInput `pulumi:"thumbprint"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput` via: 

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) PlainText 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) PlainText() pulumi.StringOutput

The plain text of the client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) Thumbprint 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) Thumbprint() pulumi.StringPtrOutput

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs, WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtr and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput` via: 

        WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{...}

or:

        nil

func WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtr 

func WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtr(v *WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) Elem 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) Elem() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) PlainText 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) PlainText() pulumi.StringPtrOutput

The plain text of the client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) Thumbprint 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) Thumbprint() pulumi.StringPtrOutput

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput() WorkforcePoolProviderExtraAttributesOauth2ClientOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientArgs and WorkforcePoolProviderExtraAttributesOauth2ClientOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientInput` via: 

WorkforcePoolProviderExtraAttributesOauth2ClientArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) AttributesType 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) AttributesType() pulumi.StringOutput

Represents the IdP and type of claims that should be fetched.

  • AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping. See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on 'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ClientId 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ClientId() pulumi.StringOutput

The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ClientSecret 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ClientSecret() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) IssuerUri 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) IssuerUri() pulumi.StringOutput

The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) QueryParameters 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) QueryParameters() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

Represents the parameters to control which claims are fetched from an IdP.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput() WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientArgs, WorkforcePoolProviderExtraAttributesOauth2ClientPtr and WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput` via: 

        WorkforcePoolProviderExtraAttributesOauth2ClientArgs{...}

or:

        nil

func WorkforcePoolProviderExtraAttributesOauth2ClientPtr 

func WorkforcePoolProviderExtraAttributesOauth2ClientPtr(v *WorkforcePoolProviderExtraAttributesOauth2ClientArgs) WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) AttributesType 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) AttributesType() pulumi.StringPtrOutput

Represents the IdP and type of claims that should be fetched.

  • AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping. See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on 'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ClientId 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ClientId() pulumi.StringPtrOutput

The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ClientSecret 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ClientSecret() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) Elem 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) Elem() WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) IssuerUri 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) IssuerUri() pulumi.StringPtrOutput

The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) QueryParameters 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) QueryParameters() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

Represents the parameters to control which claims are fetched from an IdP.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters 

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters struct {
	// The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
	// filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
	// groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
	Filter *string `pulumi:"filter"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs 

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs struct {
	// The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
	// filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
	// groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
	Filter pulumi.StringPtrInput `pulumi:"filter"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext 

func (i WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs and WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput` via: 

WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) Filter 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) Filter() pulumi.StringPtrOutput

The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput 

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs, WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtr and WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput` via: 

        WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{...}

or:

        nil

func WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtr 

func WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtr(v *WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput 

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) Elem 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) Elem() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ElementType 

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) Filter 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) Filter() pulumi.StringPtrOutput

The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext 

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

type WorkforcePoolProviderInput 

type WorkforcePoolProviderInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput
	ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput
}

type WorkforcePoolProviderMap 

type WorkforcePoolProviderMap map[string]WorkforcePoolProviderInput

func (WorkforcePoolProviderMap) ElementType 

func (WorkforcePoolProviderMap) ElementType() reflect.Type

func (WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutput 

func (i WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutput() WorkforcePoolProviderMapOutput

func (WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutputWithContext 

func (i WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutputWithContext(ctx context.Context) WorkforcePoolProviderMapOutput

type WorkforcePoolProviderMapInput 

type WorkforcePoolProviderMapInput interface {
	pulumi.Input

	ToWorkforcePoolProviderMapOutput() WorkforcePoolProviderMapOutput
	ToWorkforcePoolProviderMapOutputWithContext(context.Context) WorkforcePoolProviderMapOutput
}

WorkforcePoolProviderMapInput is an input type that accepts WorkforcePoolProviderMap and WorkforcePoolProviderMapOutput values. You can construct a concrete instance of `WorkforcePoolProviderMapInput` via: 

WorkforcePoolProviderMap{ "key": WorkforcePoolProviderArgs{...} }

type WorkforcePoolProviderMapOutput 

type WorkforcePoolProviderMapOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderMapOutput) ElementType 

func (WorkforcePoolProviderMapOutput) ElementType() reflect.Type

func (WorkforcePoolProviderMapOutput) MapIndex 

func (o WorkforcePoolProviderMapOutput) MapIndex(k pulumi.StringInput) WorkforcePoolProviderOutput

func (WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutput 

func (o WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutput() WorkforcePoolProviderMapOutput

func (WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutputWithContext 

func (o WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutputWithContext(ctx context.Context) WorkforcePoolProviderMapOutput

type WorkforcePoolProviderOidc 

type WorkforcePoolProviderOidc struct {
	// The client ID. Must match the audience claim of the JWT issued by the identity provider.
	ClientId string `pulumi:"clientId"`
	// The optional client secret. Required to enable Authorization Code flow for web sign-in.
	// Structure is documented below.
	ClientSecret *WorkforcePoolProviderOidcClientSecret `pulumi:"clientSecret"`
	// The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson *string `pulumi:"jwksJson"`
	// Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
	// Structure is documented below.
	WebSsoConfig *WorkforcePoolProviderOidcWebSsoConfig `pulumi:"webSsoConfig"`
}

type WorkforcePoolProviderOidcArgs 

type WorkforcePoolProviderOidcArgs struct {
	// The client ID. Must match the audience claim of the JWT issued by the identity provider.
	ClientId pulumi.StringInput `pulumi:"clientId"`
	// The optional client secret. Required to enable Authorization Code flow for web sign-in.
	// Structure is documented below.
	ClientSecret WorkforcePoolProviderOidcClientSecretPtrInput `pulumi:"clientSecret"`
	// The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson pulumi.StringPtrInput `pulumi:"jwksJson"`
	// Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
	// Structure is documented below.
	WebSsoConfig WorkforcePoolProviderOidcWebSsoConfigPtrInput `pulumi:"webSsoConfig"`
}

func (WorkforcePoolProviderOidcArgs) ElementType 

func (WorkforcePoolProviderOidcArgs) ElementType() reflect.Type

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutput 

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutput() WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutputWithContext 

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutput 

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutputWithContext 

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcPtrOutput

type WorkforcePoolProviderOidcClientSecret 

type WorkforcePoolProviderOidcClientSecret struct {
	// The value of the client secret.
	// Structure is documented below.
	Value *WorkforcePoolProviderOidcClientSecretValue `pulumi:"value"`
}

type WorkforcePoolProviderOidcClientSecretArgs 

type WorkforcePoolProviderOidcClientSecretArgs struct {
	// The value of the client secret.
	// Structure is documented below.
	Value WorkforcePoolProviderOidcClientSecretValuePtrInput `pulumi:"value"`
}

func (WorkforcePoolProviderOidcClientSecretArgs) ElementType 

func (WorkforcePoolProviderOidcClientSecretArgs) ElementType() reflect.Type

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutput 

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutput() WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutputWithContext 

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutput 

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext 

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput

type WorkforcePoolProviderOidcClientSecretInput 

type WorkforcePoolProviderOidcClientSecretInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretOutput() WorkforcePoolProviderOidcClientSecretOutput
	ToWorkforcePoolProviderOidcClientSecretOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretOutput
}

WorkforcePoolProviderOidcClientSecretInput is an input type that accepts WorkforcePoolProviderOidcClientSecretArgs and WorkforcePoolProviderOidcClientSecretOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretInput` via: 

WorkforcePoolProviderOidcClientSecretArgs{...}

type WorkforcePoolProviderOidcClientSecretOutput 

type WorkforcePoolProviderOidcClientSecretOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretOutput) ElementType 

func (WorkforcePoolProviderOidcClientSecretOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutput 

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutput() WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutputWithContext 

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput 

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext 

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretOutput) Value 

func (o WorkforcePoolProviderOidcClientSecretOutput) Value() WorkforcePoolProviderOidcClientSecretValuePtrOutput

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderOidcClientSecretPtrInput 

type WorkforcePoolProviderOidcClientSecretPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput
	ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput
}

WorkforcePoolProviderOidcClientSecretPtrInput is an input type that accepts WorkforcePoolProviderOidcClientSecretArgs, WorkforcePoolProviderOidcClientSecretPtr and WorkforcePoolProviderOidcClientSecretPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretPtrInput` via: 

        WorkforcePoolProviderOidcClientSecretArgs{...}

or:

        nil

func WorkforcePoolProviderOidcClientSecretPtr 

func WorkforcePoolProviderOidcClientSecretPtr(v *WorkforcePoolProviderOidcClientSecretArgs) WorkforcePoolProviderOidcClientSecretPtrInput

type WorkforcePoolProviderOidcClientSecretPtrOutput 

type WorkforcePoolProviderOidcClientSecretPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretPtrOutput) Elem 

func (o WorkforcePoolProviderOidcClientSecretPtrOutput) Elem() WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretPtrOutput) ElementType 

func (WorkforcePoolProviderOidcClientSecretPtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput 

func (o WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext 

func (o WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretPtrOutput) Value 

func (o WorkforcePoolProviderOidcClientSecretPtrOutput) Value() WorkforcePoolProviderOidcClientSecretValuePtrOutput

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderOidcClientSecretValue 

type WorkforcePoolProviderOidcClientSecretValue struct {
	// The plain text of the client secret value.
	PlainText string `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint *string `pulumi:"thumbprint"`
}

type WorkforcePoolProviderOidcClientSecretValueArgs 

type WorkforcePoolProviderOidcClientSecretValueArgs struct {
	// The plain text of the client secret value.
	PlainText pulumi.StringInput `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint pulumi.StringPtrInput `pulumi:"thumbprint"`
}

func (WorkforcePoolProviderOidcClientSecretValueArgs) ElementType 

func (WorkforcePoolProviderOidcClientSecretValueArgs) ElementType() reflect.Type

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutput 

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutput() WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext 

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput 

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext 

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput

type WorkforcePoolProviderOidcClientSecretValueInput 

type WorkforcePoolProviderOidcClientSecretValueInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretValueOutput() WorkforcePoolProviderOidcClientSecretValueOutput
	ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretValueOutput
}

WorkforcePoolProviderOidcClientSecretValueInput is an input type that accepts WorkforcePoolProviderOidcClientSecretValueArgs and WorkforcePoolProviderOidcClientSecretValueOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretValueInput` via: 

WorkforcePoolProviderOidcClientSecretValueArgs{...}

type WorkforcePoolProviderOidcClientSecretValueOutput 

type WorkforcePoolProviderOidcClientSecretValueOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretValueOutput) ElementType 

func (WorkforcePoolProviderOidcClientSecretValueOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcClientSecretValueOutput) PlainText 

func (o WorkforcePoolProviderOidcClientSecretValueOutput) PlainText() pulumi.StringOutput

The plain text of the client secret value.

func (WorkforcePoolProviderOidcClientSecretValueOutput) Thumbprint 

func (o WorkforcePoolProviderOidcClientSecretValueOutput) Thumbprint() pulumi.StringPtrOutput

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutput 

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutput() WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext 

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput 

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext 

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput

type WorkforcePoolProviderOidcClientSecretValuePtrInput 

type WorkforcePoolProviderOidcClientSecretValuePtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput
	ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput
}

WorkforcePoolProviderOidcClientSecretValuePtrInput is an input type that accepts WorkforcePoolProviderOidcClientSecretValueArgs, WorkforcePoolProviderOidcClientSecretValuePtr and WorkforcePoolProviderOidcClientSecretValuePtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretValuePtrInput` via: 

        WorkforcePoolProviderOidcClientSecretValueArgs{...}

or:

        nil

func WorkforcePoolProviderOidcClientSecretValuePtr 

func WorkforcePoolProviderOidcClientSecretValuePtr(v *WorkforcePoolProviderOidcClientSecretValueArgs) WorkforcePoolProviderOidcClientSecretValuePtrInput

type WorkforcePoolProviderOidcClientSecretValuePtrOutput 

type WorkforcePoolProviderOidcClientSecretValuePtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) Elem 

func (o WorkforcePoolProviderOidcClientSecretValuePtrOutput) Elem() WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) ElementType 

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) PlainText 

func (o WorkforcePoolProviderOidcClientSecretValuePtrOutput) PlainText() pulumi.StringPtrOutput

The plain text of the client secret value.

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) Thumbprint 

func (o WorkforcePoolProviderOidcClientSecretValuePtrOutput) Thumbprint() pulumi.StringPtrOutput

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput 

func (o WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext 

func (o WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput

type WorkforcePoolProviderOidcInput 

type WorkforcePoolProviderOidcInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcOutput() WorkforcePoolProviderOidcOutput
	ToWorkforcePoolProviderOidcOutputWithContext(context.Context) WorkforcePoolProviderOidcOutput
}

WorkforcePoolProviderOidcInput is an input type that accepts WorkforcePoolProviderOidcArgs and WorkforcePoolProviderOidcOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcInput` via: 

WorkforcePoolProviderOidcArgs{...}

type WorkforcePoolProviderOidcOutput 

type WorkforcePoolProviderOidcOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcOutput) ClientId 

func (o WorkforcePoolProviderOidcOutput) ClientId() pulumi.StringOutput

The client ID. Must match the audience claim of the JWT issued by the identity provider.

func (WorkforcePoolProviderOidcOutput) ClientSecret 

func (o WorkforcePoolProviderOidcOutput) ClientSecret() WorkforcePoolProviderOidcClientSecretPtrOutput

The optional client secret. Required to enable Authorization Code flow for web sign-in. Structure is documented below.

func (WorkforcePoolProviderOidcOutput) ElementType 

func (WorkforcePoolProviderOidcOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcOutput) IssuerUri 

func (o WorkforcePoolProviderOidcOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

func (WorkforcePoolProviderOidcOutput) JwksJson 

func (o WorkforcePoolProviderOidcOutput) JwksJson() pulumi.StringPtrOutput

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutput 

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutput() WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutputWithContext 

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutput 

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext 

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcOutput) WebSsoConfig 

func (o WorkforcePoolProviderOidcOutput) WebSsoConfig() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. Structure is documented below.

type WorkforcePoolProviderOidcPtrInput 

type WorkforcePoolProviderOidcPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput
	ToWorkforcePoolProviderOidcPtrOutputWithContext(context.Context) WorkforcePoolProviderOidcPtrOutput
}

WorkforcePoolProviderOidcPtrInput is an input type that accepts WorkforcePoolProviderOidcArgs, WorkforcePoolProviderOidcPtr and WorkforcePoolProviderOidcPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcPtrInput` via: 

        WorkforcePoolProviderOidcArgs{...}

or:

        nil

func WorkforcePoolProviderOidcPtr 

func WorkforcePoolProviderOidcPtr(v *WorkforcePoolProviderOidcArgs) WorkforcePoolProviderOidcPtrInput

type WorkforcePoolProviderOidcPtrOutput 

type WorkforcePoolProviderOidcPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcPtrOutput) ClientId 

func (o WorkforcePoolProviderOidcPtrOutput) ClientId() pulumi.StringPtrOutput

The client ID. Must match the audience claim of the JWT issued by the identity provider.

func (WorkforcePoolProviderOidcPtrOutput) ClientSecret 

func (o WorkforcePoolProviderOidcPtrOutput) ClientSecret() WorkforcePoolProviderOidcClientSecretPtrOutput

The optional client secret. Required to enable Authorization Code flow for web sign-in. Structure is documented below.

func (WorkforcePoolProviderOidcPtrOutput) Elem 

func (o WorkforcePoolProviderOidcPtrOutput) Elem() WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcPtrOutput) ElementType 

func (WorkforcePoolProviderOidcPtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcPtrOutput) IssuerUri 

func (o WorkforcePoolProviderOidcPtrOutput) IssuerUri() pulumi.StringPtrOutput

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

func (WorkforcePoolProviderOidcPtrOutput) JwksJson 

func (o WorkforcePoolProviderOidcPtrOutput) JwksJson() pulumi.StringPtrOutput

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutput 

func (o WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext 

func (o WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcPtrOutput) WebSsoConfig 

func (o WorkforcePoolProviderOidcPtrOutput) WebSsoConfig() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. Structure is documented below.

type WorkforcePoolProviderOidcWebSsoConfig 

type WorkforcePoolProviderOidcWebSsoConfig struct {
	// Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
	// Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
	//
	// <a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:
	AdditionalScopes []string `pulumi:"additionalScopes"`
	// The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
	// * MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
	// * ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims.
	//   Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.
	AssertionClaimsBehavior string `pulumi:"assertionClaimsBehavior"`
	// The Response Type to request for in the OIDC Authorization Request for web sign-in.
	// The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.
	// * CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
	// * ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in.
	//   Possible values are: `CODE`, `ID_TOKEN`.
	ResponseType string `pulumi:"responseType"`
}

type WorkforcePoolProviderOidcWebSsoConfigArgs 

type WorkforcePoolProviderOidcWebSsoConfigArgs struct {
	// Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
	// Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
	//
	// <a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:
	AdditionalScopes pulumi.StringArrayInput `pulumi:"additionalScopes"`
	// The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
	// * MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
	// * ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims.
	//   Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.
	AssertionClaimsBehavior pulumi.StringInput `pulumi:"assertionClaimsBehavior"`
	// The Response Type to request for in the OIDC Authorization Request for web sign-in.
	// The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.
	// * CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
	// * ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in.
	//   Possible values are: `CODE`, `ID_TOKEN`.
	ResponseType pulumi.StringInput `pulumi:"responseType"`
}

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ElementType 

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ElementType() reflect.Type

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutput 

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutput() WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext 

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput 

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext 

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type WorkforcePoolProviderOidcWebSsoConfigInput 

type WorkforcePoolProviderOidcWebSsoConfigInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcWebSsoConfigOutput() WorkforcePoolProviderOidcWebSsoConfigOutput
	ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext(context.Context) WorkforcePoolProviderOidcWebSsoConfigOutput
}

WorkforcePoolProviderOidcWebSsoConfigInput is an input type that accepts WorkforcePoolProviderOidcWebSsoConfigArgs and WorkforcePoolProviderOidcWebSsoConfigOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcWebSsoConfigInput` via: 

WorkforcePoolProviderOidcWebSsoConfigArgs{...}

type WorkforcePoolProviderOidcWebSsoConfigOutput 

type WorkforcePoolProviderOidcWebSsoConfigOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcWebSsoConfigOutput) AdditionalScopes 

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) AdditionalScopes() pulumi.StringArrayOutput

Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.

<a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:

func (WorkforcePoolProviderOidcWebSsoConfigOutput) AssertionClaimsBehavior 

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) AssertionClaimsBehavior() pulumi.StringOutput

The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

  • MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
  • ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ElementType 

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ResponseType 

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ResponseType() pulumi.StringOutput

The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

  • CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
  • ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in. Possible values are: `CODE`, `ID_TOKEN`.

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutput 

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutput() WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext 

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput 

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext 

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type WorkforcePoolProviderOidcWebSsoConfigPtrInput 

type WorkforcePoolProviderOidcWebSsoConfigPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput
	ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput
}

WorkforcePoolProviderOidcWebSsoConfigPtrInput is an input type that accepts WorkforcePoolProviderOidcWebSsoConfigArgs, WorkforcePoolProviderOidcWebSsoConfigPtr and WorkforcePoolProviderOidcWebSsoConfigPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcWebSsoConfigPtrInput` via: 

        WorkforcePoolProviderOidcWebSsoConfigArgs{...}

or:

        nil

func WorkforcePoolProviderOidcWebSsoConfigPtr 

func WorkforcePoolProviderOidcWebSsoConfigPtr(v *WorkforcePoolProviderOidcWebSsoConfigArgs) WorkforcePoolProviderOidcWebSsoConfigPtrInput

type WorkforcePoolProviderOidcWebSsoConfigPtrOutput 

type WorkforcePoolProviderOidcWebSsoConfigPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AdditionalScopes 

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AdditionalScopes() pulumi.StringArrayOutput

Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.

<a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AssertionClaimsBehavior 

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AssertionClaimsBehavior() pulumi.StringPtrOutput

The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

  • MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
  • ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) Elem 

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) Elem() WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ElementType 

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ResponseType 

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ResponseType() pulumi.StringPtrOutput

The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

  • CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
  • ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in. Possible values are: `CODE`, `ID_TOKEN`.

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput 

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext 

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type WorkforcePoolProviderOutput 

type WorkforcePoolProviderOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOutput) AttributeCondition 

func (o WorkforcePoolProviderOutput) AttributeCondition() pulumi.StringPtrOutput

A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions:

func (WorkforcePoolProviderOutput) AttributeMapping 

func (o WorkforcePoolProviderOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported:

  • `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes.
  • `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group.
  • `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings.
  • `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example:
  • `google.subject`: `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
  • `google.groups`: `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
  • `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language](https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the sub claim of the incoming credential to the `subject` attribute on a Google token:

An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.

func (WorkforcePoolProviderOutput) Description 

func (o WorkforcePoolProviderOutput) Description() pulumi.StringPtrOutput

A user-specified description of the provider. Cannot exceed 256 characters.

func (WorkforcePoolProviderOutput) Disabled 

func (o WorkforcePoolProviderOutput) Disabled() pulumi.BoolPtrOutput

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (WorkforcePoolProviderOutput) DisplayName 

func (o WorkforcePoolProviderOutput) DisplayName() pulumi.StringPtrOutput

A user-specified display name for the provider. Cannot exceed 32 characters.

func (WorkforcePoolProviderOutput) ElementType 

func (WorkforcePoolProviderOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOutput) ExtraAttributesOauth2Client 

func (o WorkforcePoolProviderOutput) ExtraAttributesOauth2Client() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

The configuration for OAuth 2.0 client used to get the additional user attributes. This should be used when users can't get the desired claims in authentication credentials. Currently this configuration is only supported with OIDC protocol. Structure is documented below.

func (WorkforcePoolProviderOutput) Location 

func (o WorkforcePoolProviderOutput) Location() pulumi.StringOutput

The location for the resource.

func (WorkforcePoolProviderOutput) Name 

func (o WorkforcePoolProviderOutput) Name() pulumi.StringOutput

Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`

func (WorkforcePoolProviderOutput) Oidc 

func (o WorkforcePoolProviderOutput) Oidc() WorkforcePoolProviderOidcPtrOutput

Represents an OpenId Connect 1.0 identity provider. Structure is documented below.

func (WorkforcePoolProviderOutput) ProviderId 

func (o WorkforcePoolProviderOutput) ProviderId() pulumi.StringOutput

The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

***

func (WorkforcePoolProviderOutput) Saml 

func (o WorkforcePoolProviderOutput) Saml() WorkforcePoolProviderSamlPtrOutput

Represents a SAML identity provider. Structure is documented below.

func (WorkforcePoolProviderOutput) State 

func (o WorkforcePoolProviderOutput) State() pulumi.StringOutput

The current state of the provider.

func (WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutput 

func (o WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput

func (WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutputWithContext 

func (o WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput

func (WorkforcePoolProviderOutput) WorkforcePoolId 

func (o WorkforcePoolProviderOutput) WorkforcePoolId() pulumi.StringOutput

The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkforcePoolProviderSaml 

type WorkforcePoolProviderSaml struct {
	// SAML Identity provider configuration metadata xml doc.
	// The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).
	// The max size of the acceptable xml document will be bounded to 128k characters.
	// The metadata xml document should satisfy the following constraints:
	// 1) Must contain an Identity Provider Entity ID.
	// 2) Must contain at least one non-expired signing key certificate.
	// 3) For each signing key:
	//    a) Valid from should be no more than 7 days from now.
	//    b) Valid to should be no more than 10 years in the future.
	// 4) Up to 3 IdP signing keys are allowed in the metadata xml.
	//    When updating the provider's metadata xml, at least one non-expired signing key
	//    must overlap with the existing metadata. This requirement is skipped if there are
	//    no non-expired signing keys present in the existing metadata.
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

type WorkforcePoolProviderSamlArgs 

type WorkforcePoolProviderSamlArgs struct {
	// SAML Identity provider configuration metadata xml doc.
	// The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).
	// The max size of the acceptable xml document will be bounded to 128k characters.
	// The metadata xml document should satisfy the following constraints:
	// 1) Must contain an Identity Provider Entity ID.
	// 2) Must contain at least one non-expired signing key certificate.
	// 3) For each signing key:
	//    a) Valid from should be no more than 7 days from now.
	//    b) Valid to should be no more than 10 years in the future.
	// 4) Up to 3 IdP signing keys are allowed in the metadata xml.
	//    When updating the provider's metadata xml, at least one non-expired signing key
	//    must overlap with the existing metadata. This requirement is skipped if there are
	//    no non-expired signing keys present in the existing metadata.
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

func (WorkforcePoolProviderSamlArgs) ElementType 

func (WorkforcePoolProviderSamlArgs) ElementType() reflect.Type

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutput 

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutput() WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutputWithContext 

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutput 

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutputWithContext 

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlPtrOutput

type WorkforcePoolProviderSamlInput 

type WorkforcePoolProviderSamlInput interface {
	pulumi.Input

	ToWorkforcePoolProviderSamlOutput() WorkforcePoolProviderSamlOutput
	ToWorkforcePoolProviderSamlOutputWithContext(context.Context) WorkforcePoolProviderSamlOutput
}

WorkforcePoolProviderSamlInput is an input type that accepts WorkforcePoolProviderSamlArgs and WorkforcePoolProviderSamlOutput values. You can construct a concrete instance of `WorkforcePoolProviderSamlInput` via: 

WorkforcePoolProviderSamlArgs{...}

type WorkforcePoolProviderSamlOutput 

type WorkforcePoolProviderSamlOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderSamlOutput) ElementType 

func (WorkforcePoolProviderSamlOutput) ElementType() reflect.Type

func (WorkforcePoolProviderSamlOutput) IdpMetadataXml 

func (o WorkforcePoolProviderSamlOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints:

  1. Must contain an Identity Provider Entity ID.
  2. Must contain at least one non-expired signing key certificate.
  3. For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 10 years in the future.
  4. Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutput 

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutput() WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutputWithContext 

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutput 

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext 

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlPtrOutput

type WorkforcePoolProviderSamlPtrInput 

type WorkforcePoolProviderSamlPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput
	ToWorkforcePoolProviderSamlPtrOutputWithContext(context.Context) WorkforcePoolProviderSamlPtrOutput
}

WorkforcePoolProviderSamlPtrInput is an input type that accepts WorkforcePoolProviderSamlArgs, WorkforcePoolProviderSamlPtr and WorkforcePoolProviderSamlPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderSamlPtrInput` via: 

        WorkforcePoolProviderSamlArgs{...}

or:

        nil

func WorkforcePoolProviderSamlPtr 

func WorkforcePoolProviderSamlPtr(v *WorkforcePoolProviderSamlArgs) WorkforcePoolProviderSamlPtrInput

type WorkforcePoolProviderSamlPtrOutput 

type WorkforcePoolProviderSamlPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderSamlPtrOutput) Elem 

func (o WorkforcePoolProviderSamlPtrOutput) Elem() WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlPtrOutput) ElementType 

func (WorkforcePoolProviderSamlPtrOutput) ElementType() reflect.Type

func (WorkforcePoolProviderSamlPtrOutput) IdpMetadataXml 

func (o WorkforcePoolProviderSamlPtrOutput) IdpMetadataXml() pulumi.StringPtrOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints:

  1. Must contain an Identity Provider Entity ID.
  2. Must contain at least one non-expired signing key certificate.
  3. For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 10 years in the future.
  4. Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.

func (WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutput 

func (o WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput

func (WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext 

func (o WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlPtrOutput

type WorkforcePoolProviderState 

type WorkforcePoolProviderState struct {
	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from the authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
	//   This is also the subject that appears in Cloud Logging logs. This is a required field and
	//   the mapped subject cannot exceed 127 bytes.
	// * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
	//   resources using an IAM `principalSet` binding; access applies to all members of the group.
	// * `google.display_name`: The name of the authenticated user. This is an optional field and
	//   the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	// * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
	//   This is an optional field. When set, the image will be visible as the user's profile picture.
	//   If not set, a generic user icon will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
	//   is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
	//   The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
	//   to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
	//   For example, the following maps the sub claim of the incoming credential to the `subject` attribute
	//   on a Google token:
	// An object containing a list of `"key": value` pairs.
	// Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
	AttributeMapping pulumi.StringMapInput
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The configuration for OAuth 2.0 client used to get the additional user
	// attributes. This should be used when users can't get the desired claims
	// in authentication credentials. Currently this configuration is only
	// supported with OIDC protocol.
	// Structure is documented below.
	ExtraAttributesOauth2Client WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput
	// The location for the resource.
	Location pulumi.StringPtrInput
	// Output only. The resource name of the provider.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`
	Name pulumi.StringPtrInput
	// Represents an OpenId Connect 1.0 identity provider.
	// Structure is documented below.
	Oidc WorkforcePoolProviderOidcPtrInput
	// The ID for the provider, which becomes the final component of the resource name.
	// This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	ProviderId pulumi.StringPtrInput
	// Represents a SAML identity provider.
	// Structure is documented below.
	Saml WorkforcePoolProviderSamlPtrInput
	// The current state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently
	//   deleted after approximately 30 days. You can restore a soft-deleted provider using
	//   [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).
	State pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name.
	// The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.
	// It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringPtrInput
}

func (WorkforcePoolProviderState) ElementType 

func (WorkforcePoolProviderState) ElementType() reflect.Type

type WorkforcePoolState 

type WorkforcePoolState struct {
	// Configure access restrictions on the workforce pool users. This is an optional field. If specified web
	// sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	// Structure is documented below.
	AccessRestrictions WorkforcePoolAccessRestrictionsPtrInput
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
	// or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The location for the resource.
	Location pulumi.StringPtrInput
	// Output only. The resource name of the pool.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}`
	Name pulumi.StringPtrInput
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Duration that the Google Cloud access tokens, console sign-in sessions,
	// and `gcloud` sign-in sessions from this pool are valid.
	// Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
	// If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s).
	// A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".
	SessionDuration pulumi.StringPtrInput
	// Output only. The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted pool using
	//   [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).
	//   You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.
	//   While a pool is deleted, you cannot use it to exchange tokens, or use
	//   existing tokens to access resources. If the pool is undeleted, existing
	//   tokens grant access again.
	State pulumi.StringPtrInput
	// The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
	// digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringPtrInput
}

func (WorkforcePoolState) ElementType 

func (WorkforcePoolState) ElementType() reflect.Type

type WorkloadIdentityPool 

type WorkloadIdentityPool struct {
	pulumi.CustomResourceState

	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The resource name of the pool as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
	//   approximately 30 days. You can restore a soft-deleted pool using
	//   UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
	//   permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
	//   use existing tokens to access resources. If the pool is undeleted, existing tokens grant
	//   access again.
	State pulumi.StringOutput `pulumi:"state"`
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
}

Represents a collection of external workload identities. You can define IAM policies to grant these identities access to Google Cloud resources.

To get more information about WorkloadIdentityPool, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools) * How-to Guides

## Example Usage

### Iam Workload Identity Pool Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
			DisplayName:            pulumi.String("Name of pool"),
			Description:            pulumi.String("Identity pool for automated test"),
			Disabled:               pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkloadIdentityPool can be imported using any of these accepted formats:

* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}`

* `{{project}}/{{workload_identity_pool_id}}`

* `{{workload_identity_pool_id}}`

When using the `pulumi import` command, WorkloadIdentityPool can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{project}}/{{workload_identity_pool_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{workload_identity_pool_id}} ```

func GetWorkloadIdentityPool 

func GetWorkloadIdentityPool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

GetWorkloadIdentityPool gets an existing WorkloadIdentityPool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPool 

func NewWorkloadIdentityPool(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

NewWorkloadIdentityPool registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPool) ElementType 

func (*WorkloadIdentityPool) ElementType() reflect.Type

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutput 

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext 

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

type WorkloadIdentityPoolArgs 

type WorkloadIdentityPoolArgs struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringInput
}

The set of arguments for constructing a WorkloadIdentityPool resource.

func (WorkloadIdentityPoolArgs) ElementType 

func (WorkloadIdentityPoolArgs) ElementType() reflect.Type

type WorkloadIdentityPoolArray 

type WorkloadIdentityPoolArray []WorkloadIdentityPoolInput

func (WorkloadIdentityPoolArray) ElementType 

func (WorkloadIdentityPoolArray) ElementType() reflect.Type

func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput 

func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput

func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext 

func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolArrayInput 

type WorkloadIdentityPoolArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput
	ToWorkloadIdentityPoolArrayOutputWithContext(context.Context) WorkloadIdentityPoolArrayOutput
}

WorkloadIdentityPoolArrayInput is an input type that accepts WorkloadIdentityPoolArray and WorkloadIdentityPoolArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolArrayInput` via: 

WorkloadIdentityPoolArray{ WorkloadIdentityPoolArgs{...} }

type WorkloadIdentityPoolArrayOutput 

type WorkloadIdentityPoolArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolArrayOutput) ElementType 

func (WorkloadIdentityPoolArrayOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolArrayOutput) Index 

func (o WorkloadIdentityPoolArrayOutput) Index(i pulumi.IntInput) WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput 

func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput

func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext 

func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolInput 

type WorkloadIdentityPoolInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
	ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
}

type WorkloadIdentityPoolMap 

type WorkloadIdentityPoolMap map[string]WorkloadIdentityPoolInput

func (WorkloadIdentityPoolMap) ElementType 

func (WorkloadIdentityPoolMap) ElementType() reflect.Type

func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput 

func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput

func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext 

func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolMapInput 

type WorkloadIdentityPoolMapInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput
	ToWorkloadIdentityPoolMapOutputWithContext(context.Context) WorkloadIdentityPoolMapOutput
}

WorkloadIdentityPoolMapInput is an input type that accepts WorkloadIdentityPoolMap and WorkloadIdentityPoolMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolMapInput` via: 

WorkloadIdentityPoolMap{ "key": WorkloadIdentityPoolArgs{...} }

type WorkloadIdentityPoolMapOutput 

type WorkloadIdentityPoolMapOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolMapOutput) ElementType 

func (WorkloadIdentityPoolMapOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolMapOutput) MapIndex 

func (o WorkloadIdentityPoolMapOutput) MapIndex(k pulumi.StringInput) WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput 

func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput

func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext 

func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolOutput 

type WorkloadIdentityPoolOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolOutput) Description 

func (o WorkloadIdentityPoolOutput) Description() pulumi.StringPtrOutput

A description of the pool. Cannot exceed 256 characters.

func (WorkloadIdentityPoolOutput) Disabled 

func (o WorkloadIdentityPoolOutput) Disabled() pulumi.BoolPtrOutput

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) DisplayName 

func (o WorkloadIdentityPoolOutput) DisplayName() pulumi.StringPtrOutput

A display name for the pool. Cannot exceed 32 characters.

func (WorkloadIdentityPoolOutput) ElementType 

func (WorkloadIdentityPoolOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolOutput) Name 

func (o WorkloadIdentityPoolOutput) Name() pulumi.StringOutput

The resource name of the pool as `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.

func (WorkloadIdentityPoolOutput) Project 

func (o WorkloadIdentityPoolOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (WorkloadIdentityPoolOutput) State 

func (o WorkloadIdentityPoolOutput) State() pulumi.StringOutput

The state of the pool.

  • STATE_UNSPECIFIED: State unspecified.
  • ACTIVE: The pool is active, and may be used in Google Cloud policies.
  • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput 

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext 

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) WorkloadIdentityPoolId 

func (o WorkloadIdentityPoolOutput) WorkloadIdentityPoolId() pulumi.StringOutput

The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

***

type WorkloadIdentityPoolProvider 

type WorkloadIdentityPoolProvider struct {
	pulumi.CustomResourceState

	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrOutput `pulumi:"attributeCondition"`
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrOutput `pulumi:"aws"`
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The resource name of the provider as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`.
	Name pulumi.StringOutput `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrOutput `pulumi:"oidc"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	Saml WorkloadIdentityPoolProviderSamlPtrOutput `pulumi:"saml"`
	// The state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active, and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted provider using
	//   UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider
	//   until it is permanently deleted.
	State pulumi.StringOutput `pulumi:"state"`
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringOutput `pulumi:"workloadIdentityPoolProviderId"`
	// An X.509-type identity provider represents a CA. It is trusted to assert a
	// client identity if the client has a certificate that chains up to this CA.
	// Structure is documented below.
	X509 WorkloadIdentityPoolProviderX509PtrOutput `pulumi:"x509"`
}

A configuration for an external identity provider.

To get more information about WorkloadIdentityPoolProvider, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers) * How-to Guides

## Example Usage

### Iam Workload Identity Pool Provider Aws Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{
				AccountId: pulumi.String("999999999999"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Aws Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("AWS identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("attribute.aws_role==\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\""),
			AttributeMapping: pulumi.StringMap{
				"google.subject":        pulumi.String("assertion.arn"),
				"attribute.aws_account": pulumi.String("assertion.account"),
				"attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""),
			},
			Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{
				AccountId: pulumi.String("999999999999"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("OIDC identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"),
			AttributeMapping: pulumi.StringMap{
				"google.subject":                  pulumi.String("\"azure::\" + assertion.tid + \"::\" + assertion.sub"),
				"attribute.tid":                   pulumi.String("assertion.tid"),
				"attribute.managed_identity_name": pulumi.String("      {\n        \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n        \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n      }[assertion.oid]\n"),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				AllowedAudiences: pulumi.StringArray{
					pulumi.String("https://example.com/gcp-oidc-federation"),
					pulumi.String("example.com/gcp-oidc-federation"),
				},
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Saml Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/metadata.xml",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject":        pulumi.String("assertion.arn"),
				"attribute.aws_account": pulumi.String("assertion.account"),
				"attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""),
			},
			Saml: &iam.WorkloadIdentityPoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String(invokeFile.Result),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Saml Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/metadata.xml",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("SAML 2.0 identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeMapping: pulumi.StringMap{
				"google.subject":        pulumi.String("assertion.arn"),
				"attribute.aws_account": pulumi.String("assertion.account"),
				"attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""),
			},
			Saml: &iam.WorkloadIdentityPoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String(invokeFile.Result),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Upload Key

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("OIDC identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"),
			AttributeMapping: pulumi.StringMap{
				"google.subject":                  pulumi.String("\"azure::\" + assertion.tid + \"::\" + assertion.sub"),
				"attribute.tid":                   pulumi.String("assertion.tid"),
				"attribute.managed_identity_name": pulumi.String("      {\n        \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n        \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n      }[assertion.oid]\n"),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				AllowedAudiences: pulumi.StringArray{
					pulumi.String("https://example.com/gcp-oidc-federation"),
					pulumi.String("example.com/gcp-oidc-federation"),
				},
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
				JwksJson:  pulumi.String("{\"keys\":[{\"kty\":\"RSA\",\"alg\":\"RS256\",\"kid\":\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\",\"use\":\"sig\",\"e\":\"AQAB\",\"n\":\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\"}]}"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider X509 Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/trust_anchor.pem",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.subject.dn.cn"),
			},
			X509: &iam.WorkloadIdentityPoolProviderX509Args{
				TrustStore: &iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{
					TrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{
						&iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{
							PemCertificate: pulumi.String(invokeFile.Result),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider X509 Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/trust_anchor.pem",
		}, nil)
		if err != nil {
			return err
		}
		invokeFile1, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/intermediate_ca.pem",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("X.509 identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.subject.dn.cn"),
			},
			X509: &iam.WorkloadIdentityPoolProviderX509Args{
				TrustStore: &iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{
					TrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{
						&iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{
							PemCertificate: pulumi.String(invokeFile.Result),
						},
					},
					IntermediateCas: iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{
						&iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{
							PemCertificate: pulumi.String(invokeFile1.Result),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkloadIdentityPoolProvider can be imported using any of these accepted formats:

* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}`

* `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`

* `{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`

When using the `pulumi import` command, WorkloadIdentityPoolProvider can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}} ```

func GetWorkloadIdentityPoolProvider 

func GetWorkloadIdentityPoolProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolProviderState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)

GetWorkloadIdentityPoolProvider gets an existing WorkloadIdentityPoolProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPoolProvider 

func NewWorkloadIdentityPoolProvider(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolProviderArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)

NewWorkloadIdentityPoolProvider registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPoolProvider) ElementType 

func (*WorkloadIdentityPoolProvider) ElementType() reflect.Type

func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput 

func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput

func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext 

func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput

type WorkloadIdentityPoolProviderArgs 

type WorkloadIdentityPoolProviderArgs struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	Saml WorkloadIdentityPoolProviderSamlPtrInput
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringInput
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringInput
	// An X.509-type identity provider represents a CA. It is trusted to assert a
	// client identity if the client has a certificate that chains up to this CA.
	// Structure is documented below.
	X509 WorkloadIdentityPoolProviderX509PtrInput
}

The set of arguments for constructing a WorkloadIdentityPoolProvider resource.

func (WorkloadIdentityPoolProviderArgs) ElementType 

func (WorkloadIdentityPoolProviderArgs) ElementType() reflect.Type

type WorkloadIdentityPoolProviderArray 

type WorkloadIdentityPoolProviderArray []WorkloadIdentityPoolProviderInput

func (WorkloadIdentityPoolProviderArray) ElementType 

func (WorkloadIdentityPoolProviderArray) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput 

func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput

func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext 

func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderArrayInput 

type WorkloadIdentityPoolProviderArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput
	ToWorkloadIdentityPoolProviderArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderArrayOutput
}

WorkloadIdentityPoolProviderArrayInput is an input type that accepts WorkloadIdentityPoolProviderArray and WorkloadIdentityPoolProviderArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderArrayInput` via: 

WorkloadIdentityPoolProviderArray{ WorkloadIdentityPoolProviderArgs{...} }

type WorkloadIdentityPoolProviderArrayOutput 

type WorkloadIdentityPoolProviderArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderArrayOutput) ElementType 

func (WorkloadIdentityPoolProviderArrayOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderArrayOutput) Index 

func (o WorkloadIdentityPoolProviderArrayOutput) Index(i pulumi.IntInput) WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput 

func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput

func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext 

func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderAws 

type WorkloadIdentityPoolProviderAws struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

type WorkloadIdentityPoolProviderAwsArgs 

type WorkloadIdentityPoolProviderAwsArgs struct {
	// The AWS account ID.
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

func (WorkloadIdentityPoolProviderAwsArgs) ElementType 

func (WorkloadIdentityPoolProviderAwsArgs) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput 

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext 

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput 

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext 

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsInput 

type WorkloadIdentityPoolProviderAwsInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput
	ToWorkloadIdentityPoolProviderAwsOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsOutput
}

WorkloadIdentityPoolProviderAwsInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs and WorkloadIdentityPoolProviderAwsOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsInput` via: 

WorkloadIdentityPoolProviderAwsArgs{...}

type WorkloadIdentityPoolProviderAwsOutput 

type WorkloadIdentityPoolProviderAwsOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderAwsOutput) AccountId 

func (o WorkloadIdentityPoolProviderAwsOutput) AccountId() pulumi.StringOutput

The AWS account ID.

func (WorkloadIdentityPoolProviderAwsOutput) ElementType 

func (WorkloadIdentityPoolProviderAwsOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput 

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext 

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput 

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext 

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsPtrInput 

type WorkloadIdentityPoolProviderAwsPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
	ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
}

WorkloadIdentityPoolProviderAwsPtrInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs, WorkloadIdentityPoolProviderAwsPtr and WorkloadIdentityPoolProviderAwsPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsPtrInput` via: 

        WorkloadIdentityPoolProviderAwsArgs{...}

or:

        nil

func WorkloadIdentityPoolProviderAwsPtr 

func WorkloadIdentityPoolProviderAwsPtr(v *WorkloadIdentityPoolProviderAwsArgs) WorkloadIdentityPoolProviderAwsPtrInput

type WorkloadIdentityPoolProviderAwsPtrOutput 

type WorkloadIdentityPoolProviderAwsPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderAwsPtrOutput) AccountId 

func (o WorkloadIdentityPoolProviderAwsPtrOutput) AccountId() pulumi.StringPtrOutput

The AWS account ID.

func (WorkloadIdentityPoolProviderAwsPtrOutput) Elem 

func (o WorkloadIdentityPoolProviderAwsPtrOutput) Elem() WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsPtrOutput) ElementType 

func (WorkloadIdentityPoolProviderAwsPtrOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput 

func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext 

func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderInput 

type WorkloadIdentityPoolProviderInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput
	ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput
}

type WorkloadIdentityPoolProviderMap 

type WorkloadIdentityPoolProviderMap map[string]WorkloadIdentityPoolProviderInput

func (WorkloadIdentityPoolProviderMap) ElementType 

func (WorkloadIdentityPoolProviderMap) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput 

func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput

func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext 

func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderMapInput 

type WorkloadIdentityPoolProviderMapInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput
	ToWorkloadIdentityPoolProviderMapOutputWithContext(context.Context) WorkloadIdentityPoolProviderMapOutput
}

WorkloadIdentityPoolProviderMapInput is an input type that accepts WorkloadIdentityPoolProviderMap and WorkloadIdentityPoolProviderMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderMapInput` via: 

WorkloadIdentityPoolProviderMap{ "key": WorkloadIdentityPoolProviderArgs{...} }

type WorkloadIdentityPoolProviderMapOutput 

type WorkloadIdentityPoolProviderMapOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderMapOutput) ElementType 

func (WorkloadIdentityPoolProviderMapOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderMapOutput) MapIndex 

func (o WorkloadIdentityPoolProviderMapOutput) MapIndex(k pulumi.StringInput) WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput 

func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput

func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext 

func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderOidc 

type WorkloadIdentityPoolProviderOidc struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson *string `pulumi:"jwksJson"`
}

type WorkloadIdentityPoolProviderOidcArgs 

type WorkloadIdentityPoolProviderOidcArgs struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson pulumi.StringPtrInput `pulumi:"jwksJson"`
}

func (WorkloadIdentityPoolProviderOidcArgs) ElementType 

func (WorkloadIdentityPoolProviderOidcArgs) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput 

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext 

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput 

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext 

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcInput 

type WorkloadIdentityPoolProviderOidcInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput
	ToWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcOutput
}

WorkloadIdentityPoolProviderOidcInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs and WorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcInput` via: 

WorkloadIdentityPoolProviderOidcArgs{...}

type WorkloadIdentityPoolProviderOidcOutput 

type WorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOidcOutput) AllowedAudiences 

func (o WorkloadIdentityPoolProviderOidcOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example:

func (WorkloadIdentityPoolProviderOidcOutput) ElementType 

func (WorkloadIdentityPoolProviderOidcOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderOidcOutput) IssuerUri 

func (o WorkloadIdentityPoolProviderOidcOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URL.

func (WorkloadIdentityPoolProviderOidcOutput) JwksJson 

func (o WorkloadIdentityPoolProviderOidcOutput) JwksJson() pulumi.StringPtrOutput

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput 

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext 

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput 

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext 

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcPtrInput 

type WorkloadIdentityPoolProviderOidcPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
	ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
}

WorkloadIdentityPoolProviderOidcPtrInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs, WorkloadIdentityPoolProviderOidcPtr and WorkloadIdentityPoolProviderOidcPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcPtrInput` via: 

        WorkloadIdentityPoolProviderOidcArgs{...}

or:

        nil

func WorkloadIdentityPoolProviderOidcPtr 

func WorkloadIdentityPoolProviderOidcPtr(v *WorkloadIdentityPoolProviderOidcArgs) WorkloadIdentityPoolProviderOidcPtrInput

type WorkloadIdentityPoolProviderOidcPtrOutput 

type WorkloadIdentityPoolProviderOidcPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOidcPtrOutput) AllowedAudiences 

func (o WorkloadIdentityPoolProviderOidcPtrOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example:

func (WorkloadIdentityPoolProviderOidcPtrOutput) Elem 

func (o WorkloadIdentityPoolProviderOidcPtrOutput) Elem() WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcPtrOutput) ElementType 

func (WorkloadIdentityPoolProviderOidcPtrOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderOidcPtrOutput) IssuerUri 

func (o WorkloadIdentityPoolProviderOidcPtrOutput) IssuerUri() pulumi.StringPtrOutput

The OIDC issuer URL.

func (WorkloadIdentityPoolProviderOidcPtrOutput) JwksJson 

func (o WorkloadIdentityPoolProviderOidcPtrOutput) JwksJson() pulumi.StringPtrOutput

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput 

func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext 

func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOutput 

type WorkloadIdentityPoolProviderOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOutput) AttributeCondition 

func (o WorkloadIdentityPoolProviderOutput) AttributeCondition() pulumi.StringPtrOutput

[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions:

func (WorkloadIdentityPoolProviderOutput) AttributeMapping 

func (o WorkloadIdentityPoolProviderOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported:

  • `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters.
  • `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example:
  • `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
  • `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
  • `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language](https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, the following rules apply:
  • If no attribute mapping is defined, the following default mapping applies:
  • If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, the following rules apply:
  • Custom attribute mappings must be defined, and must include a mapping to the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token.

func (WorkloadIdentityPoolProviderOutput) Aws 

func (o WorkloadIdentityPoolProviderOutput) Aws() WorkloadIdentityPoolProviderAwsPtrOutput

An Amazon Web Services identity provider. Not compatible with the property oidc or saml. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) Description 

func (o WorkloadIdentityPoolProviderOutput) Description() pulumi.StringPtrOutput

A description for the provider. Cannot exceed 256 characters.

func (WorkloadIdentityPoolProviderOutput) Disabled 

func (o WorkloadIdentityPoolProviderOutput) Disabled() pulumi.BoolPtrOutput

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (WorkloadIdentityPoolProviderOutput) DisplayName 

func (o WorkloadIdentityPoolProviderOutput) DisplayName() pulumi.StringPtrOutput

A display name for the provider. Cannot exceed 32 characters.

func (WorkloadIdentityPoolProviderOutput) ElementType 

func (WorkloadIdentityPoolProviderOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderOutput) Name 

func (o WorkloadIdentityPoolProviderOutput) Name() pulumi.StringOutput

The resource name of the provider as `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`.

func (WorkloadIdentityPoolProviderOutput) Oidc 

func (o WorkloadIdentityPoolProviderOutput) Oidc() WorkloadIdentityPoolProviderOidcPtrOutput

An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) Project 

func (o WorkloadIdentityPoolProviderOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (WorkloadIdentityPoolProviderOutput) Saml 

func (o WorkloadIdentityPoolProviderOutput) Saml() WorkloadIdentityPoolProviderSamlPtrOutput

An SAML 2.0 identity provider. Not compatible with the property oidc or aws. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) State 

func (o WorkloadIdentityPoolProviderOutput) State() pulumi.StringOutput

The state of the provider.

  • STATE_UNSPECIFIED: State unspecified.
  • ACTIVE: The provider is active, and may be used to validate authentication credentials.
  • DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted after approximately 30 days. You can restore a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider until it is permanently deleted.

func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput 

func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext 

func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolId 

func (o WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolId() pulumi.StringOutput

The ID used for the pool, which is the final component of the pool resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

func (WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolProviderId 

func (o WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

***

func (WorkloadIdentityPoolProviderOutput) X509 added in v8.1.0 

func (o WorkloadIdentityPoolProviderOutput) X509() WorkloadIdentityPoolProviderX509PtrOutput

An X.509-type identity provider represents a CA. It is trusted to assert a client identity if the client has a certificate that chains up to this CA. Structure is documented below.

type WorkloadIdentityPoolProviderSaml 

type WorkloadIdentityPoolProviderSaml struct {
	// SAML Identity provider configuration metadata xml doc.
	//
	// <a name="nestedX509"></a>The `x509` block supports:
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

type WorkloadIdentityPoolProviderSamlArgs 

type WorkloadIdentityPoolProviderSamlArgs struct {
	// SAML Identity provider configuration metadata xml doc.
	//
	// <a name="nestedX509"></a>The `x509` block supports:
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

func (WorkloadIdentityPoolProviderSamlArgs) ElementType 

func (WorkloadIdentityPoolProviderSamlArgs) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutput 

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutput() WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutputWithContext 

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutput 

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext 

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlPtrOutput

type WorkloadIdentityPoolProviderSamlInput 

type WorkloadIdentityPoolProviderSamlInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderSamlOutput() WorkloadIdentityPoolProviderSamlOutput
	ToWorkloadIdentityPoolProviderSamlOutputWithContext(context.Context) WorkloadIdentityPoolProviderSamlOutput
}

WorkloadIdentityPoolProviderSamlInput is an input type that accepts WorkloadIdentityPoolProviderSamlArgs and WorkloadIdentityPoolProviderSamlOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderSamlInput` via: 

WorkloadIdentityPoolProviderSamlArgs{...}

type WorkloadIdentityPoolProviderSamlOutput 

type WorkloadIdentityPoolProviderSamlOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderSamlOutput) ElementType 

func (WorkloadIdentityPoolProviderSamlOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderSamlOutput) IdpMetadataXml 

func (o WorkloadIdentityPoolProviderSamlOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc.

<a name="nestedX509"></a>The `x509` block supports:

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutput 

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutput() WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutputWithContext 

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput 

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext 

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlPtrOutput

type WorkloadIdentityPoolProviderSamlPtrInput 

type WorkloadIdentityPoolProviderSamlPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput
	ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderSamlPtrOutput
}

WorkloadIdentityPoolProviderSamlPtrInput is an input type that accepts WorkloadIdentityPoolProviderSamlArgs, WorkloadIdentityPoolProviderSamlPtr and WorkloadIdentityPoolProviderSamlPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderSamlPtrInput` via: 

        WorkloadIdentityPoolProviderSamlArgs{...}

or:

        nil

func WorkloadIdentityPoolProviderSamlPtr 

func WorkloadIdentityPoolProviderSamlPtr(v *WorkloadIdentityPoolProviderSamlArgs) WorkloadIdentityPoolProviderSamlPtrInput

type WorkloadIdentityPoolProviderSamlPtrOutput 

type WorkloadIdentityPoolProviderSamlPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderSamlPtrOutput) Elem 

func (o WorkloadIdentityPoolProviderSamlPtrOutput) Elem() WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlPtrOutput) ElementType 

func (WorkloadIdentityPoolProviderSamlPtrOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderSamlPtrOutput) IdpMetadataXml 

func (o WorkloadIdentityPoolProviderSamlPtrOutput) IdpMetadataXml() pulumi.StringPtrOutput

SAML Identity provider configuration metadata xml doc.

<a name="nestedX509"></a>The `x509` block supports:

func (WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput 

func (o WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput

func (WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext 

func (o WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlPtrOutput

type WorkloadIdentityPoolProviderState 

type WorkloadIdentityPoolProviderState struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The resource name of the provider as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`.
	Name pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	Saml WorkloadIdentityPoolProviderSamlPtrInput
	// The state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active, and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted provider using
	//   UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider
	//   until it is permanently deleted.
	State pulumi.StringPtrInput
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringPtrInput
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringPtrInput
	// An X.509-type identity provider represents a CA. It is trusted to assert a
	// client identity if the client has a certificate that chains up to this CA.
	// Structure is documented below.
	X509 WorkloadIdentityPoolProviderX509PtrInput
}

func (WorkloadIdentityPoolProviderState) ElementType 

func (WorkloadIdentityPoolProviderState) ElementType() reflect.Type

type WorkloadIdentityPoolProviderX509 added in v8.1.0 

type WorkloadIdentityPoolProviderX509 struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStore WorkloadIdentityPoolProviderX509TrustStore `pulumi:"trustStore"`
}

type WorkloadIdentityPoolProviderX509Args added in v8.1.0 

type WorkloadIdentityPoolProviderX509Args struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStore WorkloadIdentityPoolProviderX509TrustStoreInput `pulumi:"trustStore"`
}

func (WorkloadIdentityPoolProviderX509Args) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509Args) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509Output added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509Output() WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509PtrOutput

type WorkloadIdentityPoolProviderX509Input added in v8.1.0 

type WorkloadIdentityPoolProviderX509Input interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509Output() WorkloadIdentityPoolProviderX509Output
	ToWorkloadIdentityPoolProviderX509OutputWithContext(context.Context) WorkloadIdentityPoolProviderX509Output
}

WorkloadIdentityPoolProviderX509Input is an input type that accepts WorkloadIdentityPoolProviderX509Args and WorkloadIdentityPoolProviderX509Output values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509Input` via: 

WorkloadIdentityPoolProviderX509Args{...}

type WorkloadIdentityPoolProviderX509Output added in v8.1.0 

type WorkloadIdentityPoolProviderX509Output struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509Output) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509Output) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509Output added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509Output() WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509Output) TrustStore added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509Output) TrustStore() WorkloadIdentityPoolProviderX509TrustStoreOutput

A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.

type WorkloadIdentityPoolProviderX509PtrInput added in v8.1.0 

type WorkloadIdentityPoolProviderX509PtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput
	ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509PtrOutput
}

WorkloadIdentityPoolProviderX509PtrInput is an input type that accepts WorkloadIdentityPoolProviderX509Args, WorkloadIdentityPoolProviderX509Ptr and WorkloadIdentityPoolProviderX509PtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509PtrInput` via: 

        WorkloadIdentityPoolProviderX509Args{...}

or:

        nil

func WorkloadIdentityPoolProviderX509Ptr added in v8.1.0 

func WorkloadIdentityPoolProviderX509Ptr(v *WorkloadIdentityPoolProviderX509Args) WorkloadIdentityPoolProviderX509PtrInput

type WorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0 

type WorkloadIdentityPoolProviderX509PtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509PtrOutput) Elem added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509PtrOutput) Elem() WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509PtrOutput) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509PtrOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509PtrOutput) TrustStore added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509PtrOutput) TrustStore() WorkloadIdentityPoolProviderX509TrustStorePtrOutput

A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.

type WorkloadIdentityPoolProviderX509TrustStore added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStore struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	// Structure is documented below.
	IntermediateCas []WorkloadIdentityPoolProviderX509TrustStoreIntermediateCa `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	// Structure is documented below.
	TrustAnchors []WorkloadIdentityPoolProviderX509TrustStoreTrustAnchor `pulumi:"trustAnchors"`
}

type WorkloadIdentityPoolProviderX509TrustStoreArgs added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreArgs struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	// Structure is documented below.
	IntermediateCas WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	// Structure is documented below.
	TrustAnchors WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput `pulumi:"trustAnchors"`
}

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutput() WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput

type WorkloadIdentityPoolProviderX509TrustStoreInput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreOutput() WorkloadIdentityPoolProviderX509TrustStoreOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreOutput
}

WorkloadIdentityPoolProviderX509TrustStoreInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreArgs and WorkloadIdentityPoolProviderX509TrustStoreOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreInput` via: 

WorkloadIdentityPoolProviderX509TrustStoreArgs{...}

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCa added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCa struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate *string `pulumi:"pemCertificate"`
}

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringPtrInput `pulumi:"pemCertificate"`
}

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray []WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
}

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray and WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput` via: 

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{ WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...} }

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) Index added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) Index(i pulumi.IntInput) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
}

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs and WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput` via: 

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...}

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) PemCertificate added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) PemCertificate() pulumi.StringPtrOutput

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type WorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) IntermediateCas added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) IntermediateCas() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. Structure is documented below.

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutput() WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) TrustAnchors added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) TrustAnchors() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here. Structure is documented below.

type WorkloadIdentityPoolProviderX509TrustStorePtrInput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStorePtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput
	ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput
}

WorkloadIdentityPoolProviderX509TrustStorePtrInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreArgs, WorkloadIdentityPoolProviderX509TrustStorePtr and WorkloadIdentityPoolProviderX509TrustStorePtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStorePtrInput` via: 

        WorkloadIdentityPoolProviderX509TrustStoreArgs{...}

or:

        nil

func WorkloadIdentityPoolProviderX509TrustStorePtr added in v8.1.0 

func WorkloadIdentityPoolProviderX509TrustStorePtr(v *WorkloadIdentityPoolProviderX509TrustStoreArgs) WorkloadIdentityPoolProviderX509TrustStorePtrInput

type WorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStorePtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) Elem added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStorePtrOutput) Elem() WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) IntermediateCas added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStorePtrOutput) IntermediateCas() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. Structure is documented below.

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) TrustAnchors added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStorePtrOutput) TrustAnchors() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here. Structure is documented below.

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchor added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchor struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate *string `pulumi:"pemCertificate"`
}

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringPtrInput `pulumi:"pemCertificate"`
}

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray []WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0 

func (i WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
}

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray and WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput` via: 

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{ WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...} }

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) Index added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) Index(i pulumi.IntInput) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
}

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs and WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput` via: 

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...}

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0 

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ElementType added in v8.1.0 

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) PemCertificate added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) PemCertificate() pulumi.StringPtrOutput

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0 

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type WorkloadIdentityPoolState 

type WorkloadIdentityPoolState struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The resource name of the pool as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
	//   approximately 30 days. You can restore a soft-deleted pool using
	//   UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
	//   permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
	//   use existing tokens to access resources. If the pool is undeleted, existing tokens grant
	//   access again.
	State pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringPtrInput
}

func (WorkloadIdentityPoolState) ElementType 

func (WorkloadIdentityPoolState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.