iam

package
v8.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 16, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessBoundaryPolicy

type AccessBoundaryPolicy struct {
	pulumi.CustomResourceState

	// The display name of the rule.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The name of the policy.
	Name pulumi.StringOutput `pulumi:"name"`
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Rules to be applied.
	// Structure is documented below.
	Rules AccessBoundaryPolicyRuleArrayOutput `pulumi:"rules"`
}

Represents a collection of access boundary policies to apply to a given resource. **NOTE**: This is a private feature and users should contact GCP support if they would like to test it.

## Example Usage

### Iam Access Boundary Policy Basic

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("my-project"),
			Name:           pulumi.String("my-project"),
			OrgId:          pulumi.String("123456789"),
			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
			Parent: project.OrgId.ApplyT(func(orgId *string) (string, error) {
				return fmt.Sprintf("organizations/%v", orgId), nil
			}).(pulumi.StringOutput),
			Title: pulumi.String("my policy"),
		})
		if err != nil {
			return err
		}
		_, err = accesscontextmanager.NewAccessLevel(ctx, "test-access", &accesscontextmanager.AccessLevelArgs{
			Parent: access_policy.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("accessPolicies/%v", name), nil
			}).(pulumi.StringOutput),
			Name: access_policy.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("accessPolicies/%v/accessLevels/chromeos_no_lock", name), nil
			}).(pulumi.StringOutput),
			Title: pulumi.String("chromeos_no_lock"),
			Basic: &accesscontextmanager.AccessLevelBasicArgs{
				Conditions: accesscontextmanager.AccessLevelBasicConditionArray{
					&accesscontextmanager.AccessLevelBasicConditionArgs{
						DevicePolicy: &accesscontextmanager.AccessLevelBasicConditionDevicePolicyArgs{
							RequireScreenLock: pulumi.Bool(true),
							OsConstraints: accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArray{
								&accesscontextmanager.AccessLevelBasicConditionDevicePolicyOsConstraintArgs{
									OsType: pulumi.String("DESKTOP_CHROME_OS"),
								},
							},
						},
						Regions: pulumi.StringArray{
							pulumi.String("CH"),
							pulumi.String("IT"),
							pulumi.String("US"),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = iam.NewAccessBoundaryPolicy(ctx, "example", &iam.AccessBoundaryPolicyArgs{
			Parent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{
				Input: project.ProjectId.ApplyT(func(projectId string) (string, error) {
					return fmt.Sprintf("cloudresourcemanager.googleapis.com/projects/%v", projectId), nil
				}).(pulumi.StringOutput),
			}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {
				return invoke.Result, nil
			}).(pulumi.StringPtrOutput)),
			Name:        pulumi.String("my-ab-policy"),
			DisplayName: pulumi.String("My AB policy"),
			Rules: iam.AccessBoundaryPolicyRuleArray{
				&iam.AccessBoundaryPolicyRuleArgs{
					Description: pulumi.String("AB rule"),
					AccessBoundaryRule: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{
						AvailableResource: pulumi.String("*"),
						AvailablePermissions: pulumi.StringArray{
							pulumi.String("*"),
						},
						AvailabilityCondition: &iam.AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{
							Title: pulumi.String("Access level expr"),
							Expression: pulumi.All(project.OrgId, test_access.Name).ApplyT(func(_args []interface{}) (string, error) {
								orgId := _args[0].(*string)
								name := _args[1].(string)
								return fmt.Sprintf("request.matchAccessLevels('%v', ['%v'])", orgId, name), nil
							}).(pulumi.StringOutput),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AccessBoundaryPolicy can be imported using any of these accepted formats:

* `{{parent}}/{{name}}`

When using the `pulumi import` command, AccessBoundaryPolicy can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/accessBoundaryPolicy:AccessBoundaryPolicy default {{parent}}/{{name}} ```

func GetAccessBoundaryPolicy

func GetAccessBoundaryPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccessBoundaryPolicyState, opts ...pulumi.ResourceOption) (*AccessBoundaryPolicy, error)

GetAccessBoundaryPolicy gets an existing AccessBoundaryPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccessBoundaryPolicy

func NewAccessBoundaryPolicy(ctx *pulumi.Context,
	name string, args *AccessBoundaryPolicyArgs, opts ...pulumi.ResourceOption) (*AccessBoundaryPolicy, error)

NewAccessBoundaryPolicy registers a new resource with the given unique name, arguments, and options.

func (*AccessBoundaryPolicy) ElementType

func (*AccessBoundaryPolicy) ElementType() reflect.Type

func (*AccessBoundaryPolicy) ToAccessBoundaryPolicyOutput

func (i *AccessBoundaryPolicy) ToAccessBoundaryPolicyOutput() AccessBoundaryPolicyOutput

func (*AccessBoundaryPolicy) ToAccessBoundaryPolicyOutputWithContext

func (i *AccessBoundaryPolicy) ToAccessBoundaryPolicyOutputWithContext(ctx context.Context) AccessBoundaryPolicyOutput

type AccessBoundaryPolicyArgs

type AccessBoundaryPolicyArgs struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringInput
	// Rules to be applied.
	// Structure is documented below.
	Rules AccessBoundaryPolicyRuleArrayInput
}

The set of arguments for constructing a AccessBoundaryPolicy resource.

func (AccessBoundaryPolicyArgs) ElementType

func (AccessBoundaryPolicyArgs) ElementType() reflect.Type

type AccessBoundaryPolicyArray

type AccessBoundaryPolicyArray []AccessBoundaryPolicyInput

func (AccessBoundaryPolicyArray) ElementType

func (AccessBoundaryPolicyArray) ElementType() reflect.Type

func (AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutput

func (i AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutput() AccessBoundaryPolicyArrayOutput

func (AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutputWithContext

func (i AccessBoundaryPolicyArray) ToAccessBoundaryPolicyArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyArrayOutput

type AccessBoundaryPolicyArrayInput

type AccessBoundaryPolicyArrayInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyArrayOutput() AccessBoundaryPolicyArrayOutput
	ToAccessBoundaryPolicyArrayOutputWithContext(context.Context) AccessBoundaryPolicyArrayOutput
}

AccessBoundaryPolicyArrayInput is an input type that accepts AccessBoundaryPolicyArray and AccessBoundaryPolicyArrayOutput values. You can construct a concrete instance of `AccessBoundaryPolicyArrayInput` via:

AccessBoundaryPolicyArray{ AccessBoundaryPolicyArgs{...} }

type AccessBoundaryPolicyArrayOutput

type AccessBoundaryPolicyArrayOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyArrayOutput) ElementType

func (AccessBoundaryPolicyArrayOutput) Index

func (AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutput

func (o AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutput() AccessBoundaryPolicyArrayOutput

func (AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutputWithContext

func (o AccessBoundaryPolicyArrayOutput) ToAccessBoundaryPolicyArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyArrayOutput

type AccessBoundaryPolicyInput

type AccessBoundaryPolicyInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyOutput() AccessBoundaryPolicyOutput
	ToAccessBoundaryPolicyOutputWithContext(ctx context.Context) AccessBoundaryPolicyOutput
}

type AccessBoundaryPolicyMap

type AccessBoundaryPolicyMap map[string]AccessBoundaryPolicyInput

func (AccessBoundaryPolicyMap) ElementType

func (AccessBoundaryPolicyMap) ElementType() reflect.Type

func (AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutput

func (i AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutput() AccessBoundaryPolicyMapOutput

func (AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutputWithContext

func (i AccessBoundaryPolicyMap) ToAccessBoundaryPolicyMapOutputWithContext(ctx context.Context) AccessBoundaryPolicyMapOutput

type AccessBoundaryPolicyMapInput

type AccessBoundaryPolicyMapInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyMapOutput() AccessBoundaryPolicyMapOutput
	ToAccessBoundaryPolicyMapOutputWithContext(context.Context) AccessBoundaryPolicyMapOutput
}

AccessBoundaryPolicyMapInput is an input type that accepts AccessBoundaryPolicyMap and AccessBoundaryPolicyMapOutput values. You can construct a concrete instance of `AccessBoundaryPolicyMapInput` via:

AccessBoundaryPolicyMap{ "key": AccessBoundaryPolicyArgs{...} }

type AccessBoundaryPolicyMapOutput

type AccessBoundaryPolicyMapOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyMapOutput) ElementType

func (AccessBoundaryPolicyMapOutput) MapIndex

func (AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutput

func (o AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutput() AccessBoundaryPolicyMapOutput

func (AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutputWithContext

func (o AccessBoundaryPolicyMapOutput) ToAccessBoundaryPolicyMapOutputWithContext(ctx context.Context) AccessBoundaryPolicyMapOutput

type AccessBoundaryPolicyOutput

type AccessBoundaryPolicyOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyOutput) DisplayName

The display name of the rule.

func (AccessBoundaryPolicyOutput) ElementType

func (AccessBoundaryPolicyOutput) ElementType() reflect.Type

func (AccessBoundaryPolicyOutput) Etag

The hash of the resource. Used internally during updates.

func (AccessBoundaryPolicyOutput) Name

The name of the policy.

func (AccessBoundaryPolicyOutput) Parent

The attachment point is identified by its URL-encoded full resource name.

func (AccessBoundaryPolicyOutput) Rules

Rules to be applied. Structure is documented below.

func (AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutput

func (o AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutput() AccessBoundaryPolicyOutput

func (AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutputWithContext

func (o AccessBoundaryPolicyOutput) ToAccessBoundaryPolicyOutputWithContext(ctx context.Context) AccessBoundaryPolicyOutput

type AccessBoundaryPolicyRule

type AccessBoundaryPolicyRule struct {
	// An access boundary rule in an IAM policy.
	// Structure is documented below.
	AccessBoundaryRule *AccessBoundaryPolicyRuleAccessBoundaryRule `pulumi:"accessBoundaryRule"`
	// The description of the rule.
	Description *string `pulumi:"description"`
}

type AccessBoundaryPolicyRuleAccessBoundaryRule

type AccessBoundaryPolicyRuleAccessBoundaryRule struct {
	// The availability condition further constrains the access allowed by the access boundary rule.
	// Structure is documented below.
	AvailabilityCondition *AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition `pulumi:"availabilityCondition"`
	// A list of permissions that may be allowed for use on the specified resource.
	AvailablePermissions []string `pulumi:"availablePermissions"`
	// The full resource name of a Google Cloud resource entity.
	AvailableResource *string `pulumi:"availableResource"`
}

type AccessBoundaryPolicyRuleAccessBoundaryRuleArgs

type AccessBoundaryPolicyRuleAccessBoundaryRuleArgs struct {
	// The availability condition further constrains the access allowed by the access boundary rule.
	// Structure is documented below.
	AvailabilityCondition AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput `pulumi:"availabilityCondition"`
	// A list of permissions that may be allowed for use on the specified resource.
	AvailablePermissions pulumi.StringArrayInput `pulumi:"availablePermissions"`
	// The full resource name of a Google Cloud resource entity.
	AvailableResource pulumi.StringPtrInput `pulumi:"availableResource"`
}

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ElementType

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityCondition struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location *string `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ElementType

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext

func (i AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs and AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionInput` via:

AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{...}

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Description

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ElementType

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Location

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) Title

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs, AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtr and AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrInput` via:

        AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionArgs{...}

or:

        nil

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Description

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Elem

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ElementType

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Location

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) Title

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleAvailabilityConditionPtrOutputWithContext

type AccessBoundaryPolicyRuleAccessBoundaryRuleInput

type AccessBoundaryPolicyRuleAccessBoundaryRuleInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRuleInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleArgs and AccessBoundaryPolicyRuleAccessBoundaryRuleOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRuleInput` via:

AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{...}

type AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

type AccessBoundaryPolicyRuleAccessBoundaryRuleOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailabilityCondition

The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailablePermissions

A list of permissions that may be allowed for use on the specified resource.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) AvailableResource

The full resource name of a Google Cloud resource entity.

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ElementType

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutput() AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRuleOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext

func (o AccessBoundaryPolicyRuleAccessBoundaryRuleOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput
	ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput
}

AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput is an input type that accepts AccessBoundaryPolicyRuleAccessBoundaryRuleArgs, AccessBoundaryPolicyRuleAccessBoundaryRulePtr and AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput` via:

        AccessBoundaryPolicyRuleAccessBoundaryRuleArgs{...}

or:

        nil

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

type AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailabilityCondition

The availability condition further constrains the access allowed by the access boundary rule. Structure is documented below.

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailablePermissions

A list of permissions that may be allowed for use on the specified resource.

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) AvailableResource

The full resource name of a Google Cloud resource entity.

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) Elem

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ElementType

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput() AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

func (AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext

func (o AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput) ToAccessBoundaryPolicyRuleAccessBoundaryRulePtrOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleAccessBoundaryRulePtrOutput

type AccessBoundaryPolicyRuleArgs

type AccessBoundaryPolicyRuleArgs struct {
	// An access boundary rule in an IAM policy.
	// Structure is documented below.
	AccessBoundaryRule AccessBoundaryPolicyRuleAccessBoundaryRulePtrInput `pulumi:"accessBoundaryRule"`
	// The description of the rule.
	Description pulumi.StringPtrInput `pulumi:"description"`
}

func (AccessBoundaryPolicyRuleArgs) ElementType

func (AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutput

func (i AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutput() AccessBoundaryPolicyRuleOutput

func (AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutputWithContext

func (i AccessBoundaryPolicyRuleArgs) ToAccessBoundaryPolicyRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleOutput

type AccessBoundaryPolicyRuleArray

type AccessBoundaryPolicyRuleArray []AccessBoundaryPolicyRuleInput

func (AccessBoundaryPolicyRuleArray) ElementType

func (AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutput

func (i AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutput() AccessBoundaryPolicyRuleArrayOutput

func (AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutputWithContext

func (i AccessBoundaryPolicyRuleArray) ToAccessBoundaryPolicyRuleArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleArrayOutput

type AccessBoundaryPolicyRuleArrayInput

type AccessBoundaryPolicyRuleArrayInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleArrayOutput() AccessBoundaryPolicyRuleArrayOutput
	ToAccessBoundaryPolicyRuleArrayOutputWithContext(context.Context) AccessBoundaryPolicyRuleArrayOutput
}

AccessBoundaryPolicyRuleArrayInput is an input type that accepts AccessBoundaryPolicyRuleArray and AccessBoundaryPolicyRuleArrayOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleArrayInput` via:

AccessBoundaryPolicyRuleArray{ AccessBoundaryPolicyRuleArgs{...} }

type AccessBoundaryPolicyRuleArrayOutput

type AccessBoundaryPolicyRuleArrayOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleArrayOutput) ElementType

func (AccessBoundaryPolicyRuleArrayOutput) Index

func (AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutput

func (o AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutput() AccessBoundaryPolicyRuleArrayOutput

func (AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutputWithContext

func (o AccessBoundaryPolicyRuleArrayOutput) ToAccessBoundaryPolicyRuleArrayOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleArrayOutput

type AccessBoundaryPolicyRuleInput

type AccessBoundaryPolicyRuleInput interface {
	pulumi.Input

	ToAccessBoundaryPolicyRuleOutput() AccessBoundaryPolicyRuleOutput
	ToAccessBoundaryPolicyRuleOutputWithContext(context.Context) AccessBoundaryPolicyRuleOutput
}

AccessBoundaryPolicyRuleInput is an input type that accepts AccessBoundaryPolicyRuleArgs and AccessBoundaryPolicyRuleOutput values. You can construct a concrete instance of `AccessBoundaryPolicyRuleInput` via:

AccessBoundaryPolicyRuleArgs{...}

type AccessBoundaryPolicyRuleOutput

type AccessBoundaryPolicyRuleOutput struct{ *pulumi.OutputState }

func (AccessBoundaryPolicyRuleOutput) AccessBoundaryRule

An access boundary rule in an IAM policy. Structure is documented below.

func (AccessBoundaryPolicyRuleOutput) Description

The description of the rule.

func (AccessBoundaryPolicyRuleOutput) ElementType

func (AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutput

func (o AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutput() AccessBoundaryPolicyRuleOutput

func (AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutputWithContext

func (o AccessBoundaryPolicyRuleOutput) ToAccessBoundaryPolicyRuleOutputWithContext(ctx context.Context) AccessBoundaryPolicyRuleOutput

type AccessBoundaryPolicyState

type AccessBoundaryPolicyState struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringPtrInput
	// Rules to be applied.
	// Structure is documented below.
	Rules AccessBoundaryPolicyRuleArrayInput
}

func (AccessBoundaryPolicyState) ElementType

func (AccessBoundaryPolicyState) ElementType() reflect.Type

type DenyPolicy

type DenyPolicy struct {
	pulumi.CustomResourceState

	// The display name of the rule.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The name of the policy.
	Name pulumi.StringOutput `pulumi:"name"`
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayOutput `pulumi:"rules"`
}

Represents a collection of denial policies to apply to a given resource.

To get more information about DenyPolicy, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v2/policies) * How-to Guides

## Example Usage

### Iam Deny Policy Basic

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("my-project"),
			Name:           pulumi.String("my-project"),
			OrgId:          pulumi.String("123456789"),
			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		_, err = serviceaccount.NewAccount(ctx, "test-account", &serviceaccount.AccountArgs{
			AccountId:   pulumi.String("svc-acc"),
			DisplayName: pulumi.String("Test Service Account"),
			Project:     project.ProjectId,
		})
		if err != nil {
			return err
		}
		_, err = iam.NewDenyPolicy(ctx, "example", &iam.DenyPolicyArgs{
			Parent: pulumi.String(std.UrlencodeOutput(ctx, std.UrlencodeOutputArgs{
				Input: project.ProjectId.ApplyT(func(projectId string) (string, error) {
					return fmt.Sprintf("cloudresourcemanager.googleapis.com/projects/%v", projectId), nil
				}).(pulumi.StringOutput),
			}, nil).ApplyT(func(invoke std.UrlencodeResult) (*string, error) {
				return invoke.Result, nil
			}).(pulumi.StringPtrOutput)),
			Name:        pulumi.String("my-deny-policy"),
			DisplayName: pulumi.String("A deny rule"),
			Rules: iam.DenyPolicyRuleArray{
				&iam.DenyPolicyRuleArgs{
					Description: pulumi.String("First rule"),
					DenyRule: &iam.DenyPolicyRuleDenyRuleArgs{
						DeniedPrincipals: pulumi.StringArray{
							pulumi.String("principalSet://goog/public:all"),
						},
						DenialCondition: &iam.DenyPolicyRuleDenyRuleDenialConditionArgs{
							Title:      pulumi.String("Some expr"),
							Expression: pulumi.String("!resource.matchTag('12345678/env', 'test')"),
						},
						DeniedPermissions: pulumi.StringArray{
							pulumi.String("cloudresourcemanager.googleapis.com/projects.update"),
						},
					},
				},
				&iam.DenyPolicyRuleArgs{
					Description: pulumi.String("Second rule"),
					DenyRule: &iam.DenyPolicyRuleDenyRuleArgs{
						DeniedPrincipals: pulumi.StringArray{
							pulumi.String("principalSet://goog/public:all"),
						},
						DenialCondition: &iam.DenyPolicyRuleDenyRuleDenialConditionArgs{
							Title:      pulumi.String("Some expr"),
							Expression: pulumi.String("!resource.matchTag('12345678/env', 'test')"),
						},
						DeniedPermissions: pulumi.StringArray{
							pulumi.String("cloudresourcemanager.googleapis.com/projects.update"),
						},
						ExceptionPrincipals: pulumi.StringArray{
							test_account.Email.ApplyT(func(email string) (string, error) {
								return fmt.Sprintf("principal://iam.googleapis.com/projects/-/serviceAccounts/%v", email), nil
							}).(pulumi.StringOutput),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

DenyPolicy can be imported using any of these accepted formats:

* `{{parent}}/{{name}}`

When using the `pulumi import` command, DenyPolicy can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/denyPolicy:DenyPolicy default {{parent}}/{{name}} ```

func GetDenyPolicy

func GetDenyPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DenyPolicyState, opts ...pulumi.ResourceOption) (*DenyPolicy, error)

GetDenyPolicy gets an existing DenyPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDenyPolicy

func NewDenyPolicy(ctx *pulumi.Context,
	name string, args *DenyPolicyArgs, opts ...pulumi.ResourceOption) (*DenyPolicy, error)

NewDenyPolicy registers a new resource with the given unique name, arguments, and options.

func (*DenyPolicy) ElementType

func (*DenyPolicy) ElementType() reflect.Type

func (*DenyPolicy) ToDenyPolicyOutput

func (i *DenyPolicy) ToDenyPolicyOutput() DenyPolicyOutput

func (*DenyPolicy) ToDenyPolicyOutputWithContext

func (i *DenyPolicy) ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput

type DenyPolicyArgs

type DenyPolicyArgs struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringInput
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayInput
}

The set of arguments for constructing a DenyPolicy resource.

func (DenyPolicyArgs) ElementType

func (DenyPolicyArgs) ElementType() reflect.Type

type DenyPolicyArray

type DenyPolicyArray []DenyPolicyInput

func (DenyPolicyArray) ElementType

func (DenyPolicyArray) ElementType() reflect.Type

func (DenyPolicyArray) ToDenyPolicyArrayOutput

func (i DenyPolicyArray) ToDenyPolicyArrayOutput() DenyPolicyArrayOutput

func (DenyPolicyArray) ToDenyPolicyArrayOutputWithContext

func (i DenyPolicyArray) ToDenyPolicyArrayOutputWithContext(ctx context.Context) DenyPolicyArrayOutput

type DenyPolicyArrayInput

type DenyPolicyArrayInput interface {
	pulumi.Input

	ToDenyPolicyArrayOutput() DenyPolicyArrayOutput
	ToDenyPolicyArrayOutputWithContext(context.Context) DenyPolicyArrayOutput
}

DenyPolicyArrayInput is an input type that accepts DenyPolicyArray and DenyPolicyArrayOutput values. You can construct a concrete instance of `DenyPolicyArrayInput` via:

DenyPolicyArray{ DenyPolicyArgs{...} }

type DenyPolicyArrayOutput

type DenyPolicyArrayOutput struct{ *pulumi.OutputState }

func (DenyPolicyArrayOutput) ElementType

func (DenyPolicyArrayOutput) ElementType() reflect.Type

func (DenyPolicyArrayOutput) Index

func (DenyPolicyArrayOutput) ToDenyPolicyArrayOutput

func (o DenyPolicyArrayOutput) ToDenyPolicyArrayOutput() DenyPolicyArrayOutput

func (DenyPolicyArrayOutput) ToDenyPolicyArrayOutputWithContext

func (o DenyPolicyArrayOutput) ToDenyPolicyArrayOutputWithContext(ctx context.Context) DenyPolicyArrayOutput

type DenyPolicyInput

type DenyPolicyInput interface {
	pulumi.Input

	ToDenyPolicyOutput() DenyPolicyOutput
	ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput
}

type DenyPolicyMap

type DenyPolicyMap map[string]DenyPolicyInput

func (DenyPolicyMap) ElementType

func (DenyPolicyMap) ElementType() reflect.Type

func (DenyPolicyMap) ToDenyPolicyMapOutput

func (i DenyPolicyMap) ToDenyPolicyMapOutput() DenyPolicyMapOutput

func (DenyPolicyMap) ToDenyPolicyMapOutputWithContext

func (i DenyPolicyMap) ToDenyPolicyMapOutputWithContext(ctx context.Context) DenyPolicyMapOutput

type DenyPolicyMapInput

type DenyPolicyMapInput interface {
	pulumi.Input

	ToDenyPolicyMapOutput() DenyPolicyMapOutput
	ToDenyPolicyMapOutputWithContext(context.Context) DenyPolicyMapOutput
}

DenyPolicyMapInput is an input type that accepts DenyPolicyMap and DenyPolicyMapOutput values. You can construct a concrete instance of `DenyPolicyMapInput` via:

DenyPolicyMap{ "key": DenyPolicyArgs{...} }

type DenyPolicyMapOutput

type DenyPolicyMapOutput struct{ *pulumi.OutputState }

func (DenyPolicyMapOutput) ElementType

func (DenyPolicyMapOutput) ElementType() reflect.Type

func (DenyPolicyMapOutput) MapIndex

func (DenyPolicyMapOutput) ToDenyPolicyMapOutput

func (o DenyPolicyMapOutput) ToDenyPolicyMapOutput() DenyPolicyMapOutput

func (DenyPolicyMapOutput) ToDenyPolicyMapOutputWithContext

func (o DenyPolicyMapOutput) ToDenyPolicyMapOutputWithContext(ctx context.Context) DenyPolicyMapOutput

type DenyPolicyOutput

type DenyPolicyOutput struct{ *pulumi.OutputState }

func (DenyPolicyOutput) DisplayName

func (o DenyPolicyOutput) DisplayName() pulumi.StringPtrOutput

The display name of the rule.

func (DenyPolicyOutput) ElementType

func (DenyPolicyOutput) ElementType() reflect.Type

func (DenyPolicyOutput) Etag

The hash of the resource. Used internally during updates.

func (DenyPolicyOutput) Name

The name of the policy.

func (DenyPolicyOutput) Parent

The attachment point is identified by its URL-encoded full resource name.

func (DenyPolicyOutput) Rules

Rules to be applied. Structure is documented below.

func (DenyPolicyOutput) ToDenyPolicyOutput

func (o DenyPolicyOutput) ToDenyPolicyOutput() DenyPolicyOutput

func (DenyPolicyOutput) ToDenyPolicyOutputWithContext

func (o DenyPolicyOutput) ToDenyPolicyOutputWithContext(ctx context.Context) DenyPolicyOutput

type DenyPolicyRule

type DenyPolicyRule struct {
	// A deny rule in an IAM deny policy.
	// Structure is documented below.
	DenyRule *DenyPolicyRuleDenyRule `pulumi:"denyRule"`
	// The description of the rule.
	Description *string `pulumi:"description"`
}

type DenyPolicyRuleArgs

type DenyPolicyRuleArgs struct {
	// A deny rule in an IAM deny policy.
	// Structure is documented below.
	DenyRule DenyPolicyRuleDenyRulePtrInput `pulumi:"denyRule"`
	// The description of the rule.
	Description pulumi.StringPtrInput `pulumi:"description"`
}

func (DenyPolicyRuleArgs) ElementType

func (DenyPolicyRuleArgs) ElementType() reflect.Type

func (DenyPolicyRuleArgs) ToDenyPolicyRuleOutput

func (i DenyPolicyRuleArgs) ToDenyPolicyRuleOutput() DenyPolicyRuleOutput

func (DenyPolicyRuleArgs) ToDenyPolicyRuleOutputWithContext

func (i DenyPolicyRuleArgs) ToDenyPolicyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleOutput

type DenyPolicyRuleArray

type DenyPolicyRuleArray []DenyPolicyRuleInput

func (DenyPolicyRuleArray) ElementType

func (DenyPolicyRuleArray) ElementType() reflect.Type

func (DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutput

func (i DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput

func (DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutputWithContext

func (i DenyPolicyRuleArray) ToDenyPolicyRuleArrayOutputWithContext(ctx context.Context) DenyPolicyRuleArrayOutput

type DenyPolicyRuleArrayInput

type DenyPolicyRuleArrayInput interface {
	pulumi.Input

	ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput
	ToDenyPolicyRuleArrayOutputWithContext(context.Context) DenyPolicyRuleArrayOutput
}

DenyPolicyRuleArrayInput is an input type that accepts DenyPolicyRuleArray and DenyPolicyRuleArrayOutput values. You can construct a concrete instance of `DenyPolicyRuleArrayInput` via:

DenyPolicyRuleArray{ DenyPolicyRuleArgs{...} }

type DenyPolicyRuleArrayOutput

type DenyPolicyRuleArrayOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleArrayOutput) ElementType

func (DenyPolicyRuleArrayOutput) ElementType() reflect.Type

func (DenyPolicyRuleArrayOutput) Index

func (DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutput

func (o DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutput() DenyPolicyRuleArrayOutput

func (DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutputWithContext

func (o DenyPolicyRuleArrayOutput) ToDenyPolicyRuleArrayOutputWithContext(ctx context.Context) DenyPolicyRuleArrayOutput

type DenyPolicyRuleDenyRule

type DenyPolicyRuleDenyRule struct {
	// User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
	// Structure is documented below.
	DenialCondition *DenyPolicyRuleDenyRuleDenialCondition `pulumi:"denialCondition"`
	// The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`,
	// where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.
	DeniedPermissions []string `pulumi:"deniedPermissions"`
	// The identities that are prevented from using one or more permissions on Google Cloud resources.
	DeniedPrincipals []string `pulumi:"deniedPrincipals"`
	// Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
	// If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.
	// The excluded permissions can be specified using the same syntax as deniedPermissions.
	ExceptionPermissions []string `pulumi:"exceptionPermissions"`
	// The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.
	// For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.
	ExceptionPrincipals []string `pulumi:"exceptionPrincipals"`
}

type DenyPolicyRuleDenyRuleArgs

type DenyPolicyRuleDenyRuleArgs struct {
	// User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
	// Structure is documented below.
	DenialCondition DenyPolicyRuleDenyRuleDenialConditionPtrInput `pulumi:"denialCondition"`
	// The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`,
	// where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.
	DeniedPermissions pulumi.StringArrayInput `pulumi:"deniedPermissions"`
	// The identities that are prevented from using one or more permissions on Google Cloud resources.
	DeniedPrincipals pulumi.StringArrayInput `pulumi:"deniedPrincipals"`
	// Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
	// If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.
	// The excluded permissions can be specified using the same syntax as deniedPermissions.
	ExceptionPermissions pulumi.StringArrayInput `pulumi:"exceptionPermissions"`
	// The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.
	// For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.
	ExceptionPrincipals pulumi.StringArrayInput `pulumi:"exceptionPrincipals"`
}

func (DenyPolicyRuleDenyRuleArgs) ElementType

func (DenyPolicyRuleDenyRuleArgs) ElementType() reflect.Type

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutput

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutputWithContext

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutput

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutputWithContext

func (i DenyPolicyRuleDenyRuleArgs) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleDenyRuleDenialCondition

type DenyPolicyRuleDenyRuleDenialCondition struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location *string `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type DenyPolicyRuleDenyRuleDenialConditionArgs

type DenyPolicyRuleDenyRuleDenialConditionArgs struct {
	// Description of the expression. This is a longer text which describes the expression,
	// e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// String indicating the location of the expression for error reporting,
	// e.g. a file name and a position in the file.
	//
	// ***
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ElementType

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutput

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext

func (i DenyPolicyRuleDenyRuleDenialConditionArgs) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleDenialConditionInput

type DenyPolicyRuleDenyRuleDenialConditionInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput
	ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput
}

DenyPolicyRuleDenyRuleDenialConditionInput is an input type that accepts DenyPolicyRuleDenyRuleDenialConditionArgs and DenyPolicyRuleDenyRuleDenialConditionOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleDenialConditionInput` via:

DenyPolicyRuleDenyRuleDenialConditionArgs{...}

type DenyPolicyRuleDenyRuleDenialConditionOutput

type DenyPolicyRuleDenyRuleDenialConditionOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Description

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ElementType

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Location

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (DenyPolicyRuleDenyRuleDenialConditionOutput) Title

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutput

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutput() DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext

func (o DenyPolicyRuleDenyRuleDenialConditionOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleDenialConditionPtrInput

type DenyPolicyRuleDenyRuleDenialConditionPtrInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput
	ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput
}

DenyPolicyRuleDenyRuleDenialConditionPtrInput is an input type that accepts DenyPolicyRuleDenyRuleDenialConditionArgs, DenyPolicyRuleDenyRuleDenialConditionPtr and DenyPolicyRuleDenyRuleDenialConditionPtrOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleDenialConditionPtrInput` via:

        DenyPolicyRuleDenyRuleDenialConditionArgs{...}

or:

        nil

type DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleDenialConditionPtrOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Description

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Elem

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ElementType

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Location

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

***

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) Title

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutput() DenyPolicyRuleDenyRuleDenialConditionPtrOutput

func (DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext

func (o DenyPolicyRuleDenyRuleDenialConditionPtrOutput) ToDenyPolicyRuleDenyRuleDenialConditionPtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleDenialConditionPtrOutput

type DenyPolicyRuleDenyRuleInput

type DenyPolicyRuleDenyRuleInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput
	ToDenyPolicyRuleDenyRuleOutputWithContext(context.Context) DenyPolicyRuleDenyRuleOutput
}

DenyPolicyRuleDenyRuleInput is an input type that accepts DenyPolicyRuleDenyRuleArgs and DenyPolicyRuleDenyRuleOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRuleInput` via:

DenyPolicyRuleDenyRuleArgs{...}

type DenyPolicyRuleDenyRuleOutput

type DenyPolicyRuleDenyRuleOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRuleOutput) DenialCondition

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

func (DenyPolicyRuleDenyRuleOutput) DeniedPermissions

The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.

func (DenyPolicyRuleDenyRuleOutput) DeniedPrincipals

The identities that are prevented from using one or more permissions on Google Cloud resources.

func (DenyPolicyRuleDenyRuleOutput) ElementType

func (DenyPolicyRuleDenyRuleOutput) ExceptionPermissions

func (o DenyPolicyRuleDenyRuleOutput) ExceptionPermissions() pulumi.StringArrayOutput

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

func (DenyPolicyRuleDenyRuleOutput) ExceptionPrincipals

func (o DenyPolicyRuleDenyRuleOutput) ExceptionPrincipals() pulumi.StringArrayOutput

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutput

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutput() DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutputWithContext

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRuleOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutput

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext

func (o DenyPolicyRuleDenyRuleOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleDenyRulePtrInput

type DenyPolicyRuleDenyRulePtrInput interface {
	pulumi.Input

	ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput
	ToDenyPolicyRuleDenyRulePtrOutputWithContext(context.Context) DenyPolicyRuleDenyRulePtrOutput
}

DenyPolicyRuleDenyRulePtrInput is an input type that accepts DenyPolicyRuleDenyRuleArgs, DenyPolicyRuleDenyRulePtr and DenyPolicyRuleDenyRulePtrOutput values. You can construct a concrete instance of `DenyPolicyRuleDenyRulePtrInput` via:

        DenyPolicyRuleDenyRuleArgs{...}

or:

        nil

type DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleDenyRulePtrOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleDenyRulePtrOutput) DenialCondition

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

func (DenyPolicyRuleDenyRulePtrOutput) DeniedPermissions

The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.

func (DenyPolicyRuleDenyRulePtrOutput) DeniedPrincipals

The identities that are prevented from using one or more permissions on Google Cloud resources.

func (DenyPolicyRuleDenyRulePtrOutput) Elem

func (DenyPolicyRuleDenyRulePtrOutput) ElementType

func (DenyPolicyRuleDenyRulePtrOutput) ExceptionPermissions

func (o DenyPolicyRuleDenyRulePtrOutput) ExceptionPermissions() pulumi.StringArrayOutput

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

func (DenyPolicyRuleDenyRulePtrOutput) ExceptionPrincipals

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

func (DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutput

func (o DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutput() DenyPolicyRuleDenyRulePtrOutput

func (DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext

func (o DenyPolicyRuleDenyRulePtrOutput) ToDenyPolicyRuleDenyRulePtrOutputWithContext(ctx context.Context) DenyPolicyRuleDenyRulePtrOutput

type DenyPolicyRuleInput

type DenyPolicyRuleInput interface {
	pulumi.Input

	ToDenyPolicyRuleOutput() DenyPolicyRuleOutput
	ToDenyPolicyRuleOutputWithContext(context.Context) DenyPolicyRuleOutput
}

DenyPolicyRuleInput is an input type that accepts DenyPolicyRuleArgs and DenyPolicyRuleOutput values. You can construct a concrete instance of `DenyPolicyRuleInput` via:

DenyPolicyRuleArgs{...}

type DenyPolicyRuleOutput

type DenyPolicyRuleOutput struct{ *pulumi.OutputState }

func (DenyPolicyRuleOutput) DenyRule

A deny rule in an IAM deny policy. Structure is documented below.

func (DenyPolicyRuleOutput) Description

The description of the rule.

func (DenyPolicyRuleOutput) ElementType

func (DenyPolicyRuleOutput) ElementType() reflect.Type

func (DenyPolicyRuleOutput) ToDenyPolicyRuleOutput

func (o DenyPolicyRuleOutput) ToDenyPolicyRuleOutput() DenyPolicyRuleOutput

func (DenyPolicyRuleOutput) ToDenyPolicyRuleOutputWithContext

func (o DenyPolicyRuleOutput) ToDenyPolicyRuleOutputWithContext(ctx context.Context) DenyPolicyRuleOutput

type DenyPolicyState

type DenyPolicyState struct {
	// The display name of the rule.
	DisplayName pulumi.StringPtrInput
	// The hash of the resource. Used internally during updates.
	Etag pulumi.StringPtrInput
	// The name of the policy.
	Name pulumi.StringPtrInput
	// The attachment point is identified by its URL-encoded full resource name.
	Parent pulumi.StringPtrInput
	// Rules to be applied.
	// Structure is documented below.
	Rules DenyPolicyRuleArrayInput
}

func (DenyPolicyState) ElementType

func (DenyPolicyState) ElementType() reflect.Type

type GetRuleArgs

type GetRuleArgs struct {
	// The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getRule.

type GetRuleOutputArgs

type GetRuleOutputArgs struct {
	// The name of the Role to lookup in the form `roles/{ROLE_NAME}`, `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}` or `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
	Name pulumi.StringInput `pulumi:"name"`
}

A collection of arguments for invoking getRule.

func (GetRuleOutputArgs) ElementType

func (GetRuleOutputArgs) ElementType() reflect.Type

type GetRuleResult

type GetRuleResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get`
	IncludedPermissions []string `pulumi:"includedPermissions"`
	Name                string   `pulumi:"name"`
	// indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`.
	Stage string `pulumi:"stage"`
	// is a friendly title for the role, such as "Role Viewer"
	Title string `pulumi:"title"`
}

A collection of values returned by getRule.

func GetRule

func GetRule(ctx *pulumi.Context, args *GetRuleArgs, opts ...pulumi.InvokeOption) (*GetRuleResult, error)

Use this data source to get information about a Google IAM Role.

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		roleinfo, err := iam.GetRule(ctx, &iam.GetRuleArgs{
			Name: "roles/compute.viewer",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("theRolePermissions", roleinfo.IncludedPermissions)
		return nil
	})
}

```

type GetRuleResultOutput

type GetRuleResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getRule.

func (GetRuleResultOutput) ElementType

func (GetRuleResultOutput) ElementType() reflect.Type

func (GetRuleResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (GetRuleResultOutput) IncludedPermissions

func (o GetRuleResultOutput) IncludedPermissions() pulumi.StringArrayOutput

specifies the list of one or more permissions to include in the custom role, such as - `iam.roles.get`

func (GetRuleResultOutput) Name

func (GetRuleResultOutput) Stage

indicates the stage of a role in the launch lifecycle, such as `GA`, `BETA` or `ALPHA`.

func (GetRuleResultOutput) Title

is a friendly title for the role, such as "Role Viewer"

func (GetRuleResultOutput) ToGetRuleResultOutput

func (o GetRuleResultOutput) ToGetRuleResultOutput() GetRuleResultOutput

func (GetRuleResultOutput) ToGetRuleResultOutputWithContext

func (o GetRuleResultOutput) ToGetRuleResultOutputWithContext(ctx context.Context) GetRuleResultOutput

type GetTestablePermissionsArgs

type GetTestablePermissionsArgs struct {
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel *string `pulumi:"customSupportLevel"`
	// See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail.
	FullResourceName string `pulumi:"fullResourceName"`
	// The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`.
	Stages []string `pulumi:"stages"`
}

A collection of arguments for invoking getTestablePermissions.

type GetTestablePermissionsOutputArgs

type GetTestablePermissionsOutputArgs struct {
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel pulumi.StringPtrInput `pulumi:"customSupportLevel"`
	// See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail.
	FullResourceName pulumi.StringInput `pulumi:"fullResourceName"`
	// The acceptable release stages of the permission in the output. Note that `BETA` does not include permissions in `GA`, but you can specify both with `["GA", "BETA"]` for example. Can be a list of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `["GA"]`.
	Stages pulumi.StringArrayInput `pulumi:"stages"`
}

A collection of arguments for invoking getTestablePermissions.

func (GetTestablePermissionsOutputArgs) ElementType

type GetTestablePermissionsPermission

type GetTestablePermissionsPermission struct {
	// Whether the corresponding API has been enabled for the resource.
	ApiDisabled bool `pulumi:"apiDisabled"`
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel string `pulumi:"customSupportLevel"`
	// Name of the permission.
	Name string `pulumi:"name"`
	// Release stage of the permission.
	Stage string `pulumi:"stage"`
	// Human readable title of the permission.
	Title string `pulumi:"title"`
}

type GetTestablePermissionsPermissionArgs

type GetTestablePermissionsPermissionArgs struct {
	// Whether the corresponding API has been enabled for the resource.
	ApiDisabled pulumi.BoolInput `pulumi:"apiDisabled"`
	// The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
	CustomSupportLevel pulumi.StringInput `pulumi:"customSupportLevel"`
	// Name of the permission.
	Name pulumi.StringInput `pulumi:"name"`
	// Release stage of the permission.
	Stage pulumi.StringInput `pulumi:"stage"`
	// Human readable title of the permission.
	Title pulumi.StringInput `pulumi:"title"`
}

func (GetTestablePermissionsPermissionArgs) ElementType

func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput

func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput

func (GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext

func (i GetTestablePermissionsPermissionArgs) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput

type GetTestablePermissionsPermissionArray

type GetTestablePermissionsPermissionArray []GetTestablePermissionsPermissionInput

func (GetTestablePermissionsPermissionArray) ElementType

func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput

func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput

func (GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext

func (i GetTestablePermissionsPermissionArray) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionArrayInput

type GetTestablePermissionsPermissionArrayInput interface {
	pulumi.Input

	ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput
	ToGetTestablePermissionsPermissionArrayOutputWithContext(context.Context) GetTestablePermissionsPermissionArrayOutput
}

GetTestablePermissionsPermissionArrayInput is an input type that accepts GetTestablePermissionsPermissionArray and GetTestablePermissionsPermissionArrayOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionArrayInput` via:

GetTestablePermissionsPermissionArray{ GetTestablePermissionsPermissionArgs{...} }

type GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionArrayOutput struct{ *pulumi.OutputState }

func (GetTestablePermissionsPermissionArrayOutput) ElementType

func (GetTestablePermissionsPermissionArrayOutput) Index

func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput

func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutput() GetTestablePermissionsPermissionArrayOutput

func (GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext

func (o GetTestablePermissionsPermissionArrayOutput) ToGetTestablePermissionsPermissionArrayOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionArrayOutput

type GetTestablePermissionsPermissionInput

type GetTestablePermissionsPermissionInput interface {
	pulumi.Input

	ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput
	ToGetTestablePermissionsPermissionOutputWithContext(context.Context) GetTestablePermissionsPermissionOutput
}

GetTestablePermissionsPermissionInput is an input type that accepts GetTestablePermissionsPermissionArgs and GetTestablePermissionsPermissionOutput values. You can construct a concrete instance of `GetTestablePermissionsPermissionInput` via:

GetTestablePermissionsPermissionArgs{...}

type GetTestablePermissionsPermissionOutput

type GetTestablePermissionsPermissionOutput struct{ *pulumi.OutputState }

func (GetTestablePermissionsPermissionOutput) ApiDisabled

Whether the corresponding API has been enabled for the resource.

func (GetTestablePermissionsPermissionOutput) CustomSupportLevel

The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`

func (GetTestablePermissionsPermissionOutput) ElementType

func (GetTestablePermissionsPermissionOutput) Name

Name of the permission.

func (GetTestablePermissionsPermissionOutput) Stage

Release stage of the permission.

func (GetTestablePermissionsPermissionOutput) Title

Human readable title of the permission.

func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput

func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutput() GetTestablePermissionsPermissionOutput

func (GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext

func (o GetTestablePermissionsPermissionOutput) ToGetTestablePermissionsPermissionOutputWithContext(ctx context.Context) GetTestablePermissionsPermissionOutput

type GetTestablePermissionsResult

type GetTestablePermissionsResult struct {
	// The the support level of this permission for custom roles.
	CustomSupportLevel *string `pulumi:"customSupportLevel"`
	FullResourceName   string  `pulumi:"fullResourceName"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// A list of permissions matching the provided input. Structure is defined below.
	Permissions []GetTestablePermissionsPermission `pulumi:"permissions"`
	Stages      []string                           `pulumi:"stages"`
}

A collection of values returned by getTestablePermissions.

func GetTestablePermissions

func GetTestablePermissions(ctx *pulumi.Context, args *GetTestablePermissionsArgs, opts ...pulumi.InvokeOption) (*GetTestablePermissionsResult, error)

Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.

## Example Usage

Retrieve all the supported permissions able to be set on `my-project` that are in either GA or BETA. This is useful for dynamically constructing custom roles.

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.GetTestablePermissions(ctx, &iam.GetTestablePermissionsArgs{
			FullResourceName: "//cloudresourcemanager.googleapis.com/projects/my-project",
			Stages: []string{
				"GA",
				"BETA",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetTestablePermissionsResultOutput

type GetTestablePermissionsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getTestablePermissions.

func (GetTestablePermissionsResultOutput) CustomSupportLevel

The the support level of this permission for custom roles.

func (GetTestablePermissionsResultOutput) ElementType

func (GetTestablePermissionsResultOutput) FullResourceName

func (GetTestablePermissionsResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (GetTestablePermissionsResultOutput) Permissions

A list of permissions matching the provided input. Structure is defined below.

func (GetTestablePermissionsResultOutput) Stages

func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput

func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutput() GetTestablePermissionsResultOutput

func (GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext

func (o GetTestablePermissionsResultOutput) ToGetTestablePermissionsResultOutputWithContext(ctx context.Context) GetTestablePermissionsResultOutput

type GetWorkloadIdentityPoolProviderAw

type GetWorkloadIdentityPoolProviderAw struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

type GetWorkloadIdentityPoolProviderAwArgs

type GetWorkloadIdentityPoolProviderAwArgs struct {
	// The AWS account ID.
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

func (GetWorkloadIdentityPoolProviderAwArgs) ElementType

func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput

func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput

func (GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext

func (i GetWorkloadIdentityPoolProviderAwArgs) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderAwArray

type GetWorkloadIdentityPoolProviderAwArray []GetWorkloadIdentityPoolProviderAwInput

func (GetWorkloadIdentityPoolProviderAwArray) ElementType

func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput

func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput

func (GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext

func (i GetWorkloadIdentityPoolProviderAwArray) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwArrayInput

type GetWorkloadIdentityPoolProviderAwArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput
	ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput
}

GetWorkloadIdentityPoolProviderAwArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArray and GetWorkloadIdentityPoolProviderAwArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwArrayInput` via:

GetWorkloadIdentityPoolProviderAwArray{ GetWorkloadIdentityPoolProviderAwArgs{...} }

type GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ElementType

func (GetWorkloadIdentityPoolProviderAwArrayOutput) Index

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput

func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutput() GetWorkloadIdentityPoolProviderAwArrayOutput

func (GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext

func (o GetWorkloadIdentityPoolProviderAwArrayOutput) ToGetWorkloadIdentityPoolProviderAwArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwArrayOutput

type GetWorkloadIdentityPoolProviderAwInput

type GetWorkloadIdentityPoolProviderAwInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput
	ToGetWorkloadIdentityPoolProviderAwOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderAwOutput
}

GetWorkloadIdentityPoolProviderAwInput is an input type that accepts GetWorkloadIdentityPoolProviderAwArgs and GetWorkloadIdentityPoolProviderAwOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderAwInput` via:

GetWorkloadIdentityPoolProviderAwArgs{...}

type GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderAwOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderAwOutput) AccountId

The AWS account ID.

func (GetWorkloadIdentityPoolProviderAwOutput) ElementType

func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput

func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutput() GetWorkloadIdentityPoolProviderAwOutput

func (GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext

func (o GetWorkloadIdentityPoolProviderAwOutput) ToGetWorkloadIdentityPoolProviderAwOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderAwOutput

type GetWorkloadIdentityPoolProviderOidc

type GetWorkloadIdentityPoolProviderOidc struct {
	// Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	//
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	// ”'
	// //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// ”'
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the 'jwks_uri' from the discovery document fetched from the
	// .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	// ”'
	// {
	//   "keys": [
	//     {
	//           "kty": "RSA/EC",
	//           "alg": "<algorithm>",
	//           "use": "sig",
	//           "kid": "<key-id>",
	//           "n": "",
	//           "e": "",
	//           "x": "",
	//           "y": "",
	//           "crv": ""
	//     }
	//   ]
	// }
	// ”'
	JwksJson string `pulumi:"jwksJson"`
}

type GetWorkloadIdentityPoolProviderOidcArgs

type GetWorkloadIdentityPoolProviderOidcArgs struct {
	// Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	//
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	// ”'
	// //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
	// ”'
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the 'jwks_uri' from the discovery document fetched from the
	// .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	// ”'
	// {
	//   "keys": [
	//     {
	//           "kty": "RSA/EC",
	//           "alg": "<algorithm>",
	//           "use": "sig",
	//           "kid": "<key-id>",
	//           "n": "",
	//           "e": "",
	//           "x": "",
	//           "y": "",
	//           "crv": ""
	//     }
	//   ]
	// }
	// ”'
	JwksJson pulumi.StringInput `pulumi:"jwksJson"`
}

func (GetWorkloadIdentityPoolProviderOidcArgs) ElementType

func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput

func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput

func (GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext

func (i GetWorkloadIdentityPoolProviderOidcArgs) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput

type GetWorkloadIdentityPoolProviderOidcArray

type GetWorkloadIdentityPoolProviderOidcArray []GetWorkloadIdentityPoolProviderOidcInput

func (GetWorkloadIdentityPoolProviderOidcArray) ElementType

func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput

func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput

func (GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext

func (i GetWorkloadIdentityPoolProviderOidcArray) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcArrayInput

type GetWorkloadIdentityPoolProviderOidcArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput
	ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput
}

GetWorkloadIdentityPoolProviderOidcArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArray and GetWorkloadIdentityPoolProviderOidcArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcArrayInput` via:

GetWorkloadIdentityPoolProviderOidcArray{ GetWorkloadIdentityPoolProviderOidcArgs{...} }

type GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ElementType

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) Index

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput

func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutput() GetWorkloadIdentityPoolProviderOidcArrayOutput

func (GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext

func (o GetWorkloadIdentityPoolProviderOidcArrayOutput) ToGetWorkloadIdentityPoolProviderOidcArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcArrayOutput

type GetWorkloadIdentityPoolProviderOidcInput

type GetWorkloadIdentityPoolProviderOidcInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput
	ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderOidcOutput
}

GetWorkloadIdentityPoolProviderOidcInput is an input type that accepts GetWorkloadIdentityPoolProviderOidcArgs and GetWorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderOidcInput` via:

GetWorkloadIdentityPoolProviderOidcArgs{...}

type GetWorkloadIdentityPoolProviderOidcOutput

type GetWorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderOidcOutput) AllowedAudiences

Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ”' //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id> https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id> ”'

func (GetWorkloadIdentityPoolProviderOidcOutput) ElementType

func (GetWorkloadIdentityPoolProviderOidcOutput) IssuerUri

The OIDC issuer URL.

func (GetWorkloadIdentityPoolProviderOidcOutput) JwksJson

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ”'

{
  "keys": [
    {
          "kty": "RSA/EC",
          "alg": "<algorithm>",
          "use": "sig",
          "kid": "<key-id>",
          "n": "",
          "e": "",
          "x": "",
          "y": "",
          "crv": ""
    }
  ]
}

”'

func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput

func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutput() GetWorkloadIdentityPoolProviderOidcOutput

func (GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext

func (o GetWorkloadIdentityPoolProviderOidcOutput) ToGetWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderOidcOutput

type GetWorkloadIdentityPoolProviderSaml

type GetWorkloadIdentityPoolProviderSaml struct {
	// SAML Identity provider configuration metadata xml doc.
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

type GetWorkloadIdentityPoolProviderSamlArgs

type GetWorkloadIdentityPoolProviderSamlArgs struct {
	// SAML Identity provider configuration metadata xml doc.
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

func (GetWorkloadIdentityPoolProviderSamlArgs) ElementType

func (GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutput

func (i GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutput() GetWorkloadIdentityPoolProviderSamlOutput

func (GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext

func (i GetWorkloadIdentityPoolProviderSamlArgs) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlOutput

type GetWorkloadIdentityPoolProviderSamlArray

type GetWorkloadIdentityPoolProviderSamlArray []GetWorkloadIdentityPoolProviderSamlInput

func (GetWorkloadIdentityPoolProviderSamlArray) ElementType

func (GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutput

func (i GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutput() GetWorkloadIdentityPoolProviderSamlArrayOutput

func (GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext

func (i GetWorkloadIdentityPoolProviderSamlArray) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlArrayOutput

type GetWorkloadIdentityPoolProviderSamlArrayInput

type GetWorkloadIdentityPoolProviderSamlArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderSamlArrayOutput() GetWorkloadIdentityPoolProviderSamlArrayOutput
	ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderSamlArrayOutput
}

GetWorkloadIdentityPoolProviderSamlArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderSamlArray and GetWorkloadIdentityPoolProviderSamlArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderSamlArrayInput` via:

GetWorkloadIdentityPoolProviderSamlArray{ GetWorkloadIdentityPoolProviderSamlArgs{...} }

type GetWorkloadIdentityPoolProviderSamlArrayOutput

type GetWorkloadIdentityPoolProviderSamlArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) ElementType

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) Index

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutput

func (o GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutput() GetWorkloadIdentityPoolProviderSamlArrayOutput

func (GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext

func (o GetWorkloadIdentityPoolProviderSamlArrayOutput) ToGetWorkloadIdentityPoolProviderSamlArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlArrayOutput

type GetWorkloadIdentityPoolProviderSamlInput

type GetWorkloadIdentityPoolProviderSamlInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderSamlOutput() GetWorkloadIdentityPoolProviderSamlOutput
	ToGetWorkloadIdentityPoolProviderSamlOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderSamlOutput
}

GetWorkloadIdentityPoolProviderSamlInput is an input type that accepts GetWorkloadIdentityPoolProviderSamlArgs and GetWorkloadIdentityPoolProviderSamlOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderSamlInput` via:

GetWorkloadIdentityPoolProviderSamlArgs{...}

type GetWorkloadIdentityPoolProviderSamlOutput

type GetWorkloadIdentityPoolProviderSamlOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderSamlOutput) ElementType

func (GetWorkloadIdentityPoolProviderSamlOutput) IdpMetadataXml

SAML Identity provider configuration metadata xml doc.

func (GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutput

func (o GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutput() GetWorkloadIdentityPoolProviderSamlOutput

func (GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext

func (o GetWorkloadIdentityPoolProviderSamlOutput) ToGetWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderSamlOutput

type GetWorkloadIdentityPoolProviderX509 added in v8.1.0

type GetWorkloadIdentityPoolProviderX509 struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStores []GetWorkloadIdentityPoolProviderX509TrustStore `pulumi:"trustStores"`
}

type GetWorkloadIdentityPoolProviderX509Args added in v8.1.0

type GetWorkloadIdentityPoolProviderX509Args struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStores GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput `pulumi:"trustStores"`
}

func (GetWorkloadIdentityPoolProviderX509Args) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509Output added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509Output() GetWorkloadIdentityPoolProviderX509Output

func (GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509Args) ToGetWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509Output

type GetWorkloadIdentityPoolProviderX509Array added in v8.1.0

type GetWorkloadIdentityPoolProviderX509Array []GetWorkloadIdentityPoolProviderX509Input

func (GetWorkloadIdentityPoolProviderX509Array) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutput added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutput() GetWorkloadIdentityPoolProviderX509ArrayOutput

func (GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509Array) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509ArrayOutput

type GetWorkloadIdentityPoolProviderX509ArrayInput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509ArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509ArrayOutput() GetWorkloadIdentityPoolProviderX509ArrayOutput
	ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509ArrayOutput
}

GetWorkloadIdentityPoolProviderX509ArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509Array and GetWorkloadIdentityPoolProviderX509ArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509ArrayInput` via:

GetWorkloadIdentityPoolProviderX509Array{ GetWorkloadIdentityPoolProviderX509Args{...} }

type GetWorkloadIdentityPoolProviderX509ArrayOutput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509ArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) Index added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutput added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutput() GetWorkloadIdentityPoolProviderX509ArrayOutput

func (GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509ArrayOutput) ToGetWorkloadIdentityPoolProviderX509ArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509ArrayOutput

type GetWorkloadIdentityPoolProviderX509Input added in v8.1.0

type GetWorkloadIdentityPoolProviderX509Input interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509Output() GetWorkloadIdentityPoolProviderX509Output
	ToGetWorkloadIdentityPoolProviderX509OutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509Output
}

GetWorkloadIdentityPoolProviderX509Input is an input type that accepts GetWorkloadIdentityPoolProviderX509Args and GetWorkloadIdentityPoolProviderX509Output values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509Input` via:

GetWorkloadIdentityPoolProviderX509Args{...}

type GetWorkloadIdentityPoolProviderX509Output added in v8.1.0

type GetWorkloadIdentityPoolProviderX509Output struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509Output) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509Output added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509Output() GetWorkloadIdentityPoolProviderX509Output

func (GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509Output) ToGetWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509Output

func (GetWorkloadIdentityPoolProviderX509Output) TrustStores added in v8.1.0

A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.

type GetWorkloadIdentityPoolProviderX509TrustStore added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStore struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	IntermediateCas []GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	TrustAnchors []GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor `pulumi:"trustAnchors"`
}

type GetWorkloadIdentityPoolProviderX509TrustStoreArgs added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreArgs struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	IntermediateCas GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	TrustAnchors GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput `pulumi:"trustAnchors"`
}

func (GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput() GetWorkloadIdentityPoolProviderX509TrustStoreOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreArray added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreArray []GetWorkloadIdentityPoolProviderX509TrustStoreInput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArray) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreArray and GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreArrayInput` via:

GetWorkloadIdentityPoolProviderX509TrustStoreArray{ GetWorkloadIdentityPoolProviderX509TrustStoreArgs{...} }

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) Index added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreInput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput() GetWorkloadIdentityPoolProviderX509TrustStoreOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreArgs and GetWorkloadIdentityPoolProviderX509TrustStoreOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreInput` via:

GetWorkloadIdentityPoolProviderX509TrustStoreArgs{...}

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate string `pulumi:"pemCertificate"`
}

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringInput `pulumi:"pemCertificate"`
}

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray []GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray and GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput` via:

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{ GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...} }

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) Index added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs and GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput` via:

GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...}

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) PemCertificate added in v8.1.0

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) IntermediateCas added in v8.1.0

Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutput() GetWorkloadIdentityPoolProviderX509TrustStoreOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509TrustStoreOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreOutput

func (GetWorkloadIdentityPoolProviderX509TrustStoreOutput) TrustAnchors added in v8.1.0

List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate string `pulumi:"pemCertificate"`
}

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringInput `pulumi:"pemCertificate"`
}

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray []GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0

func (i GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray and GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput` via:

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{ GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...} }

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) Index added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput interface {
	pulumi.Input

	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
	ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
}

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput is an input type that accepts GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs and GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput values. You can construct a concrete instance of `GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput` via:

GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...}

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0

type GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput struct{ *pulumi.OutputState }

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ElementType added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) PemCertificate added in v8.1.0

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0

func (GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0

func (o GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToGetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type LookupWorkloadIdentityPoolArgs

type LookupWorkloadIdentityPoolArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project *string `pulumi:"project"`
	// The id of the pool which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"`
}

A collection of arguments for invoking getWorkloadIdentityPool.

type LookupWorkloadIdentityPoolOutputArgs

type LookupWorkloadIdentityPoolOutputArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
	// The id of the pool which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"`
}

A collection of arguments for invoking getWorkloadIdentityPool.

func (LookupWorkloadIdentityPoolOutputArgs) ElementType

type LookupWorkloadIdentityPoolProviderArgs

type LookupWorkloadIdentityPoolProviderArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project *string `pulumi:"project"`
	// The id of the pool which is the
	// final component of the pool resource name.
	WorkloadIdentityPoolId string `pulumi:"workloadIdentityPoolId"`
	// The id of the provider which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolProviderId string `pulumi:"workloadIdentityPoolProviderId"`
}

A collection of arguments for invoking getWorkloadIdentityPoolProvider.

type LookupWorkloadIdentityPoolProviderOutputArgs

type LookupWorkloadIdentityPoolProviderOutputArgs struct {
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
	// The id of the pool which is the
	// final component of the pool resource name.
	WorkloadIdentityPoolId pulumi.StringInput `pulumi:"workloadIdentityPoolId"`
	// The id of the provider which is the
	// final component of the resource name.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringInput `pulumi:"workloadIdentityPoolProviderId"`
}

A collection of arguments for invoking getWorkloadIdentityPoolProvider.

func (LookupWorkloadIdentityPoolProviderOutputArgs) ElementType

type LookupWorkloadIdentityPoolProviderResult

type LookupWorkloadIdentityPoolProviderResult struct {
	AttributeCondition string                              `pulumi:"attributeCondition"`
	AttributeMapping   map[string]string                   `pulumi:"attributeMapping"`
	Aws                []GetWorkloadIdentityPoolProviderAw `pulumi:"aws"`
	Description        string                              `pulumi:"description"`
	Disabled           bool                                `pulumi:"disabled"`
	DisplayName        string                              `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                             string                                `pulumi:"id"`
	Name                           string                                `pulumi:"name"`
	Oidcs                          []GetWorkloadIdentityPoolProviderOidc `pulumi:"oidcs"`
	Project                        *string                               `pulumi:"project"`
	Samls                          []GetWorkloadIdentityPoolProviderSaml `pulumi:"samls"`
	State                          string                                `pulumi:"state"`
	WorkloadIdentityPoolId         string                                `pulumi:"workloadIdentityPoolId"`
	WorkloadIdentityPoolProviderId string                                `pulumi:"workloadIdentityPoolProviderId"`
	X509s                          []GetWorkloadIdentityPoolProviderX509 `pulumi:"x509s"`
}

A collection of values returned by getWorkloadIdentityPoolProvider.

func LookupWorkloadIdentityPoolProvider

Get a IAM workload identity provider from Google Cloud by its id.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.LookupWorkloadIdentityPoolProvider(ctx, &iam.LookupWorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         "foo-pool",
			WorkloadIdentityPoolProviderId: "bar-provider",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupWorkloadIdentityPoolProviderResultOutput

type LookupWorkloadIdentityPoolProviderResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getWorkloadIdentityPoolProvider.

func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeCondition

func (LookupWorkloadIdentityPoolProviderResultOutput) AttributeMapping

func (LookupWorkloadIdentityPoolProviderResultOutput) Aws

func (LookupWorkloadIdentityPoolProviderResultOutput) Description

func (LookupWorkloadIdentityPoolProviderResultOutput) Disabled

func (LookupWorkloadIdentityPoolProviderResultOutput) DisplayName

func (LookupWorkloadIdentityPoolProviderResultOutput) ElementType

func (LookupWorkloadIdentityPoolProviderResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupWorkloadIdentityPoolProviderResultOutput) Name

func (LookupWorkloadIdentityPoolProviderResultOutput) Oidcs

func (LookupWorkloadIdentityPoolProviderResultOutput) Project

func (LookupWorkloadIdentityPoolProviderResultOutput) Samls

func (LookupWorkloadIdentityPoolProviderResultOutput) State

func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput

func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutput() LookupWorkloadIdentityPoolProviderResultOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext

func (o LookupWorkloadIdentityPoolProviderResultOutput) ToLookupWorkloadIdentityPoolProviderResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolProviderResultOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolId

func (LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId

func (o LookupWorkloadIdentityPoolProviderResultOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

func (LookupWorkloadIdentityPoolProviderResultOutput) X509s added in v8.1.0

type LookupWorkloadIdentityPoolResult

type LookupWorkloadIdentityPoolResult struct {
	Description string `pulumi:"description"`
	Disabled    bool   `pulumi:"disabled"`
	DisplayName string `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                     string  `pulumi:"id"`
	Name                   string  `pulumi:"name"`
	Project                *string `pulumi:"project"`
	State                  string  `pulumi:"state"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

A collection of values returned by getWorkloadIdentityPool.

func LookupWorkloadIdentityPool

func LookupWorkloadIdentityPool(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolResult, error)

Get a IAM workload identity pool from Google Cloud by its id. > **Note:** The following resource requires the Beta IAM role `roles/iam.workloadIdentityPoolAdmin` in order to succeed. `OWNER` and `EDITOR` roles do not include the necessary permissions. ## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.LookupWorkloadIdentityPool(ctx, &iam.LookupWorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: "foo-pool",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupWorkloadIdentityPoolResultOutput

type LookupWorkloadIdentityPoolResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getWorkloadIdentityPool.

func (LookupWorkloadIdentityPoolResultOutput) Description

func (LookupWorkloadIdentityPoolResultOutput) Disabled

func (LookupWorkloadIdentityPoolResultOutput) DisplayName

func (LookupWorkloadIdentityPoolResultOutput) ElementType

func (LookupWorkloadIdentityPoolResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupWorkloadIdentityPoolResultOutput) Name

func (LookupWorkloadIdentityPoolResultOutput) Project

func (LookupWorkloadIdentityPoolResultOutput) State

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput() LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId

func (o LookupWorkloadIdentityPoolResultOutput) WorkloadIdentityPoolId() pulumi.StringOutput

type WorkforcePool

type WorkforcePool struct {
	pulumi.CustomResourceState

	// Configure access restrictions on the workforce pool users. This is an optional field. If specified web
	// sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	// Structure is documented below.
	AccessRestrictions WorkforcePoolAccessRestrictionsPtrOutput `pulumi:"accessRestrictions"`
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
	// or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The location for the resource.
	Location pulumi.StringOutput `pulumi:"location"`
	// Output only. The resource name of the pool.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}`
	Name pulumi.StringOutput `pulumi:"name"`
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Duration that the Google Cloud access tokens, console sign-in sessions,
	// and `gcloud` sign-in sessions from this pool are valid.
	// Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
	// If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s).
	// A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".
	SessionDuration pulumi.StringPtrOutput `pulumi:"sessionDuration"`
	// Output only. The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted pool using
	//   [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).
	//   You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.
	//   While a pool is deleted, you cannot use it to exchange tokens, or use
	//   existing tokens to access resources. If the pool is undeleted, existing
	//   tokens grant access again.
	State pulumi.StringOutput `pulumi:"state"`
	// The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
	// digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringOutput `pulumi:"workforcePoolId"`
}

Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.

To get more information about WorkforcePool, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools) * How-to Guides

> **Note:** Ask your Google Cloud account team to request access to workforce identity federation for your billing/quota project. The account team notifies you when the project is granted access.

## Example Usage

### Iam Workforce Pool Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
			DisplayName:     pulumi.String("Display name"),
			Description:     pulumi.String("A sample workforce pool."),
			Disabled:        pulumi.Bool(false),
			SessionDuration: pulumi.String("7200s"),
			AccessRestrictions: &iam.WorkforcePoolAccessRestrictionsArgs{
				AllowedServices: iam.WorkforcePoolAccessRestrictionsAllowedServiceArray{
					&iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs{
						Domain: pulumi.String("backstory.chronicle.security"),
					},
				},
				DisableProgrammaticSignin: pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkforcePool can be imported using any of these accepted formats:

* `locations/{{location}}/workforcePools/{{workforce_pool_id}}`

* `{{location}}/{{workforce_pool_id}}`

When using the `pulumi import` command, WorkforcePool can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workforcePool:WorkforcePool default locations/{{location}}/workforcePools/{{workforce_pool_id}} ```

```sh $ pulumi import gcp:iam/workforcePool:WorkforcePool default {{location}}/{{workforce_pool_id}} ```

func GetWorkforcePool

func GetWorkforcePool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolState, opts ...pulumi.ResourceOption) (*WorkforcePool, error)

GetWorkforcePool gets an existing WorkforcePool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePool

func NewWorkforcePool(ctx *pulumi.Context,
	name string, args *WorkforcePoolArgs, opts ...pulumi.ResourceOption) (*WorkforcePool, error)

NewWorkforcePool registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePool) ElementType

func (*WorkforcePool) ElementType() reflect.Type

func (*WorkforcePool) ToWorkforcePoolOutput

func (i *WorkforcePool) ToWorkforcePoolOutput() WorkforcePoolOutput

func (*WorkforcePool) ToWorkforcePoolOutputWithContext

func (i *WorkforcePool) ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput

type WorkforcePoolAccessRestrictions

type WorkforcePoolAccessRestrictions struct {
	// Services allowed for web sign-in with the workforce pool.
	// If not set by default there are no restrictions.
	// Structure is documented below.
	AllowedServices []WorkforcePoolAccessRestrictionsAllowedService `pulumi:"allowedServices"`
	// Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
	// See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
	DisableProgrammaticSignin *bool `pulumi:"disableProgrammaticSignin"`
}

type WorkforcePoolAccessRestrictionsAllowedService

type WorkforcePoolAccessRestrictionsAllowedService struct {
	// Domain name of the service.
	// Example: console.cloud.google
	Domain *string `pulumi:"domain"`
}

type WorkforcePoolAccessRestrictionsAllowedServiceArgs

type WorkforcePoolAccessRestrictionsAllowedServiceArgs struct {
	// Domain name of the service.
	// Example: console.cloud.google
	Domain pulumi.StringPtrInput `pulumi:"domain"`
}

func (WorkforcePoolAccessRestrictionsAllowedServiceArgs) ElementType

func (WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput

func (i WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput() WorkforcePoolAccessRestrictionsAllowedServiceOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext

func (i WorkforcePoolAccessRestrictionsAllowedServiceArgs) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceOutput

type WorkforcePoolAccessRestrictionsAllowedServiceArray

type WorkforcePoolAccessRestrictionsAllowedServiceArray []WorkforcePoolAccessRestrictionsAllowedServiceInput

func (WorkforcePoolAccessRestrictionsAllowedServiceArray) ElementType

func (WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

func (i WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput() WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext

func (i WorkforcePoolAccessRestrictionsAllowedServiceArray) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

type WorkforcePoolAccessRestrictionsAllowedServiceArrayInput

type WorkforcePoolAccessRestrictionsAllowedServiceArrayInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput() WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput
	ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput
}

WorkforcePoolAccessRestrictionsAllowedServiceArrayInput is an input type that accepts WorkforcePoolAccessRestrictionsAllowedServiceArray and WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsAllowedServiceArrayInput` via:

WorkforcePoolAccessRestrictionsAllowedServiceArray{ WorkforcePoolAccessRestrictionsAllowedServiceArgs{...} }

type WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

type WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ElementType

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) Index

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext

func (o WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceArrayOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceArrayOutput

type WorkforcePoolAccessRestrictionsAllowedServiceInput

type WorkforcePoolAccessRestrictionsAllowedServiceInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsAllowedServiceOutput() WorkforcePoolAccessRestrictionsAllowedServiceOutput
	ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsAllowedServiceOutput
}

WorkforcePoolAccessRestrictionsAllowedServiceInput is an input type that accepts WorkforcePoolAccessRestrictionsAllowedServiceArgs and WorkforcePoolAccessRestrictionsAllowedServiceOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsAllowedServiceInput` via:

WorkforcePoolAccessRestrictionsAllowedServiceArgs{...}

type WorkforcePoolAccessRestrictionsAllowedServiceOutput

type WorkforcePoolAccessRestrictionsAllowedServiceOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) Domain

Domain name of the service. Example: console.cloud.google

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) ElementType

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput

func (o WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutput() WorkforcePoolAccessRestrictionsAllowedServiceOutput

func (WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext

func (o WorkforcePoolAccessRestrictionsAllowedServiceOutput) ToWorkforcePoolAccessRestrictionsAllowedServiceOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsAllowedServiceOutput

type WorkforcePoolAccessRestrictionsArgs

type WorkforcePoolAccessRestrictionsArgs struct {
	// Services allowed for web sign-in with the workforce pool.
	// If not set by default there are no restrictions.
	// Structure is documented below.
	AllowedServices WorkforcePoolAccessRestrictionsAllowedServiceArrayInput `pulumi:"allowedServices"`
	// Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
	// See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
	DisableProgrammaticSignin pulumi.BoolPtrInput `pulumi:"disableProgrammaticSignin"`
}

func (WorkforcePoolAccessRestrictionsArgs) ElementType

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutput

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutput() WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutputWithContext

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutput

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput

func (WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext

func (i WorkforcePoolAccessRestrictionsArgs) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsPtrOutput

type WorkforcePoolAccessRestrictionsInput

type WorkforcePoolAccessRestrictionsInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsOutput() WorkforcePoolAccessRestrictionsOutput
	ToWorkforcePoolAccessRestrictionsOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsOutput
}

WorkforcePoolAccessRestrictionsInput is an input type that accepts WorkforcePoolAccessRestrictionsArgs and WorkforcePoolAccessRestrictionsOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsInput` via:

WorkforcePoolAccessRestrictionsArgs{...}

type WorkforcePoolAccessRestrictionsOutput

type WorkforcePoolAccessRestrictionsOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsOutput) AllowedServices

Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.

func (WorkforcePoolAccessRestrictionsOutput) DisableProgrammaticSignin

func (o WorkforcePoolAccessRestrictionsOutput) DisableProgrammaticSignin() pulumi.BoolPtrOutput

Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).

func (WorkforcePoolAccessRestrictionsOutput) ElementType

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutput

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutput() WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutputWithContext

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsOutput

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutput

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput

func (WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext

func (o WorkforcePoolAccessRestrictionsOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsPtrOutput

type WorkforcePoolAccessRestrictionsPtrInput

type WorkforcePoolAccessRestrictionsPtrInput interface {
	pulumi.Input

	ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput
	ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(context.Context) WorkforcePoolAccessRestrictionsPtrOutput
}

WorkforcePoolAccessRestrictionsPtrInput is an input type that accepts WorkforcePoolAccessRestrictionsArgs, WorkforcePoolAccessRestrictionsPtr and WorkforcePoolAccessRestrictionsPtrOutput values. You can construct a concrete instance of `WorkforcePoolAccessRestrictionsPtrInput` via:

        WorkforcePoolAccessRestrictionsArgs{...}

or:

        nil

type WorkforcePoolAccessRestrictionsPtrOutput

type WorkforcePoolAccessRestrictionsPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolAccessRestrictionsPtrOutput) AllowedServices

Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.

func (WorkforcePoolAccessRestrictionsPtrOutput) DisableProgrammaticSignin

func (o WorkforcePoolAccessRestrictionsPtrOutput) DisableProgrammaticSignin() pulumi.BoolPtrOutput

Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).

func (WorkforcePoolAccessRestrictionsPtrOutput) Elem

func (WorkforcePoolAccessRestrictionsPtrOutput) ElementType

func (WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutput

func (o WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutput() WorkforcePoolAccessRestrictionsPtrOutput

func (WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext

func (o WorkforcePoolAccessRestrictionsPtrOutput) ToWorkforcePoolAccessRestrictionsPtrOutputWithContext(ctx context.Context) WorkforcePoolAccessRestrictionsPtrOutput

type WorkforcePoolArgs

type WorkforcePoolArgs struct {
	// Configure access restrictions on the workforce pool users. This is an optional field. If specified web
	// sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	// Structure is documented below.
	AccessRestrictions WorkforcePoolAccessRestrictionsPtrInput
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
	// or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The location for the resource.
	Location pulumi.StringInput
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	//
	// ***
	Parent pulumi.StringInput
	// Duration that the Google Cloud access tokens, console sign-in sessions,
	// and `gcloud` sign-in sessions from this pool are valid.
	// Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
	// If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s).
	// A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".
	SessionDuration pulumi.StringPtrInput
	// The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
	// digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringInput
}

The set of arguments for constructing a WorkforcePool resource.

func (WorkforcePoolArgs) ElementType

func (WorkforcePoolArgs) ElementType() reflect.Type

type WorkforcePoolArray

type WorkforcePoolArray []WorkforcePoolInput

func (WorkforcePoolArray) ElementType

func (WorkforcePoolArray) ElementType() reflect.Type

func (WorkforcePoolArray) ToWorkforcePoolArrayOutput

func (i WorkforcePoolArray) ToWorkforcePoolArrayOutput() WorkforcePoolArrayOutput

func (WorkforcePoolArray) ToWorkforcePoolArrayOutputWithContext

func (i WorkforcePoolArray) ToWorkforcePoolArrayOutputWithContext(ctx context.Context) WorkforcePoolArrayOutput

type WorkforcePoolArrayInput

type WorkforcePoolArrayInput interface {
	pulumi.Input

	ToWorkforcePoolArrayOutput() WorkforcePoolArrayOutput
	ToWorkforcePoolArrayOutputWithContext(context.Context) WorkforcePoolArrayOutput
}

WorkforcePoolArrayInput is an input type that accepts WorkforcePoolArray and WorkforcePoolArrayOutput values. You can construct a concrete instance of `WorkforcePoolArrayInput` via:

WorkforcePoolArray{ WorkforcePoolArgs{...} }

type WorkforcePoolArrayOutput

type WorkforcePoolArrayOutput struct{ *pulumi.OutputState }

func (WorkforcePoolArrayOutput) ElementType

func (WorkforcePoolArrayOutput) ElementType() reflect.Type

func (WorkforcePoolArrayOutput) Index

func (WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutput

func (o WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutput() WorkforcePoolArrayOutput

func (WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutputWithContext

func (o WorkforcePoolArrayOutput) ToWorkforcePoolArrayOutputWithContext(ctx context.Context) WorkforcePoolArrayOutput

type WorkforcePoolInput

type WorkforcePoolInput interface {
	pulumi.Input

	ToWorkforcePoolOutput() WorkforcePoolOutput
	ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput
}

type WorkforcePoolMap

type WorkforcePoolMap map[string]WorkforcePoolInput

func (WorkforcePoolMap) ElementType

func (WorkforcePoolMap) ElementType() reflect.Type

func (WorkforcePoolMap) ToWorkforcePoolMapOutput

func (i WorkforcePoolMap) ToWorkforcePoolMapOutput() WorkforcePoolMapOutput

func (WorkforcePoolMap) ToWorkforcePoolMapOutputWithContext

func (i WorkforcePoolMap) ToWorkforcePoolMapOutputWithContext(ctx context.Context) WorkforcePoolMapOutput

type WorkforcePoolMapInput

type WorkforcePoolMapInput interface {
	pulumi.Input

	ToWorkforcePoolMapOutput() WorkforcePoolMapOutput
	ToWorkforcePoolMapOutputWithContext(context.Context) WorkforcePoolMapOutput
}

WorkforcePoolMapInput is an input type that accepts WorkforcePoolMap and WorkforcePoolMapOutput values. You can construct a concrete instance of `WorkforcePoolMapInput` via:

WorkforcePoolMap{ "key": WorkforcePoolArgs{...} }

type WorkforcePoolMapOutput

type WorkforcePoolMapOutput struct{ *pulumi.OutputState }

func (WorkforcePoolMapOutput) ElementType

func (WorkforcePoolMapOutput) ElementType() reflect.Type

func (WorkforcePoolMapOutput) MapIndex

func (WorkforcePoolMapOutput) ToWorkforcePoolMapOutput

func (o WorkforcePoolMapOutput) ToWorkforcePoolMapOutput() WorkforcePoolMapOutput

func (WorkforcePoolMapOutput) ToWorkforcePoolMapOutputWithContext

func (o WorkforcePoolMapOutput) ToWorkforcePoolMapOutputWithContext(ctx context.Context) WorkforcePoolMapOutput

type WorkforcePoolOutput

type WorkforcePoolOutput struct{ *pulumi.OutputState }

func (WorkforcePoolOutput) AccessRestrictions

Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.

func (WorkforcePoolOutput) Description

func (o WorkforcePoolOutput) Description() pulumi.StringPtrOutput

A user-specified description of the pool. Cannot exceed 256 characters.

func (WorkforcePoolOutput) Disabled

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkforcePoolOutput) DisplayName

func (o WorkforcePoolOutput) DisplayName() pulumi.StringPtrOutput

A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.

func (WorkforcePoolOutput) ElementType

func (WorkforcePoolOutput) ElementType() reflect.Type

func (WorkforcePoolOutput) Location

The location for the resource.

func (WorkforcePoolOutput) Name

Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforcePoolId}`

func (WorkforcePoolOutput) Parent

Immutable. The resource name of the parent. Format: `organizations/{org-id}`.

***

func (WorkforcePoolOutput) SessionDuration

func (o WorkforcePoolOutput) SessionDuration() pulumi.StringPtrOutput

Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".

func (WorkforcePoolOutput) State

Output only. The state of the pool.

func (WorkforcePoolOutput) ToWorkforcePoolOutput

func (o WorkforcePoolOutput) ToWorkforcePoolOutput() WorkforcePoolOutput

func (WorkforcePoolOutput) ToWorkforcePoolOutputWithContext

func (o WorkforcePoolOutput) ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput

func (WorkforcePoolOutput) WorkforcePoolId

func (o WorkforcePoolOutput) WorkforcePoolId() pulumi.StringOutput

The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkforcePoolProvider

type WorkforcePoolProvider struct {
	pulumi.CustomResourceState

	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrOutput `pulumi:"attributeCondition"`
	// Maps attributes from the authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
	//   This is also the subject that appears in Cloud Logging logs. This is a required field and
	//   the mapped subject cannot exceed 127 bytes.
	// * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
	//   resources using an IAM `principalSet` binding; access applies to all members of the group.
	// * `google.display_name`: The name of the authenticated user. This is an optional field and
	//   the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	// * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
	//   This is an optional field. When set, the image will be visible as the user's profile picture.
	//   If not set, a generic user icon will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
	//   is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
	//   The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
	//   to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
	//   For example, the following maps the sub claim of the incoming credential to the `subject` attribute
	//   on a Google token:
	// An object containing a list of `"key": value` pairs.
	// Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The configuration for OAuth 2.0 client used to get the additional user
	// attributes. This should be used when users can't get the desired claims
	// in authentication credentials. Currently this configuration is only
	// supported with OIDC protocol.
	// Structure is documented below.
	ExtraAttributesOauth2Client WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput `pulumi:"extraAttributesOauth2Client"`
	// The location for the resource.
	Location pulumi.StringOutput `pulumi:"location"`
	// Output only. The resource name of the provider.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`
	Name pulumi.StringOutput `pulumi:"name"`
	// Represents an OpenId Connect 1.0 identity provider.
	// Structure is documented below.
	Oidc WorkforcePoolProviderOidcPtrOutput `pulumi:"oidc"`
	// The ID for the provider, which becomes the final component of the resource name.
	// This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	ProviderId pulumi.StringOutput `pulumi:"providerId"`
	// Represents a SAML identity provider.
	// Structure is documented below.
	Saml WorkforcePoolProviderSamlPtrOutput `pulumi:"saml"`
	// The current state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently
	//   deleted after approximately 30 days. You can restore a soft-deleted provider using
	//   [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).
	State pulumi.StringOutput `pulumi:"state"`
	// The ID to use for the pool, which becomes the final component of the resource name.
	// The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.
	// It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringOutput `pulumi:"workforcePoolId"`
}

A configuration for an external identity provider.

To get more information about WorkforcePoolProvider, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers) * How-to Guides

> **Note:** Ask your Google Cloud account team to request access to workforce identity federation for your billing/quota project. The account team notifies you when the project is granted access.

## Example Usage

### Iam Workforce Pool Provider Saml Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Saml: &iam.WorkforcePoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String("<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Saml Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Saml: &iam.WorkforcePoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String("<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>"),
			},
			DisplayName:        pulumi.String("Display name"),
			Description:        pulumi.String("A sample SAML workforce pool provider."),
			Disabled:           pulumi.Bool(false),
			AttributeCondition: pulumi.String("true"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Oidc Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Oidc Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
					AdditionalScopes: pulumi.StringArray{
						pulumi.String("groups"),
						pulumi.String("roles"),
					},
				},
			},
			DisplayName:        pulumi.String("Display name"),
			Description:        pulumi.String("A sample OIDC workforce pool provider."),
			Disabled:           pulumi.Bool(false),
			AttributeCondition: pulumi.String("true"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
				ClientId:  pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
				},
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
			},
			ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
				IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
					Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
			WorkforcePoolId: pulumi.String("example-pool"),
			Parent:          pulumi.String("organizations/123456789"),
			Location:        pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
			WorkforcePoolId: pool.WorkforcePoolId,
			Location:        pool.Location,
			ProviderId:      pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkforcePoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
				ClientId:  pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
					ResponseType:            pulumi.String("CODE"),
					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
				},
			},
			ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
				IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
				ClientId:  pulumi.String("client-id"),
				ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
					Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
						PlainText: pulumi.String("client-secret"),
					},
				},
				AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
				QueryParameters: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{
					Filter: pulumi.String("mail:gcp"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkforcePoolProvider can be imported using any of these accepted formats:

* `locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}`

* `{{location}}/{{workforce_pool_id}}/{{provider_id}}`

When using the `pulumi import` command, WorkforcePoolProvider can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}} ```

```sh $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default {{location}}/{{workforce_pool_id}}/{{provider_id}} ```

func GetWorkforcePoolProvider

func GetWorkforcePoolProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolProviderState, opts ...pulumi.ResourceOption) (*WorkforcePoolProvider, error)

GetWorkforcePoolProvider gets an existing WorkforcePoolProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePoolProvider

func NewWorkforcePoolProvider(ctx *pulumi.Context,
	name string, args *WorkforcePoolProviderArgs, opts ...pulumi.ResourceOption) (*WorkforcePoolProvider, error)

NewWorkforcePoolProvider registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePoolProvider) ElementType

func (*WorkforcePoolProvider) ElementType() reflect.Type

func (*WorkforcePoolProvider) ToWorkforcePoolProviderOutput

func (i *WorkforcePoolProvider) ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput

func (*WorkforcePoolProvider) ToWorkforcePoolProviderOutputWithContext

func (i *WorkforcePoolProvider) ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput

type WorkforcePoolProviderArgs

type WorkforcePoolProviderArgs struct {
	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from the authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
	//   This is also the subject that appears in Cloud Logging logs. This is a required field and
	//   the mapped subject cannot exceed 127 bytes.
	// * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
	//   resources using an IAM `principalSet` binding; access applies to all members of the group.
	// * `google.display_name`: The name of the authenticated user. This is an optional field and
	//   the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	// * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
	//   This is an optional field. When set, the image will be visible as the user's profile picture.
	//   If not set, a generic user icon will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
	//   is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
	//   The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
	//   to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
	//   For example, the following maps the sub claim of the incoming credential to the `subject` attribute
	//   on a Google token:
	// An object containing a list of `"key": value` pairs.
	// Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
	AttributeMapping pulumi.StringMapInput
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The configuration for OAuth 2.0 client used to get the additional user
	// attributes. This should be used when users can't get the desired claims
	// in authentication credentials. Currently this configuration is only
	// supported with OIDC protocol.
	// Structure is documented below.
	ExtraAttributesOauth2Client WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput
	// The location for the resource.
	Location pulumi.StringInput
	// Represents an OpenId Connect 1.0 identity provider.
	// Structure is documented below.
	Oidc WorkforcePoolProviderOidcPtrInput
	// The ID for the provider, which becomes the final component of the resource name.
	// This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	ProviderId pulumi.StringInput
	// Represents a SAML identity provider.
	// Structure is documented below.
	Saml WorkforcePoolProviderSamlPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name.
	// The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.
	// It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringInput
}

The set of arguments for constructing a WorkforcePoolProvider resource.

func (WorkforcePoolProviderArgs) ElementType

func (WorkforcePoolProviderArgs) ElementType() reflect.Type

type WorkforcePoolProviderArray

type WorkforcePoolProviderArray []WorkforcePoolProviderInput

func (WorkforcePoolProviderArray) ElementType

func (WorkforcePoolProviderArray) ElementType() reflect.Type

func (WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutput

func (i WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutput() WorkforcePoolProviderArrayOutput

func (WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutputWithContext

func (i WorkforcePoolProviderArray) ToWorkforcePoolProviderArrayOutputWithContext(ctx context.Context) WorkforcePoolProviderArrayOutput

type WorkforcePoolProviderArrayInput

type WorkforcePoolProviderArrayInput interface {
	pulumi.Input

	ToWorkforcePoolProviderArrayOutput() WorkforcePoolProviderArrayOutput
	ToWorkforcePoolProviderArrayOutputWithContext(context.Context) WorkforcePoolProviderArrayOutput
}

WorkforcePoolProviderArrayInput is an input type that accepts WorkforcePoolProviderArray and WorkforcePoolProviderArrayOutput values. You can construct a concrete instance of `WorkforcePoolProviderArrayInput` via:

WorkforcePoolProviderArray{ WorkforcePoolProviderArgs{...} }

type WorkforcePoolProviderArrayOutput

type WorkforcePoolProviderArrayOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderArrayOutput) ElementType

func (WorkforcePoolProviderArrayOutput) Index

func (WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutput

func (o WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutput() WorkforcePoolProviderArrayOutput

func (WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutputWithContext

func (o WorkforcePoolProviderArrayOutput) ToWorkforcePoolProviderArrayOutputWithContext(ctx context.Context) WorkforcePoolProviderArrayOutput

type WorkforcePoolProviderExtraAttributesOauth2Client

type WorkforcePoolProviderExtraAttributesOauth2Client struct {
	// Represents the IdP and type of claims that should be fetched.
	// * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
	//   in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
	//   See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
	//   'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
	AttributesType string `pulumi:"attributesType"`
	// The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientId string `pulumi:"clientId"`
	// The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientSecret WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret `pulumi:"clientSecret"`
	// The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
	IssuerUri string `pulumi:"issuerUri"`
	// Represents the parameters to control which claims are fetched from an IdP.
	QueryParameters *WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters `pulumi:"queryParameters"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientArgs

type WorkforcePoolProviderExtraAttributesOauth2ClientArgs struct {
	// Represents the IdP and type of claims that should be fetched.
	// * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
	//   in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
	//   See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
	//   'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
	AttributesType pulumi.StringInput `pulumi:"attributesType"`
	// The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientId pulumi.StringInput `pulumi:"clientId"`
	// The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
	ClientSecret WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput `pulumi:"clientSecret"`
	// The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// Represents the parameters to control which claims are fetched from an IdP.
	QueryParameters WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput `pulumi:"queryParameters"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput() WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret struct {
	// The value of the client secret.
	// Structure is documented below.
	Value *WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue `pulumi:"value"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs struct {
	// The value of the client secret.
	// Structure is documented below.
	Value WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput `pulumi:"value"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretInput` via:

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretOutput) Value

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs, WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtr and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrInput` via:

        WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{...}

or:

        nil

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) Elem

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretPtrOutput) Value

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue struct {
	// The plain text of the client secret value.
	PlainText string `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint *string `pulumi:"thumbprint"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs struct {
	// The plain text of the client secret value.
	PlainText pulumi.StringInput `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint pulumi.StringPtrInput `pulumi:"thumbprint"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueInput` via:

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) PlainText

The plain text of the client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) Thumbprint

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs, WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtr and WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrInput` via:

        WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{...}

or:

        nil

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) Elem

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) PlainText

The plain text of the client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) Thumbprint

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValuePtrOutputWithContext

type WorkforcePoolProviderExtraAttributesOauth2ClientInput

type WorkforcePoolProviderExtraAttributesOauth2ClientInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput() WorkforcePoolProviderExtraAttributesOauth2ClientOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientArgs and WorkforcePoolProviderExtraAttributesOauth2ClientOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientInput` via:

WorkforcePoolProviderExtraAttributesOauth2ClientArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) AttributesType

Represents the IdP and type of claims that should be fetched.

  • AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping. See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on 'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ClientId

The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ClientSecret

The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) IssuerUri

The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) QueryParameters

Represents the parameters to control which claims are fetched from an IdP.

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientArgs, WorkforcePoolProviderExtraAttributesOauth2ClientPtr and WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput` via:

        WorkforcePoolProviderExtraAttributesOauth2ClientArgs{...}

or:

        nil

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) AttributesType

Represents the IdP and type of claims that should be fetched.

  • AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping. See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on 'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ClientId

The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ClientSecret

The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) Elem

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) IssuerUri

The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) QueryParameters

Represents the parameters to control which claims are fetched from an IdP.

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters struct {
	// The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
	// filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
	// groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
	Filter *string `pulumi:"filter"`
}

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs struct {
	// The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
	// filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
	// groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
	Filter pulumi.StringPtrInput `pulumi:"filter"`
}

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext

func (i WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs and WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersInput` via:

WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{...}

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) Filter

The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext

func (o WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput() WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput
	ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext(context.Context) WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput
}

WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput is an input type that accepts WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs, WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtr and WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrInput` via:

        WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{...}

or:

        nil

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

type WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) Elem

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ElementType

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) Filter

The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput

func (WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutput) ToWorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersPtrOutputWithContext

type WorkforcePoolProviderInput

type WorkforcePoolProviderInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput
	ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput
}

type WorkforcePoolProviderMap

type WorkforcePoolProviderMap map[string]WorkforcePoolProviderInput

func (WorkforcePoolProviderMap) ElementType

func (WorkforcePoolProviderMap) ElementType() reflect.Type

func (WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutput

func (i WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutput() WorkforcePoolProviderMapOutput

func (WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutputWithContext

func (i WorkforcePoolProviderMap) ToWorkforcePoolProviderMapOutputWithContext(ctx context.Context) WorkforcePoolProviderMapOutput

type WorkforcePoolProviderMapInput

type WorkforcePoolProviderMapInput interface {
	pulumi.Input

	ToWorkforcePoolProviderMapOutput() WorkforcePoolProviderMapOutput
	ToWorkforcePoolProviderMapOutputWithContext(context.Context) WorkforcePoolProviderMapOutput
}

WorkforcePoolProviderMapInput is an input type that accepts WorkforcePoolProviderMap and WorkforcePoolProviderMapOutput values. You can construct a concrete instance of `WorkforcePoolProviderMapInput` via:

WorkforcePoolProviderMap{ "key": WorkforcePoolProviderArgs{...} }

type WorkforcePoolProviderMapOutput

type WorkforcePoolProviderMapOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderMapOutput) ElementType

func (WorkforcePoolProviderMapOutput) MapIndex

func (WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutput

func (o WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutput() WorkforcePoolProviderMapOutput

func (WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutputWithContext

func (o WorkforcePoolProviderMapOutput) ToWorkforcePoolProviderMapOutputWithContext(ctx context.Context) WorkforcePoolProviderMapOutput

type WorkforcePoolProviderOidc

type WorkforcePoolProviderOidc struct {
	// The client ID. Must match the audience claim of the JWT issued by the identity provider.
	ClientId string `pulumi:"clientId"`
	// The optional client secret. Required to enable Authorization Code flow for web sign-in.
	// Structure is documented below.
	ClientSecret *WorkforcePoolProviderOidcClientSecret `pulumi:"clientSecret"`
	// The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson *string `pulumi:"jwksJson"`
	// Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
	// Structure is documented below.
	WebSsoConfig *WorkforcePoolProviderOidcWebSsoConfig `pulumi:"webSsoConfig"`
}

type WorkforcePoolProviderOidcArgs

type WorkforcePoolProviderOidcArgs struct {
	// The client ID. Must match the audience claim of the JWT issued by the identity provider.
	ClientId pulumi.StringInput `pulumi:"clientId"`
	// The optional client secret. Required to enable Authorization Code flow for web sign-in.
	// Structure is documented below.
	ClientSecret WorkforcePoolProviderOidcClientSecretPtrInput `pulumi:"clientSecret"`
	// The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson pulumi.StringPtrInput `pulumi:"jwksJson"`
	// Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
	// Structure is documented below.
	WebSsoConfig WorkforcePoolProviderOidcWebSsoConfigPtrInput `pulumi:"webSsoConfig"`
}

func (WorkforcePoolProviderOidcArgs) ElementType

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutput

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutput() WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutputWithContext

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutput

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutputWithContext

func (i WorkforcePoolProviderOidcArgs) ToWorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcPtrOutput

type WorkforcePoolProviderOidcClientSecret

type WorkforcePoolProviderOidcClientSecret struct {
	// The value of the client secret.
	// Structure is documented below.
	Value *WorkforcePoolProviderOidcClientSecretValue `pulumi:"value"`
}

type WorkforcePoolProviderOidcClientSecretArgs

type WorkforcePoolProviderOidcClientSecretArgs struct {
	// The value of the client secret.
	// Structure is documented below.
	Value WorkforcePoolProviderOidcClientSecretValuePtrInput `pulumi:"value"`
}

func (WorkforcePoolProviderOidcClientSecretArgs) ElementType

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutput

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutput() WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutputWithContext

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutput

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext

func (i WorkforcePoolProviderOidcClientSecretArgs) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput

type WorkforcePoolProviderOidcClientSecretInput

type WorkforcePoolProviderOidcClientSecretInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretOutput() WorkforcePoolProviderOidcClientSecretOutput
	ToWorkforcePoolProviderOidcClientSecretOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretOutput
}

WorkforcePoolProviderOidcClientSecretInput is an input type that accepts WorkforcePoolProviderOidcClientSecretArgs and WorkforcePoolProviderOidcClientSecretOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretInput` via:

WorkforcePoolProviderOidcClientSecretArgs{...}

type WorkforcePoolProviderOidcClientSecretOutput

type WorkforcePoolProviderOidcClientSecretOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretOutput) ElementType

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutput

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutput() WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutputWithContext

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretOutput

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext

func (o WorkforcePoolProviderOidcClientSecretOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretOutput) Value

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderOidcClientSecretPtrInput

type WorkforcePoolProviderOidcClientSecretPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput
	ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput
}

WorkforcePoolProviderOidcClientSecretPtrInput is an input type that accepts WorkforcePoolProviderOidcClientSecretArgs, WorkforcePoolProviderOidcClientSecretPtr and WorkforcePoolProviderOidcClientSecretPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretPtrInput` via:

        WorkforcePoolProviderOidcClientSecretArgs{...}

or:

        nil

type WorkforcePoolProviderOidcClientSecretPtrOutput

type WorkforcePoolProviderOidcClientSecretPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretPtrOutput) Elem

func (WorkforcePoolProviderOidcClientSecretPtrOutput) ElementType

func (WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput

func (o WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutput() WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext

func (o WorkforcePoolProviderOidcClientSecretPtrOutput) ToWorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretPtrOutput

func (WorkforcePoolProviderOidcClientSecretPtrOutput) Value

The value of the client secret. Structure is documented below.

type WorkforcePoolProviderOidcClientSecretValue

type WorkforcePoolProviderOidcClientSecretValue struct {
	// The plain text of the client secret value.
	PlainText string `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint *string `pulumi:"thumbprint"`
}

type WorkforcePoolProviderOidcClientSecretValueArgs

type WorkforcePoolProviderOidcClientSecretValueArgs struct {
	// The plain text of the client secret value.
	PlainText pulumi.StringInput `pulumi:"plainText"`
	// (Output)
	// A thumbprint to represent the current client secret value.
	Thumbprint pulumi.StringPtrInput `pulumi:"thumbprint"`
}

func (WorkforcePoolProviderOidcClientSecretValueArgs) ElementType

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutput

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutput() WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext

func (i WorkforcePoolProviderOidcClientSecretValueArgs) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput

type WorkforcePoolProviderOidcClientSecretValueInput

type WorkforcePoolProviderOidcClientSecretValueInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretValueOutput() WorkforcePoolProviderOidcClientSecretValueOutput
	ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretValueOutput
}

WorkforcePoolProviderOidcClientSecretValueInput is an input type that accepts WorkforcePoolProviderOidcClientSecretValueArgs and WorkforcePoolProviderOidcClientSecretValueOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretValueInput` via:

WorkforcePoolProviderOidcClientSecretValueArgs{...}

type WorkforcePoolProviderOidcClientSecretValueOutput

type WorkforcePoolProviderOidcClientSecretValueOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretValueOutput) ElementType

func (WorkforcePoolProviderOidcClientSecretValueOutput) PlainText

The plain text of the client secret value.

func (WorkforcePoolProviderOidcClientSecretValueOutput) Thumbprint

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutput

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutput() WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValueOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValueOutput

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext

func (o WorkforcePoolProviderOidcClientSecretValueOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput

type WorkforcePoolProviderOidcClientSecretValuePtrInput

type WorkforcePoolProviderOidcClientSecretValuePtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput
	ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput
}

WorkforcePoolProviderOidcClientSecretValuePtrInput is an input type that accepts WorkforcePoolProviderOidcClientSecretValueArgs, WorkforcePoolProviderOidcClientSecretValuePtr and WorkforcePoolProviderOidcClientSecretValuePtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcClientSecretValuePtrInput` via:

        WorkforcePoolProviderOidcClientSecretValueArgs{...}

or:

        nil

type WorkforcePoolProviderOidcClientSecretValuePtrOutput

type WorkforcePoolProviderOidcClientSecretValuePtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) Elem

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) ElementType

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) PlainText

The plain text of the client secret value.

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) Thumbprint

(Output) A thumbprint to represent the current client secret value.

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput

func (o WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutput() WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext

func (o WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToWorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcClientSecretValuePtrOutput

type WorkforcePoolProviderOidcInput

type WorkforcePoolProviderOidcInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcOutput() WorkforcePoolProviderOidcOutput
	ToWorkforcePoolProviderOidcOutputWithContext(context.Context) WorkforcePoolProviderOidcOutput
}

WorkforcePoolProviderOidcInput is an input type that accepts WorkforcePoolProviderOidcArgs and WorkforcePoolProviderOidcOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcInput` via:

WorkforcePoolProviderOidcArgs{...}

type WorkforcePoolProviderOidcOutput

type WorkforcePoolProviderOidcOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcOutput) ClientId

The client ID. Must match the audience claim of the JWT issued by the identity provider.

func (WorkforcePoolProviderOidcOutput) ClientSecret

The optional client secret. Required to enable Authorization Code flow for web sign-in. Structure is documented below.

func (WorkforcePoolProviderOidcOutput) ElementType

func (WorkforcePoolProviderOidcOutput) IssuerUri

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

func (WorkforcePoolProviderOidcOutput) JwksJson

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutput

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutput() WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutputWithContext

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcOutput

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutput

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext

func (o WorkforcePoolProviderOidcOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcOutput) WebSsoConfig

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. Structure is documented below.

type WorkforcePoolProviderOidcPtrInput

type WorkforcePoolProviderOidcPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput
	ToWorkforcePoolProviderOidcPtrOutputWithContext(context.Context) WorkforcePoolProviderOidcPtrOutput
}

WorkforcePoolProviderOidcPtrInput is an input type that accepts WorkforcePoolProviderOidcArgs, WorkforcePoolProviderOidcPtr and WorkforcePoolProviderOidcPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcPtrInput` via:

        WorkforcePoolProviderOidcArgs{...}

or:

        nil

type WorkforcePoolProviderOidcPtrOutput

type WorkforcePoolProviderOidcPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcPtrOutput) ClientId

The client ID. Must match the audience claim of the JWT issued by the identity provider.

func (WorkforcePoolProviderOidcPtrOutput) ClientSecret

The optional client secret. Required to enable Authorization Code flow for web sign-in. Structure is documented below.

func (WorkforcePoolProviderOidcPtrOutput) Elem

func (WorkforcePoolProviderOidcPtrOutput) ElementType

func (WorkforcePoolProviderOidcPtrOutput) IssuerUri

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

func (WorkforcePoolProviderOidcPtrOutput) JwksJson

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutput

func (o WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutput() WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext

func (o WorkforcePoolProviderOidcPtrOutput) ToWorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcPtrOutput

func (WorkforcePoolProviderOidcPtrOutput) WebSsoConfig

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. Structure is documented below.

type WorkforcePoolProviderOidcWebSsoConfig

type WorkforcePoolProviderOidcWebSsoConfig struct {
	// Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
	// Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
	//
	// <a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:
	AdditionalScopes []string `pulumi:"additionalScopes"`
	// The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
	// * MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
	// * ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims.
	//   Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.
	AssertionClaimsBehavior string `pulumi:"assertionClaimsBehavior"`
	// The Response Type to request for in the OIDC Authorization Request for web sign-in.
	// The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.
	// * CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
	// * ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in.
	//   Possible values are: `CODE`, `ID_TOKEN`.
	ResponseType string `pulumi:"responseType"`
}

type WorkforcePoolProviderOidcWebSsoConfigArgs

type WorkforcePoolProviderOidcWebSsoConfigArgs struct {
	// Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
	// Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
	//
	// <a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:
	AdditionalScopes pulumi.StringArrayInput `pulumi:"additionalScopes"`
	// The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
	// * MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
	// * ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims.
	//   Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.
	AssertionClaimsBehavior pulumi.StringInput `pulumi:"assertionClaimsBehavior"`
	// The Response Type to request for in the OIDC Authorization Request for web sign-in.
	// The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.
	// * CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
	// * ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in.
	//   Possible values are: `CODE`, `ID_TOKEN`.
	ResponseType pulumi.StringInput `pulumi:"responseType"`
}

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ElementType

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutput

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutput() WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext

func (i WorkforcePoolProviderOidcWebSsoConfigArgs) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type WorkforcePoolProviderOidcWebSsoConfigInput

type WorkforcePoolProviderOidcWebSsoConfigInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcWebSsoConfigOutput() WorkforcePoolProviderOidcWebSsoConfigOutput
	ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext(context.Context) WorkforcePoolProviderOidcWebSsoConfigOutput
}

WorkforcePoolProviderOidcWebSsoConfigInput is an input type that accepts WorkforcePoolProviderOidcWebSsoConfigArgs and WorkforcePoolProviderOidcWebSsoConfigOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcWebSsoConfigInput` via:

WorkforcePoolProviderOidcWebSsoConfigArgs{...}

type WorkforcePoolProviderOidcWebSsoConfigOutput

type WorkforcePoolProviderOidcWebSsoConfigOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcWebSsoConfigOutput) AdditionalScopes

Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.

<a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:

func (WorkforcePoolProviderOidcWebSsoConfigOutput) AssertionClaimsBehavior

The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

  • MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
  • ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ElementType

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ResponseType

The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

  • CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
  • ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in. Possible values are: `CODE`, `ID_TOKEN`.

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutput

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutput() WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigOutput

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext

func (o WorkforcePoolProviderOidcWebSsoConfigOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type WorkforcePoolProviderOidcWebSsoConfigPtrInput

type WorkforcePoolProviderOidcWebSsoConfigPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput
	ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput
}

WorkforcePoolProviderOidcWebSsoConfigPtrInput is an input type that accepts WorkforcePoolProviderOidcWebSsoConfigArgs, WorkforcePoolProviderOidcWebSsoConfigPtr and WorkforcePoolProviderOidcWebSsoConfigPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderOidcWebSsoConfigPtrInput` via:

        WorkforcePoolProviderOidcWebSsoConfigArgs{...}

or:

        nil

type WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type WorkforcePoolProviderOidcWebSsoConfigPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AdditionalScopes

Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.

<a name="nestedExtraAttributesOauth2Client"></a>The `extraAttributesOauth2Client` block supports:

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AssertionClaimsBehavior

The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

  • MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
  • ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values are: `MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS`, `ONLY_ID_TOKEN_CLAIMS`.

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) Elem

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ElementType

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ResponseType

The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

  • CODE: The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
  • ID_TOKEN: The `response_type=id_token` selection uses the Implicit Flow for web sign-in. Possible values are: `CODE`, `ID_TOKEN`.

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutput() WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext

func (o WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToWorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type WorkforcePoolProviderOutput

type WorkforcePoolProviderOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOutput) AttributeCondition

func (o WorkforcePoolProviderOutput) AttributeCondition() pulumi.StringPtrOutput

A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions:

func (WorkforcePoolProviderOutput) AttributeMapping

func (o WorkforcePoolProviderOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported:

  • `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes.
  • `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group.
  • `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings.
  • `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example:
  • `google.subject`: `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
  • `google.groups`: `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
  • `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language](https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the sub claim of the incoming credential to the `subject` attribute on a Google token:

An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.

func (WorkforcePoolProviderOutput) Description

A user-specified description of the provider. Cannot exceed 256 characters.

func (WorkforcePoolProviderOutput) Disabled

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (WorkforcePoolProviderOutput) DisplayName

A user-specified display name for the provider. Cannot exceed 32 characters.

func (WorkforcePoolProviderOutput) ElementType

func (WorkforcePoolProviderOutput) ExtraAttributesOauth2Client

The configuration for OAuth 2.0 client used to get the additional user attributes. This should be used when users can't get the desired claims in authentication credentials. Currently this configuration is only supported with OIDC protocol. Structure is documented below.

func (WorkforcePoolProviderOutput) Location

The location for the resource.

func (WorkforcePoolProviderOutput) Name

Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`

func (WorkforcePoolProviderOutput) Oidc

Represents an OpenId Connect 1.0 identity provider. Structure is documented below.

func (WorkforcePoolProviderOutput) ProviderId

The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

***

func (WorkforcePoolProviderOutput) Saml

Represents a SAML identity provider. Structure is documented below.

func (WorkforcePoolProviderOutput) State

The current state of the provider.

func (WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutput

func (o WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput

func (WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutputWithContext

func (o WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput

func (WorkforcePoolProviderOutput) WorkforcePoolId

func (o WorkforcePoolProviderOutput) WorkforcePoolId() pulumi.StringOutput

The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkforcePoolProviderSaml

type WorkforcePoolProviderSaml struct {
	// SAML Identity provider configuration metadata xml doc.
	// The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).
	// The max size of the acceptable xml document will be bounded to 128k characters.
	// The metadata xml document should satisfy the following constraints:
	// 1) Must contain an Identity Provider Entity ID.
	// 2) Must contain at least one non-expired signing key certificate.
	// 3) For each signing key:
	//    a) Valid from should be no more than 7 days from now.
	//    b) Valid to should be no more than 10 years in the future.
	// 4) Up to 3 IdP signing keys are allowed in the metadata xml.
	//    When updating the provider's metadata xml, at least one non-expired signing key
	//    must overlap with the existing metadata. This requirement is skipped if there are
	//    no non-expired signing keys present in the existing metadata.
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

type WorkforcePoolProviderSamlArgs

type WorkforcePoolProviderSamlArgs struct {
	// SAML Identity provider configuration metadata xml doc.
	// The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).
	// The max size of the acceptable xml document will be bounded to 128k characters.
	// The metadata xml document should satisfy the following constraints:
	// 1) Must contain an Identity Provider Entity ID.
	// 2) Must contain at least one non-expired signing key certificate.
	// 3) For each signing key:
	//    a) Valid from should be no more than 7 days from now.
	//    b) Valid to should be no more than 10 years in the future.
	// 4) Up to 3 IdP signing keys are allowed in the metadata xml.
	//    When updating the provider's metadata xml, at least one non-expired signing key
	//    must overlap with the existing metadata. This requirement is skipped if there are
	//    no non-expired signing keys present in the existing metadata.
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

func (WorkforcePoolProviderSamlArgs) ElementType

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutput

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutput() WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutputWithContext

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutput

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput

func (WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutputWithContext

func (i WorkforcePoolProviderSamlArgs) ToWorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlPtrOutput

type WorkforcePoolProviderSamlInput

type WorkforcePoolProviderSamlInput interface {
	pulumi.Input

	ToWorkforcePoolProviderSamlOutput() WorkforcePoolProviderSamlOutput
	ToWorkforcePoolProviderSamlOutputWithContext(context.Context) WorkforcePoolProviderSamlOutput
}

WorkforcePoolProviderSamlInput is an input type that accepts WorkforcePoolProviderSamlArgs and WorkforcePoolProviderSamlOutput values. You can construct a concrete instance of `WorkforcePoolProviderSamlInput` via:

WorkforcePoolProviderSamlArgs{...}

type WorkforcePoolProviderSamlOutput

type WorkforcePoolProviderSamlOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderSamlOutput) ElementType

func (WorkforcePoolProviderSamlOutput) IdpMetadataXml

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints:

  1. Must contain an Identity Provider Entity ID.
  2. Must contain at least one non-expired signing key certificate.
  3. For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 10 years in the future.
  4. Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutput

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutput() WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutputWithContext

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlOutput

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutput

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput

func (WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext

func (o WorkforcePoolProviderSamlOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlPtrOutput

type WorkforcePoolProviderSamlPtrInput

type WorkforcePoolProviderSamlPtrInput interface {
	pulumi.Input

	ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput
	ToWorkforcePoolProviderSamlPtrOutputWithContext(context.Context) WorkforcePoolProviderSamlPtrOutput
}

WorkforcePoolProviderSamlPtrInput is an input type that accepts WorkforcePoolProviderSamlArgs, WorkforcePoolProviderSamlPtr and WorkforcePoolProviderSamlPtrOutput values. You can construct a concrete instance of `WorkforcePoolProviderSamlPtrInput` via:

        WorkforcePoolProviderSamlArgs{...}

or:

        nil

type WorkforcePoolProviderSamlPtrOutput

type WorkforcePoolProviderSamlPtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderSamlPtrOutput) Elem

func (WorkforcePoolProviderSamlPtrOutput) ElementType

func (WorkforcePoolProviderSamlPtrOutput) IdpMetadataXml

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints:

  1. Must contain an Identity Provider Entity ID.
  2. Must contain at least one non-expired signing key certificate.
  3. For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 10 years in the future.
  4. Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.

func (WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutput

func (o WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutput() WorkforcePoolProviderSamlPtrOutput

func (WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext

func (o WorkforcePoolProviderSamlPtrOutput) ToWorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkforcePoolProviderSamlPtrOutput

type WorkforcePoolProviderState

type WorkforcePoolProviderState struct {
	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from the authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
	//   This is also the subject that appears in Cloud Logging logs. This is a required field and
	//   the mapped subject cannot exceed 127 bytes.
	// * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
	//   resources using an IAM `principalSet` binding; access applies to all members of the group.
	// * `google.display_name`: The name of the authenticated user. This is an optional field and
	//   the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	// * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
	//   This is an optional field. When set, the image will be visible as the user's profile picture.
	//   If not set, a generic user icon will be displayed instead.
	//   This attribute cannot be referenced in IAM bindings.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
	//   is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
	//   The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
	//   to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
	//   For example, the following maps the sub claim of the incoming credential to the `subject` attribute
	//   on a Google token:
	// An object containing a list of `"key": value` pairs.
	// Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
	AttributeMapping pulumi.StringMapInput
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The configuration for OAuth 2.0 client used to get the additional user
	// attributes. This should be used when users can't get the desired claims
	// in authentication credentials. Currently this configuration is only
	// supported with OIDC protocol.
	// Structure is documented below.
	ExtraAttributesOauth2Client WorkforcePoolProviderExtraAttributesOauth2ClientPtrInput
	// The location for the resource.
	Location pulumi.StringPtrInput
	// Output only. The resource name of the provider.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`
	Name pulumi.StringPtrInput
	// Represents an OpenId Connect 1.0 identity provider.
	// Structure is documented below.
	Oidc WorkforcePoolProviderOidcPtrInput
	// The ID for the provider, which becomes the final component of the resource name.
	// This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	ProviderId pulumi.StringPtrInput
	// Represents a SAML identity provider.
	// Structure is documented below.
	Saml WorkforcePoolProviderSamlPtrInput
	// The current state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently
	//   deleted after approximately 30 days. You can restore a soft-deleted provider using
	//   [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).
	State pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name.
	// The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.
	// It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringPtrInput
}

func (WorkforcePoolProviderState) ElementType

func (WorkforcePoolProviderState) ElementType() reflect.Type

type WorkforcePoolState

type WorkforcePoolState struct {
	// Configure access restrictions on the workforce pool users. This is an optional field. If specified web
	// sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	// Structure is documented below.
	AccessRestrictions WorkforcePoolAccessRestrictionsPtrInput
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
	// or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The location for the resource.
	Location pulumi.StringPtrInput
	// Output only. The resource name of the pool.
	// Format: `locations/{location}/workforcePools/{workforcePoolId}`
	Name pulumi.StringPtrInput
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Duration that the Google Cloud access tokens, console sign-in sessions,
	// and `gcloud` sign-in sessions from this pool are valid.
	// Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
	// If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s).
	// A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".
	SessionDuration pulumi.StringPtrInput
	// Output only. The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted pool using
	//   [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).
	//   You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.
	//   While a pool is deleted, you cannot use it to exchange tokens, or use
	//   existing tokens to access resources. If the pool is undeleted, existing
	//   tokens grant access again.
	State pulumi.StringPtrInput
	// The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
	// digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
	// The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringPtrInput
}

func (WorkforcePoolState) ElementType

func (WorkforcePoolState) ElementType() reflect.Type

type WorkloadIdentityPool

type WorkloadIdentityPool struct {
	pulumi.CustomResourceState

	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The resource name of the pool as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
	//   approximately 30 days. You can restore a soft-deleted pool using
	//   UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
	//   permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
	//   use existing tokens to access resources. If the pool is undeleted, existing tokens grant
	//   access again.
	State pulumi.StringOutput `pulumi:"state"`
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
}

Represents a collection of external workload identities. You can define IAM policies to grant these identities access to Google Cloud resources.

To get more information about WorkloadIdentityPool, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools) * How-to Guides

## Example Usage

### Iam Workload Identity Pool Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
			DisplayName:            pulumi.String("Name of pool"),
			Description:            pulumi.String("Identity pool for automated test"),
			Disabled:               pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkloadIdentityPool can be imported using any of these accepted formats:

* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}`

* `{{project}}/{{workload_identity_pool_id}}`

* `{{workload_identity_pool_id}}`

When using the `pulumi import` command, WorkloadIdentityPool can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{project}}/{{workload_identity_pool_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{workload_identity_pool_id}} ```

func GetWorkloadIdentityPool

func GetWorkloadIdentityPool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

GetWorkloadIdentityPool gets an existing WorkloadIdentityPool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPool

func NewWorkloadIdentityPool(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

NewWorkloadIdentityPool registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPool) ElementType

func (*WorkloadIdentityPool) ElementType() reflect.Type

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutput

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

type WorkloadIdentityPoolArgs

type WorkloadIdentityPoolArgs struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringInput
}

The set of arguments for constructing a WorkloadIdentityPool resource.

func (WorkloadIdentityPoolArgs) ElementType

func (WorkloadIdentityPoolArgs) ElementType() reflect.Type

type WorkloadIdentityPoolArray

type WorkloadIdentityPoolArray []WorkloadIdentityPoolInput

func (WorkloadIdentityPoolArray) ElementType

func (WorkloadIdentityPoolArray) ElementType() reflect.Type

func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput

func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput

func (WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext

func (i WorkloadIdentityPoolArray) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolArrayInput

type WorkloadIdentityPoolArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput
	ToWorkloadIdentityPoolArrayOutputWithContext(context.Context) WorkloadIdentityPoolArrayOutput
}

WorkloadIdentityPoolArrayInput is an input type that accepts WorkloadIdentityPoolArray and WorkloadIdentityPoolArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolArrayInput` via:

WorkloadIdentityPoolArray{ WorkloadIdentityPoolArgs{...} }

type WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolArrayOutput) ElementType

func (WorkloadIdentityPoolArrayOutput) Index

func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput

func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutput() WorkloadIdentityPoolArrayOutput

func (WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext

func (o WorkloadIdentityPoolArrayOutput) ToWorkloadIdentityPoolArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolArrayOutput

type WorkloadIdentityPoolInput

type WorkloadIdentityPoolInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
	ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
}

type WorkloadIdentityPoolMap

type WorkloadIdentityPoolMap map[string]WorkloadIdentityPoolInput

func (WorkloadIdentityPoolMap) ElementType

func (WorkloadIdentityPoolMap) ElementType() reflect.Type

func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput

func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput

func (WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext

func (i WorkloadIdentityPoolMap) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolMapInput

type WorkloadIdentityPoolMapInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput
	ToWorkloadIdentityPoolMapOutputWithContext(context.Context) WorkloadIdentityPoolMapOutput
}

WorkloadIdentityPoolMapInput is an input type that accepts WorkloadIdentityPoolMap and WorkloadIdentityPoolMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolMapInput` via:

WorkloadIdentityPoolMap{ "key": WorkloadIdentityPoolArgs{...} }

type WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolMapOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolMapOutput) ElementType

func (WorkloadIdentityPoolMapOutput) MapIndex

func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput

func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutput() WorkloadIdentityPoolMapOutput

func (WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext

func (o WorkloadIdentityPoolMapOutput) ToWorkloadIdentityPoolMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolMapOutput

type WorkloadIdentityPoolOutput

type WorkloadIdentityPoolOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolOutput) Description

A description of the pool. Cannot exceed 256 characters.

func (WorkloadIdentityPoolOutput) Disabled

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) DisplayName

A display name for the pool. Cannot exceed 32 characters.

func (WorkloadIdentityPoolOutput) ElementType

func (WorkloadIdentityPoolOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolOutput) Name

The resource name of the pool as `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.

func (WorkloadIdentityPoolOutput) Project

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (WorkloadIdentityPoolOutput) State

The state of the pool.

  • STATE_UNSPECIFIED: State unspecified.
  • ACTIVE: The pool is active, and may be used in Google Cloud policies.
  • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) WorkloadIdentityPoolId

func (o WorkloadIdentityPoolOutput) WorkloadIdentityPoolId() pulumi.StringOutput

The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

***

type WorkloadIdentityPoolProvider

type WorkloadIdentityPoolProvider struct {
	pulumi.CustomResourceState

	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrOutput `pulumi:"attributeCondition"`
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrOutput `pulumi:"aws"`
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The resource name of the provider as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`.
	Name pulumi.StringOutput `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrOutput `pulumi:"oidc"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	Saml WorkloadIdentityPoolProviderSamlPtrOutput `pulumi:"saml"`
	// The state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active, and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted provider using
	//   UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider
	//   until it is permanently deleted.
	State pulumi.StringOutput `pulumi:"state"`
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringOutput `pulumi:"workloadIdentityPoolProviderId"`
	// An X.509-type identity provider represents a CA. It is trusted to assert a
	// client identity if the client has a certificate that chains up to this CA.
	// Structure is documented below.
	X509 WorkloadIdentityPoolProviderX509PtrOutput `pulumi:"x509"`
}

A configuration for an external identity provider.

To get more information about WorkloadIdentityPoolProvider, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers) * How-to Guides

## Example Usage

### Iam Workload Identity Pool Provider Aws Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{
				AccountId: pulumi.String("999999999999"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Aws Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("AWS identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("attribute.aws_role==\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\""),
			AttributeMapping: pulumi.StringMap{
				"google.subject":        pulumi.String("assertion.arn"),
				"attribute.aws_account": pulumi.String("assertion.account"),
				"attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""),
			},
			Aws: &iam.WorkloadIdentityPoolProviderAwsArgs{
				AccountId: pulumi.String("999999999999"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.sub"),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("OIDC identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"),
			AttributeMapping: pulumi.StringMap{
				"google.subject":                  pulumi.String("\"azure::\" + assertion.tid + \"::\" + assertion.sub"),
				"attribute.tid":                   pulumi.String("assertion.tid"),
				"attribute.managed_identity_name": pulumi.String("      {\n        \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n        \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n      }[assertion.oid]\n"),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				AllowedAudiences: pulumi.StringArray{
					pulumi.String("https://example.com/gcp-oidc-federation"),
					pulumi.String("example.com/gcp-oidc-federation"),
				},
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Saml Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/metadata.xml",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject":        pulumi.String("assertion.arn"),
				"attribute.aws_account": pulumi.String("assertion.account"),
				"attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""),
			},
			Saml: &iam.WorkloadIdentityPoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String(invokeFile.Result),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Saml Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/metadata.xml",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("SAML 2.0 identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeMapping: pulumi.StringMap{
				"google.subject":        pulumi.String("assertion.arn"),
				"attribute.aws_account": pulumi.String("assertion.account"),
				"attribute.environment": pulumi.String("assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\""),
			},
			Saml: &iam.WorkloadIdentityPoolProviderSamlArgs{
				IdpMetadataXml: pulumi.String(invokeFile.Result),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider Oidc Upload Key

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("OIDC identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeCondition:             pulumi.String("\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"),
			AttributeMapping: pulumi.StringMap{
				"google.subject":                  pulumi.String("\"azure::\" + assertion.tid + \"::\" + assertion.sub"),
				"attribute.tid":                   pulumi.String("assertion.tid"),
				"attribute.managed_identity_name": pulumi.String("      {\n        \"8bb39bdb-1cc5-4447-b7db-a19e920eb111\":\"workload1\",\n        \"55d36609-9bcf-48e0-a366-a3cf19027d2a\":\"workload2\"\n      }[assertion.oid]\n"),
			},
			Oidc: &iam.WorkloadIdentityPoolProviderOidcArgs{
				AllowedAudiences: pulumi.StringArray{
					pulumi.String("https://example.com/gcp-oidc-federation"),
					pulumi.String("example.com/gcp-oidc-federation"),
				},
				IssuerUri: pulumi.String("https://sts.windows.net/azure-tenant-id"),
				JwksJson:  pulumi.String("{\"keys\":[{\"kty\":\"RSA\",\"alg\":\"RS256\",\"kid\":\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\",\"use\":\"sig\",\"e\":\"AQAB\",\"n\":\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\"}]}"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider X509 Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/trust_anchor.pem",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.subject.dn.cn"),
			},
			X509: &iam.WorkloadIdentityPoolProviderX509Args{
				TrustStore: &iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{
					TrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{
						&iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{
							PemCertificate: pulumi.String(invokeFile.Result),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Iam Workload Identity Pool Provider X509 Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := iam.NewWorkloadIdentityPool(ctx, "pool", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/trust_anchor.pem",
		}, nil)
		if err != nil {
			return err
		}
		invokeFile1, err := std.File(ctx, &std.FileArgs{
			Input: "test-fixtures/intermediate_ca.pem",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewWorkloadIdentityPoolProvider(ctx, "example", &iam.WorkloadIdentityPoolProviderArgs{
			WorkloadIdentityPoolId:         pool.WorkloadIdentityPoolId,
			WorkloadIdentityPoolProviderId: pulumi.String("example-prvdr"),
			DisplayName:                    pulumi.String("Name of provider"),
			Description:                    pulumi.String("X.509 identity pool provider for automated test"),
			Disabled:                       pulumi.Bool(true),
			AttributeMapping: pulumi.StringMap{
				"google.subject": pulumi.String("assertion.subject.dn.cn"),
			},
			X509: &iam.WorkloadIdentityPoolProviderX509Args{
				TrustStore: &iam.WorkloadIdentityPoolProviderX509TrustStoreArgs{
					TrustAnchors: iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{
						&iam.WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{
							PemCertificate: pulumi.String(invokeFile.Result),
						},
					},
					IntermediateCas: iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{
						&iam.WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{
							PemCertificate: pulumi.String(invokeFile1.Result),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

WorkloadIdentityPoolProvider can be imported using any of these accepted formats:

* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}`

* `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`

* `{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}`

When using the `pulumi import` command, WorkloadIdentityPoolProvider can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}} ```

```sh $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}} ```

func GetWorkloadIdentityPoolProvider

func GetWorkloadIdentityPoolProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolProviderState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)

GetWorkloadIdentityPoolProvider gets an existing WorkloadIdentityPoolProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPoolProvider

func NewWorkloadIdentityPoolProvider(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolProviderArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolProvider, error)

NewWorkloadIdentityPoolProvider registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPoolProvider) ElementType

func (*WorkloadIdentityPoolProvider) ElementType() reflect.Type

func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput

func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput

func (*WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext

func (i *WorkloadIdentityPoolProvider) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput

type WorkloadIdentityPoolProviderArgs

type WorkloadIdentityPoolProviderArgs struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	Saml WorkloadIdentityPoolProviderSamlPtrInput
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringInput
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringInput
	// An X.509-type identity provider represents a CA. It is trusted to assert a
	// client identity if the client has a certificate that chains up to this CA.
	// Structure is documented below.
	X509 WorkloadIdentityPoolProviderX509PtrInput
}

The set of arguments for constructing a WorkloadIdentityPoolProvider resource.

func (WorkloadIdentityPoolProviderArgs) ElementType

type WorkloadIdentityPoolProviderArray

type WorkloadIdentityPoolProviderArray []WorkloadIdentityPoolProviderInput

func (WorkloadIdentityPoolProviderArray) ElementType

func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput

func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput

func (WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext

func (i WorkloadIdentityPoolProviderArray) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderArrayInput

type WorkloadIdentityPoolProviderArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput
	ToWorkloadIdentityPoolProviderArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderArrayOutput
}

WorkloadIdentityPoolProviderArrayInput is an input type that accepts WorkloadIdentityPoolProviderArray and WorkloadIdentityPoolProviderArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderArrayInput` via:

WorkloadIdentityPoolProviderArray{ WorkloadIdentityPoolProviderArgs{...} }

type WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderArrayOutput) ElementType

func (WorkloadIdentityPoolProviderArrayOutput) Index

func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput

func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutput() WorkloadIdentityPoolProviderArrayOutput

func (WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext

func (o WorkloadIdentityPoolProviderArrayOutput) ToWorkloadIdentityPoolProviderArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderArrayOutput

type WorkloadIdentityPoolProviderAws

type WorkloadIdentityPoolProviderAws struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

type WorkloadIdentityPoolProviderAwsArgs

type WorkloadIdentityPoolProviderAwsArgs struct {
	// The AWS account ID.
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

func (WorkloadIdentityPoolProviderAwsArgs) ElementType

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext

func (i WorkloadIdentityPoolProviderAwsArgs) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsInput

type WorkloadIdentityPoolProviderAwsInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput
	ToWorkloadIdentityPoolProviderAwsOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsOutput
}

WorkloadIdentityPoolProviderAwsInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs and WorkloadIdentityPoolProviderAwsOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsInput` via:

WorkloadIdentityPoolProviderAwsArgs{...}

type WorkloadIdentityPoolProviderAwsOutput

type WorkloadIdentityPoolProviderAwsOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderAwsOutput) AccountId

The AWS account ID.

func (WorkloadIdentityPoolProviderAwsOutput) ElementType

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutput() WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext

func (o WorkloadIdentityPoolProviderAwsOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsPtrInput

type WorkloadIdentityPoolProviderAwsPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput
	ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderAwsPtrOutput
}

WorkloadIdentityPoolProviderAwsPtrInput is an input type that accepts WorkloadIdentityPoolProviderAwsArgs, WorkloadIdentityPoolProviderAwsPtr and WorkloadIdentityPoolProviderAwsPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderAwsPtrInput` via:

        WorkloadIdentityPoolProviderAwsArgs{...}

or:

        nil

type WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderAwsPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderAwsPtrOutput) AccountId

The AWS account ID.

func (WorkloadIdentityPoolProviderAwsPtrOutput) Elem

func (WorkloadIdentityPoolProviderAwsPtrOutput) ElementType

func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput

func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutput() WorkloadIdentityPoolProviderAwsPtrOutput

func (WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext

func (o WorkloadIdentityPoolProviderAwsPtrOutput) ToWorkloadIdentityPoolProviderAwsPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderAwsPtrOutput

type WorkloadIdentityPoolProviderInput

type WorkloadIdentityPoolProviderInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput
	ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput
}

type WorkloadIdentityPoolProviderMap

type WorkloadIdentityPoolProviderMap map[string]WorkloadIdentityPoolProviderInput

func (WorkloadIdentityPoolProviderMap) ElementType

func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput

func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput

func (WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext

func (i WorkloadIdentityPoolProviderMap) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderMapInput

type WorkloadIdentityPoolProviderMapInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput
	ToWorkloadIdentityPoolProviderMapOutputWithContext(context.Context) WorkloadIdentityPoolProviderMapOutput
}

WorkloadIdentityPoolProviderMapInput is an input type that accepts WorkloadIdentityPoolProviderMap and WorkloadIdentityPoolProviderMapOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderMapInput` via:

WorkloadIdentityPoolProviderMap{ "key": WorkloadIdentityPoolProviderArgs{...} }

type WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderMapOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderMapOutput) ElementType

func (WorkloadIdentityPoolProviderMapOutput) MapIndex

func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput

func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutput() WorkloadIdentityPoolProviderMapOutput

func (WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext

func (o WorkloadIdentityPoolProviderMapOutput) ToWorkloadIdentityPoolProviderMapOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderMapOutput

type WorkloadIdentityPoolProviderOidc

type WorkloadIdentityPoolProviderOidc struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson *string `pulumi:"jwksJson"`
}

type WorkloadIdentityPoolProviderOidcArgs

type WorkloadIdentityPoolProviderOidcArgs struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	// The OIDC issuer URL.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the `jwksUri` from the discovery document fetched from the
	// .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJson pulumi.StringPtrInput `pulumi:"jwksJson"`
}

func (WorkloadIdentityPoolProviderOidcArgs) ElementType

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext

func (i WorkloadIdentityPoolProviderOidcArgs) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcInput

type WorkloadIdentityPoolProviderOidcInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput
	ToWorkloadIdentityPoolProviderOidcOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcOutput
}

WorkloadIdentityPoolProviderOidcInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs and WorkloadIdentityPoolProviderOidcOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcInput` via:

WorkloadIdentityPoolProviderOidcArgs{...}

type WorkloadIdentityPoolProviderOidcOutput

type WorkloadIdentityPoolProviderOidcOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOidcOutput) AllowedAudiences

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example:

func (WorkloadIdentityPoolProviderOidcOutput) ElementType

func (WorkloadIdentityPoolProviderOidcOutput) IssuerUri

The OIDC issuer URL.

func (WorkloadIdentityPoolProviderOidcOutput) JwksJson

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutput() WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext

func (o WorkloadIdentityPoolProviderOidcOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcPtrInput

type WorkloadIdentityPoolProviderOidcPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput
	ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderOidcPtrOutput
}

WorkloadIdentityPoolProviderOidcPtrInput is an input type that accepts WorkloadIdentityPoolProviderOidcArgs, WorkloadIdentityPoolProviderOidcPtr and WorkloadIdentityPoolProviderOidcPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderOidcPtrInput` via:

        WorkloadIdentityPoolProviderOidcArgs{...}

or:

        nil

type WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOidcPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOidcPtrOutput) AllowedAudiences

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example:

func (WorkloadIdentityPoolProviderOidcPtrOutput) Elem

func (WorkloadIdentityPoolProviderOidcPtrOutput) ElementType

func (WorkloadIdentityPoolProviderOidcPtrOutput) IssuerUri

The OIDC issuer URL.

func (WorkloadIdentityPoolProviderOidcPtrOutput) JwksJson

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwksUri` from the discovery document fetched from the .well-known path for the `issuerUri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput

func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutput() WorkloadIdentityPoolProviderOidcPtrOutput

func (WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext

func (o WorkloadIdentityPoolProviderOidcPtrOutput) ToWorkloadIdentityPoolProviderOidcPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOidcPtrOutput

type WorkloadIdentityPoolProviderOutput

type WorkloadIdentityPoolProviderOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderOutput) AttributeCondition

[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions:

func (WorkloadIdentityPoolProviderOutput) AttributeMapping

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported:

  • `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters.
  • `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example:
  • `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
  • `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
  • `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language](https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, the following rules apply:
  • If no attribute mapping is defined, the following default mapping applies:
  • If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, the following rules apply:
  • Custom attribute mappings must be defined, and must include a mapping to the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token.

func (WorkloadIdentityPoolProviderOutput) Aws

An Amazon Web Services identity provider. Not compatible with the property oidc or saml. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) Description

A description for the provider. Cannot exceed 256 characters.

func (WorkloadIdentityPoolProviderOutput) Disabled

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (WorkloadIdentityPoolProviderOutput) DisplayName

A display name for the provider. Cannot exceed 32 characters.

func (WorkloadIdentityPoolProviderOutput) ElementType

func (WorkloadIdentityPoolProviderOutput) Name

The resource name of the provider as `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`.

func (WorkloadIdentityPoolProviderOutput) Oidc

An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) Project

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (WorkloadIdentityPoolProviderOutput) Saml

An SAML 2.0 identity provider. Not compatible with the property oidc or aws. Structure is documented below.

func (WorkloadIdentityPoolProviderOutput) State

The state of the provider.

  • STATE_UNSPECIFIED: State unspecified.
  • ACTIVE: The provider is active, and may be used to validate authentication credentials.
  • DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted after approximately 30 days. You can restore a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider until it is permanently deleted.

func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput

func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutput() WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext

func (o WorkloadIdentityPoolProviderOutput) ToWorkloadIdentityPoolProviderOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderOutput

func (WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolId

func (o WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolId() pulumi.StringOutput

The ID used for the pool, which is the final component of the pool resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

func (WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolProviderId

func (o WorkloadIdentityPoolProviderOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

***

func (WorkloadIdentityPoolProviderOutput) X509 added in v8.1.0

An X.509-type identity provider represents a CA. It is trusted to assert a client identity if the client has a certificate that chains up to this CA. Structure is documented below.

type WorkloadIdentityPoolProviderSaml

type WorkloadIdentityPoolProviderSaml struct {
	// SAML Identity provider configuration metadata xml doc.
	//
	// <a name="nestedX509"></a>The `x509` block supports:
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

type WorkloadIdentityPoolProviderSamlArgs

type WorkloadIdentityPoolProviderSamlArgs struct {
	// SAML Identity provider configuration metadata xml doc.
	//
	// <a name="nestedX509"></a>The `x509` block supports:
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

func (WorkloadIdentityPoolProviderSamlArgs) ElementType

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutput

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutput() WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutputWithContext

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutput

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput

func (WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext

func (i WorkloadIdentityPoolProviderSamlArgs) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlPtrOutput

type WorkloadIdentityPoolProviderSamlInput

type WorkloadIdentityPoolProviderSamlInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderSamlOutput() WorkloadIdentityPoolProviderSamlOutput
	ToWorkloadIdentityPoolProviderSamlOutputWithContext(context.Context) WorkloadIdentityPoolProviderSamlOutput
}

WorkloadIdentityPoolProviderSamlInput is an input type that accepts WorkloadIdentityPoolProviderSamlArgs and WorkloadIdentityPoolProviderSamlOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderSamlInput` via:

WorkloadIdentityPoolProviderSamlArgs{...}

type WorkloadIdentityPoolProviderSamlOutput

type WorkloadIdentityPoolProviderSamlOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderSamlOutput) ElementType

func (WorkloadIdentityPoolProviderSamlOutput) IdpMetadataXml

SAML Identity provider configuration metadata xml doc.

<a name="nestedX509"></a>The `x509` block supports:

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutput

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutput() WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutputWithContext

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlOutput

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput

func (WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext

func (o WorkloadIdentityPoolProviderSamlOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlPtrOutput

type WorkloadIdentityPoolProviderSamlPtrInput

type WorkloadIdentityPoolProviderSamlPtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput
	ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderSamlPtrOutput
}

WorkloadIdentityPoolProviderSamlPtrInput is an input type that accepts WorkloadIdentityPoolProviderSamlArgs, WorkloadIdentityPoolProviderSamlPtr and WorkloadIdentityPoolProviderSamlPtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderSamlPtrInput` via:

        WorkloadIdentityPoolProviderSamlArgs{...}

or:

        nil

type WorkloadIdentityPoolProviderSamlPtrOutput

type WorkloadIdentityPoolProviderSamlPtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderSamlPtrOutput) Elem

func (WorkloadIdentityPoolProviderSamlPtrOutput) ElementType

func (WorkloadIdentityPoolProviderSamlPtrOutput) IdpMetadataXml

SAML Identity provider configuration metadata xml doc.

<a name="nestedX509"></a>The `x509` block supports:

func (WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput

func (o WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutput() WorkloadIdentityPoolProviderSamlPtrOutput

func (WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext

func (o WorkloadIdentityPoolProviderSamlPtrOutput) ToWorkloadIdentityPoolProviderSamlPtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderSamlPtrOutput

type WorkloadIdentityPoolProviderState

type WorkloadIdentityPoolProviderState struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as `subject` and `segment`.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// * `google.subject`: The principal IAM is authenticating. You can reference this value
	//   in IAM bindings. This is also the subject that appears in Cloud Logging logs.
	//   Cannot exceed 127 characters.
	// * `google.groups`: Groups the external identity belongs to. You can grant groups
	//   access to resources using an IAM `principalSet` binding; access applies to all
	//   members of the group.
	//   You can also provide custom attributes by specifying `attribute.{custom_attribute}`,
	//   where `{custom_attribute}` is the name of the custom attribute to be mapped. You can
	//   define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
	//   is 100 characters, and the key may only contain the characters [a-z0-9_].
	//   You can reference these attributes in IAM policies to define fine-grained access for a
	//   workload to Google Cloud resources. For example:
	// * `google.subject`:
	//   `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}`
	// * `google.groups`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}`
	// * `attribute.{custom_attribute}`:
	//   `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}`
	//   Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
	//   function that maps an identity provider credential to the normalized attribute specified
	//   by the corresponding map key.
	//   You can use the `assertion` keyword in the expression to access a JSON representation of
	//   the authentication credential issued by the provider.
	//   The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
	//   the total size of all mapped attributes must not exceed 8KB.
	//   For AWS providers, the following rules apply:
	// - If no attribute mapping is defined, the following default mapping applies:
	// - If any custom attribute mappings are defined, they must include a mapping to the
	//   `google.subject` attribute.
	//   For OIDC providers, the following rules apply:
	// - Custom attribute mappings must be defined, and must include a mapping to the
	//   `google.subject` attribute. For example, the following maps the `sub` claim of the
	//   incoming credential to the `subject` attribute on a Google token.
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws WorkloadIdentityPoolProviderAwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The resource name of the provider as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`.
	Name pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc WorkloadIdentityPoolProviderOidcPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	Saml WorkloadIdentityPoolProviderSamlPtrInput
	// The state of the provider.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The provider is active, and may be used to validate authentication credentials.
	// * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted
	//   after approximately 30 days. You can restore a soft-deleted provider using
	//   UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider
	//   until it is permanently deleted.
	State pulumi.StringPtrInput
	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringPtrInput
	// The ID for the provider, which becomes the final component of the resource name. This
	// value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolProviderId pulumi.StringPtrInput
	// An X.509-type identity provider represents a CA. It is trusted to assert a
	// client identity if the client has a certificate that chains up to this CA.
	// Structure is documented below.
	X509 WorkloadIdentityPoolProviderX509PtrInput
}

func (WorkloadIdentityPoolProviderState) ElementType

type WorkloadIdentityPoolProviderX509 added in v8.1.0

type WorkloadIdentityPoolProviderX509 struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStore WorkloadIdentityPoolProviderX509TrustStore `pulumi:"trustStore"`
}

type WorkloadIdentityPoolProviderX509Args added in v8.1.0

type WorkloadIdentityPoolProviderX509Args struct {
	// A Trust store, use this trust store as a wrapper to config the trust
	// anchor and optional intermediate cas to help build the trust chain for
	// the incoming end entity certificate. Follow the x509 guidelines to
	// define those PEM encoded certs. Only 1 trust store is currently
	// supported.
	TrustStore WorkloadIdentityPoolProviderX509TrustStoreInput `pulumi:"trustStore"`
}

func (WorkloadIdentityPoolProviderX509Args) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509Output added in v8.1.0

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509Output() WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509Args) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509PtrOutput

type WorkloadIdentityPoolProviderX509Input added in v8.1.0

type WorkloadIdentityPoolProviderX509Input interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509Output() WorkloadIdentityPoolProviderX509Output
	ToWorkloadIdentityPoolProviderX509OutputWithContext(context.Context) WorkloadIdentityPoolProviderX509Output
}

WorkloadIdentityPoolProviderX509Input is an input type that accepts WorkloadIdentityPoolProviderX509Args and WorkloadIdentityPoolProviderX509Output values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509Input` via:

WorkloadIdentityPoolProviderX509Args{...}

type WorkloadIdentityPoolProviderX509Output added in v8.1.0

type WorkloadIdentityPoolProviderX509Output struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509Output) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509Output added in v8.1.0

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509Output() WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509OutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509OutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509Output

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509Output) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509Output) TrustStore added in v8.1.0

A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.

type WorkloadIdentityPoolProviderX509PtrInput added in v8.1.0

type WorkloadIdentityPoolProviderX509PtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput
	ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509PtrOutput
}

WorkloadIdentityPoolProviderX509PtrInput is an input type that accepts WorkloadIdentityPoolProviderX509Args, WorkloadIdentityPoolProviderX509Ptr and WorkloadIdentityPoolProviderX509PtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509PtrInput` via:

        WorkloadIdentityPoolProviderX509Args{...}

or:

        nil

type WorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0

type WorkloadIdentityPoolProviderX509PtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509PtrOutput) Elem added in v8.1.0

func (WorkloadIdentityPoolProviderX509PtrOutput) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutput added in v8.1.0

func (o WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutput() WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509PtrOutput) ToWorkloadIdentityPoolProviderX509PtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509PtrOutput

func (WorkloadIdentityPoolProviderX509PtrOutput) TrustStore added in v8.1.0

A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.

type WorkloadIdentityPoolProviderX509TrustStore added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStore struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	// Structure is documented below.
	IntermediateCas []WorkloadIdentityPoolProviderX509TrustStoreIntermediateCa `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	// Structure is documented below.
	TrustAnchors []WorkloadIdentityPoolProviderX509TrustStoreTrustAnchor `pulumi:"trustAnchors"`
}

type WorkloadIdentityPoolProviderX509TrustStoreArgs added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreArgs struct {
	// Set of intermediate CA certificates used for building the trust chain to
	// trust anchor.
	// IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
	// Structure is documented below.
	IntermediateCas WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput `pulumi:"intermediateCas"`
	// List of Trust Anchors to be used while performing validation
	// against a given TrustStore. The incoming end entity's certificate
	// must be chained up to one of the trust anchors here.
	// Structure is documented below.
	TrustAnchors WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput `pulumi:"trustAnchors"`
}

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutput() WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreArgs) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput

type WorkloadIdentityPoolProviderX509TrustStoreInput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreOutput() WorkloadIdentityPoolProviderX509TrustStoreOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreOutput
}

WorkloadIdentityPoolProviderX509TrustStoreInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreArgs and WorkloadIdentityPoolProviderX509TrustStoreOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreInput` via:

WorkloadIdentityPoolProviderX509TrustStoreArgs{...}

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCa added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCa struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate *string `pulumi:"pemCertificate"`
}

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringPtrInput `pulumi:"pemCertificate"`
}

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray []WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput
}

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray and WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayInput` via:

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArray{ WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...} }

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) Index added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput() WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput
}

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs and WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaInput` via:

WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaArgs{...}

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) PemCertificate added in v8.1.0

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput) ToWorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreIntermediateCaOutput

type WorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) IntermediateCas added in v8.1.0

Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. Structure is documented below.

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutput added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutput() WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStoreOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStoreOutput) TrustAnchors added in v8.1.0

List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here. Structure is documented below.

type WorkloadIdentityPoolProviderX509TrustStorePtrInput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStorePtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput
	ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput
}

WorkloadIdentityPoolProviderX509TrustStorePtrInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreArgs, WorkloadIdentityPoolProviderX509TrustStorePtr and WorkloadIdentityPoolProviderX509TrustStorePtrOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStorePtrInput` via:

        WorkloadIdentityPoolProviderX509TrustStoreArgs{...}

or:

        nil

type WorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStorePtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) Elem added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) IntermediateCas added in v8.1.0

Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. Structure is documented below.

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutput() WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStorePtrOutput) ToWorkloadIdentityPoolProviderX509TrustStorePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStorePtrOutput

func (WorkloadIdentityPoolProviderX509TrustStorePtrOutput) TrustAnchors added in v8.1.0

List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here. Structure is documented below.

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchor added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchor struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate *string `pulumi:"pemCertificate"`
}

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs struct {
	// PEM certificate of the PKI used for validation. Must only contain one
	// ca certificate(either root or intermediate cert).
	PemCertificate pulumi.StringPtrInput `pulumi:"pemCertificate"`
}

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray []WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0

func (i WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput
}

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray and WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayInput` via:

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArray{ WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...} }

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) Index added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArrayOutput

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput() WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
	ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput
}

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput is an input type that accepts WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs and WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput values. You can construct a concrete instance of `WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorInput` via:

WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorArgs{...}

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0

type WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ElementType added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) PemCertificate added in v8.1.0

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput added in v8.1.0

func (WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext added in v8.1.0

func (o WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput) ToWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutputWithContext(ctx context.Context) WorkloadIdentityPoolProviderX509TrustStoreTrustAnchorOutput

type WorkloadIdentityPoolState

type WorkloadIdentityPoolState struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use
	// existing tokens to access resources. If the pool is re-enabled, existing tokens grant
	// access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	// The resource name of the pool as
	// `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The state of the pool.
	// * STATE_UNSPECIFIED: State unspecified.
	// * ACTIVE: The pool is active, and may be used in Google Cloud policies.
	// * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
	//   approximately 30 days. You can restore a soft-deleted pool using
	//   UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
	//   permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
	//   use existing tokens to access resources. If the pool is undeleted, existing tokens grant
	//   access again.
	State pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// `gcp-` is reserved for use by Google, and may not be specified.
	//
	// ***
	WorkloadIdentityPoolId pulumi.StringPtrInput
}

func (WorkloadIdentityPoolState) ElementType

func (WorkloadIdentityPoolState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL