v1

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2023 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// Default case. Should never be this.
	AuditLogConfigLogTypeLogTypeUnspecified = AuditLogConfigLogType("LOG_TYPE_UNSPECIFIED")
	// Admin reads. Example: CloudIAM getIamPolicy
	AuditLogConfigLogTypeAdminRead = AuditLogConfigLogType("ADMIN_READ")
	// Data writes. Example: CloudSQL Users create
	AuditLogConfigLogTypeDataWrite = AuditLogConfigLogType("DATA_WRITE")
	// Data reads. Example: CloudSQL Users list
	AuditLogConfigLogTypeDataRead = AuditLogConfigLogType("DATA_READ")
)
View Source 
const (
	// No assertion claims behavior specified.
	GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorAssertionClaimsBehaviorUnspecified = GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior("ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED")
	// Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.
	GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorMergeUserInfoOverIdTokenClaims = GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
	// Only include ID Token Claims.
	GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOnlyIdTokenClaims = GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior("ONLY_ID_TOKEN_CLAIMS")
)
View Source 
const (
	// No Response Type specified.
	GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeResponseTypeUnspecified = GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType("RESPONSE_TYPE_UNSPECIFIED")
	// The `response_type=code` selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.
	GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeCode = GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType("CODE")
	// The `response_type=id_token` selection uses the Implicit Flow for web sign-in.
	GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeIdToken = GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType("ID_TOKEN")
)
View Source 
const (
	// No key specification specified.
	KeyDataKeySpecKeySpecUnspecified = KeyDataKeySpec("KEY_SPEC_UNSPECIFIED")
	// A 2048 bit RSA key.
	KeyDataKeySpecRsa2048 = KeyDataKeySpec("RSA_2048")
	// A 3072 bit RSA key.
	KeyDataKeySpecRsa3072 = KeyDataKeySpec("RSA_3072")
	// A 4096 bit RSA key.
	KeyDataKeySpecRsa4096 = KeyDataKeySpec("RSA_4096")
)
View Source 
const (
	// An unspecified key algorithm.
	KeyKeyAlgorithmKeyAlgUnspecified = KeyKeyAlgorithm("KEY_ALG_UNSPECIFIED")
	// 1k RSA Key.
	KeyKeyAlgorithmKeyAlgRsa1024 = KeyKeyAlgorithm("KEY_ALG_RSA_1024")
	// 2k RSA Key.
	KeyKeyAlgorithmKeyAlgRsa2048 = KeyKeyAlgorithm("KEY_ALG_RSA_2048")
)
View Source 
const (
	// Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.
	KeyPrivateKeyTypeTypeUnspecified = KeyPrivateKeyType("TYPE_UNSPECIFIED")
	// PKCS12 format. The password for the PKCS12 file is `notasecret`. For more information, see https://tools.ietf.org/html/rfc7292.
	KeyPrivateKeyTypeTypePkcs12File = KeyPrivateKeyType("TYPE_PKCS12_FILE")
	// Google Credentials File format.
	KeyPrivateKeyTypeTypeGoogleCredentialsFile = KeyPrivateKeyType("TYPE_GOOGLE_CREDENTIALS_FILE")
)
View Source 
const (
	// The user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the `stage` field will not be included when requesting the definition for a given role.
	OrganizationRoleStageAlpha = OrganizationRoleStage("ALPHA")
	// The user has indicated this role is currently in a Beta phase.
	OrganizationRoleStageBeta = OrganizationRoleStage("BETA")
	// The user has indicated this role is generally available.
	OrganizationRoleStageGa = OrganizationRoleStage("GA")
	// The user has indicated this role is being deprecated.
	OrganizationRoleStageDeprecated = OrganizationRoleStage("DEPRECATED")
	// This role is disabled and will not contribute permissions to any principals it is granted to in policies.
	OrganizationRoleStageDisabled = OrganizationRoleStage("DISABLED")
	// The user has indicated this role is currently in an EAP phase.
	OrganizationRoleStageEap = OrganizationRoleStage("EAP")
)
View Source 
const (
	// The user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the `stage` field will not be included when requesting the definition for a given role.
	RoleStageAlpha = RoleStage("ALPHA")
	// The user has indicated this role is currently in a Beta phase.
	RoleStageBeta = RoleStage("BETA")
	// The user has indicated this role is generally available.
	RoleStageGa = RoleStage("GA")
	// The user has indicated this role is being deprecated.
	RoleStageDeprecated = RoleStage("DEPRECATED")
	// This role is disabled and will not contribute permissions to any principals it is granted to in policies.
	RoleStageDisabled = RoleStage("DISABLED")
	// The user has indicated this role is currently in an EAP phase.
	RoleStageEap = RoleStage("EAP")
)
View Source 
const (
	// KeyUse unspecified.
	WorkforcePoolKeyUseKeyUseUnspecified = WorkforcePoolKeyUse("KEY_USE_UNSPECIFIED")
	// The key is used for encryption.
	WorkforcePoolKeyUseEncryption = WorkforcePoolKeyUse("ENCRYPTION")
)
View Source 
const (
	// The key use is not known.
	WorkloadIdentityPoolKeyUseKeyUseUnspecified = WorkloadIdentityPoolKeyUse("KEY_USE_UNSPECIFIED")
	// The public key is used for encryption purposes.
	WorkloadIdentityPoolKeyUseEncryption = WorkloadIdentityPoolKeyUse("ENCRYPTION")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessRestrictions added in v0.32.0 

type AccessRestrictions struct {
	// Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
	AllowedServices []ServiceConfig `pulumi:"allowedServices"`
	// Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).
	DisableProgrammaticSignin *bool `pulumi:"disableProgrammaticSignin"`
}

Access related restrictions on the workforce pool.

type AccessRestrictionsArgs added in v0.32.0 

type AccessRestrictionsArgs struct {
	// Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
	AllowedServices ServiceConfigArrayInput `pulumi:"allowedServices"`
	// Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).
	DisableProgrammaticSignin pulumi.BoolPtrInput `pulumi:"disableProgrammaticSignin"`
}

Access related restrictions on the workforce pool.

func (AccessRestrictionsArgs) ElementType added in v0.32.0 

func (AccessRestrictionsArgs) ElementType() reflect.Type

func (AccessRestrictionsArgs) ToAccessRestrictionsOutput added in v0.32.0 

func (i AccessRestrictionsArgs) ToAccessRestrictionsOutput() AccessRestrictionsOutput

func (AccessRestrictionsArgs) ToAccessRestrictionsOutputWithContext added in v0.32.0 

func (i AccessRestrictionsArgs) ToAccessRestrictionsOutputWithContext(ctx context.Context) AccessRestrictionsOutput

func (AccessRestrictionsArgs) ToAccessRestrictionsPtrOutput added in v0.32.0 

func (i AccessRestrictionsArgs) ToAccessRestrictionsPtrOutput() AccessRestrictionsPtrOutput

func (AccessRestrictionsArgs) ToAccessRestrictionsPtrOutputWithContext added in v0.32.0 

func (i AccessRestrictionsArgs) ToAccessRestrictionsPtrOutputWithContext(ctx context.Context) AccessRestrictionsPtrOutput

type AccessRestrictionsInput added in v0.32.0 

type AccessRestrictionsInput interface {
	pulumi.Input

	ToAccessRestrictionsOutput() AccessRestrictionsOutput
	ToAccessRestrictionsOutputWithContext(context.Context) AccessRestrictionsOutput
}

AccessRestrictionsInput is an input type that accepts AccessRestrictionsArgs and AccessRestrictionsOutput values. You can construct a concrete instance of `AccessRestrictionsInput` via: 

AccessRestrictionsArgs{...}

type AccessRestrictionsOutput added in v0.32.0 

type AccessRestrictionsOutput struct{ *pulumi.OutputState }

Access related restrictions on the workforce pool.

func (AccessRestrictionsOutput) AllowedServices added in v0.32.0 

func (o AccessRestrictionsOutput) AllowedServices() ServiceConfigArrayOutput

Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.

func (AccessRestrictionsOutput) DisableProgrammaticSignin added in v0.32.0 

func (o AccessRestrictionsOutput) DisableProgrammaticSignin() pulumi.BoolPtrOutput

Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

func (AccessRestrictionsOutput) ElementType added in v0.32.0 

func (AccessRestrictionsOutput) ElementType() reflect.Type

func (AccessRestrictionsOutput) ToAccessRestrictionsOutput added in v0.32.0 

func (o AccessRestrictionsOutput) ToAccessRestrictionsOutput() AccessRestrictionsOutput

func (AccessRestrictionsOutput) ToAccessRestrictionsOutputWithContext added in v0.32.0 

func (o AccessRestrictionsOutput) ToAccessRestrictionsOutputWithContext(ctx context.Context) AccessRestrictionsOutput

func (AccessRestrictionsOutput) ToAccessRestrictionsPtrOutput added in v0.32.0 

func (o AccessRestrictionsOutput) ToAccessRestrictionsPtrOutput() AccessRestrictionsPtrOutput

func (AccessRestrictionsOutput) ToAccessRestrictionsPtrOutputWithContext added in v0.32.0 

func (o AccessRestrictionsOutput) ToAccessRestrictionsPtrOutputWithContext(ctx context.Context) AccessRestrictionsPtrOutput

type AccessRestrictionsPtrInput added in v0.32.0 

type AccessRestrictionsPtrInput interface {
	pulumi.Input

	ToAccessRestrictionsPtrOutput() AccessRestrictionsPtrOutput
	ToAccessRestrictionsPtrOutputWithContext(context.Context) AccessRestrictionsPtrOutput
}

AccessRestrictionsPtrInput is an input type that accepts AccessRestrictionsArgs, AccessRestrictionsPtr and AccessRestrictionsPtrOutput values. You can construct a concrete instance of `AccessRestrictionsPtrInput` via: 

        AccessRestrictionsArgs{...}

or:

        nil

func AccessRestrictionsPtr added in v0.32.0 

func AccessRestrictionsPtr(v *AccessRestrictionsArgs) AccessRestrictionsPtrInput

type AccessRestrictionsPtrOutput added in v0.32.0 

type AccessRestrictionsPtrOutput struct{ *pulumi.OutputState }

func (AccessRestrictionsPtrOutput) AllowedServices added in v0.32.0 

func (o AccessRestrictionsPtrOutput) AllowedServices() ServiceConfigArrayOutput

Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.

func (AccessRestrictionsPtrOutput) DisableProgrammaticSignin added in v0.32.0 

func (o AccessRestrictionsPtrOutput) DisableProgrammaticSignin() pulumi.BoolPtrOutput

Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

func (AccessRestrictionsPtrOutput) Elem added in v0.32.0 

func (o AccessRestrictionsPtrOutput) Elem() AccessRestrictionsOutput

func (AccessRestrictionsPtrOutput) ElementType added in v0.32.0 

func (AccessRestrictionsPtrOutput) ElementType() reflect.Type

func (AccessRestrictionsPtrOutput) ToAccessRestrictionsPtrOutput added in v0.32.0 

func (o AccessRestrictionsPtrOutput) ToAccessRestrictionsPtrOutput() AccessRestrictionsPtrOutput

func (AccessRestrictionsPtrOutput) ToAccessRestrictionsPtrOutputWithContext added in v0.32.0 

func (o AccessRestrictionsPtrOutput) ToAccessRestrictionsPtrOutputWithContext(ctx context.Context) AccessRestrictionsPtrOutput

type AccessRestrictionsResponse added in v0.32.0 

type AccessRestrictionsResponse struct {
	// Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
	AllowedServices []ServiceConfigResponse `pulumi:"allowedServices"`
	// Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).
	DisableProgrammaticSignin bool `pulumi:"disableProgrammaticSignin"`
}

Access related restrictions on the workforce pool.

type AccessRestrictionsResponseOutput added in v0.32.0 

type AccessRestrictionsResponseOutput struct{ *pulumi.OutputState }

Access related restrictions on the workforce pool.

func (AccessRestrictionsResponseOutput) AllowedServices added in v0.32.0 

func (o AccessRestrictionsResponseOutput) AllowedServices() ServiceConfigResponseArrayOutput

Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.

func (AccessRestrictionsResponseOutput) DisableProgrammaticSignin added in v0.32.0 

func (o AccessRestrictionsResponseOutput) DisableProgrammaticSignin() pulumi.BoolOutput

Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

func (AccessRestrictionsResponseOutput) ElementType added in v0.32.0 

func (AccessRestrictionsResponseOutput) ElementType() reflect.Type

func (AccessRestrictionsResponseOutput) ToAccessRestrictionsResponseOutput added in v0.32.0 

func (o AccessRestrictionsResponseOutput) ToAccessRestrictionsResponseOutput() AccessRestrictionsResponseOutput

func (AccessRestrictionsResponseOutput) ToAccessRestrictionsResponseOutputWithContext added in v0.32.0 

func (o AccessRestrictionsResponseOutput) ToAccessRestrictionsResponseOutputWithContext(ctx context.Context) AccessRestrictionsResponseOutput

type AuditConfig 

type AuditConfig struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfig `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service *string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigArgs 

type AuditConfigArgs struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs AuditLogConfigArrayInput `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service pulumi.StringPtrInput `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigArgs) ElementType 

func (AuditConfigArgs) ElementType() reflect.Type

func (AuditConfigArgs) ToAuditConfigOutput 

func (i AuditConfigArgs) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigArgs) ToAuditConfigOutputWithContext 

func (i AuditConfigArgs) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigArray 

type AuditConfigArray []AuditConfigInput

func (AuditConfigArray) ElementType 

func (AuditConfigArray) ElementType() reflect.Type

func (AuditConfigArray) ToAuditConfigArrayOutput 

func (i AuditConfigArray) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArray) ToAuditConfigArrayOutputWithContext 

func (i AuditConfigArray) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigArrayInput 

type AuditConfigArrayInput interface {
	pulumi.Input

	ToAuditConfigArrayOutput() AuditConfigArrayOutput
	ToAuditConfigArrayOutputWithContext(context.Context) AuditConfigArrayOutput
}

AuditConfigArrayInput is an input type that accepts AuditConfigArray and AuditConfigArrayOutput values. You can construct a concrete instance of `AuditConfigArrayInput` via: 

AuditConfigArray{ AuditConfigArgs{...} }

type AuditConfigArrayOutput 

type AuditConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigArrayOutput) ElementType 

func (AuditConfigArrayOutput) ElementType() reflect.Type

func (AuditConfigArrayOutput) Index 

func (o AuditConfigArrayOutput) Index(i pulumi.IntInput) AuditConfigOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutput 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigInput 

type AuditConfigInput interface {
	pulumi.Input

	ToAuditConfigOutput() AuditConfigOutput
	ToAuditConfigOutputWithContext(context.Context) AuditConfigOutput
}

AuditConfigInput is an input type that accepts AuditConfigArgs and AuditConfigOutput values. You can construct a concrete instance of `AuditConfigInput` via: 

AuditConfigArgs{...}

type AuditConfigOutput 

type AuditConfigOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigOutput) AuditLogConfigs 

func (o AuditConfigOutput) AuditLogConfigs() AuditLogConfigArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigOutput) ElementType 

func (AuditConfigOutput) ElementType() reflect.Type

func (AuditConfigOutput) Service 

func (o AuditConfigOutput) Service() pulumi.StringPtrOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigOutput) ToAuditConfigOutput 

func (o AuditConfigOutput) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigOutput) ToAuditConfigOutputWithContext 

func (o AuditConfigOutput) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigResponse 

type AuditConfigResponse struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfigResponse `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigResponseArrayOutput 

type AuditConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigResponseArrayOutput) ElementType 

func (AuditConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditConfigResponseArrayOutput) Index 

func (o AuditConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditConfigResponseOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput() AuditConfigResponseArrayOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext(ctx context.Context) AuditConfigResponseArrayOutput

type AuditConfigResponseOutput 

type AuditConfigResponseOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigResponseOutput) AuditLogConfigs 

func (o AuditConfigResponseOutput) AuditLogConfigs() AuditLogConfigResponseArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigResponseOutput) ElementType 

func (AuditConfigResponseOutput) ElementType() reflect.Type

func (AuditConfigResponseOutput) Service 

func (o AuditConfigResponseOutput) Service() pulumi.StringOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigResponseOutput) ToAuditConfigResponseOutput 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutput() AuditConfigResponseOutput

func (AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext(ctx context.Context) AuditConfigResponseOutput

type AuditLogConfig 

type AuditLogConfig struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType *AuditLogConfigLogType `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigArgs 

type AuditLogConfigArgs struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType AuditLogConfigLogTypePtrInput `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigArgs) ElementType 

func (AuditLogConfigArgs) ElementType() reflect.Type

func (AuditLogConfigArgs) ToAuditLogConfigOutput 

func (i AuditLogConfigArgs) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigArgs) ToAuditLogConfigOutputWithContext 

func (i AuditLogConfigArgs) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigArray 

type AuditLogConfigArray []AuditLogConfigInput

func (AuditLogConfigArray) ElementType 

func (AuditLogConfigArray) ElementType() reflect.Type

func (AuditLogConfigArray) ToAuditLogConfigArrayOutput 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigArrayInput 

type AuditLogConfigArrayInput interface {
	pulumi.Input

	ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput
	ToAuditLogConfigArrayOutputWithContext(context.Context) AuditLogConfigArrayOutput
}

AuditLogConfigArrayInput is an input type that accepts AuditLogConfigArray and AuditLogConfigArrayOutput values. You can construct a concrete instance of `AuditLogConfigArrayInput` via: 

AuditLogConfigArray{ AuditLogConfigArgs{...} }

type AuditLogConfigArrayOutput 

type AuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigArrayOutput) ElementType 

func (AuditLogConfigArrayOutput) ElementType() reflect.Type

func (AuditLogConfigArrayOutput) Index 

func (o AuditLogConfigArrayOutput) Index(i pulumi.IntInput) AuditLogConfigOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigInput 

type AuditLogConfigInput interface {
	pulumi.Input

	ToAuditLogConfigOutput() AuditLogConfigOutput
	ToAuditLogConfigOutputWithContext(context.Context) AuditLogConfigOutput
}

AuditLogConfigInput is an input type that accepts AuditLogConfigArgs and AuditLogConfigOutput values. You can construct a concrete instance of `AuditLogConfigInput` via: 

AuditLogConfigArgs{...}

type AuditLogConfigLogType added in v0.4.0 

type AuditLogConfigLogType string

The log type that this config enables.

func (AuditLogConfigLogType) ElementType added in v0.4.0 

func (AuditLogConfigLogType) ElementType() reflect.Type

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToStringOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogType) ToStringOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogType) ToStringPtrOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogType) ToStringPtrOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypeInput added in v0.6.0 

type AuditLogConfigLogTypeInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
	ToAuditLogConfigLogTypeOutputWithContext(context.Context) AuditLogConfigLogTypeOutput
}

AuditLogConfigLogTypeInput is an input type that accepts AuditLogConfigLogTypeArgs and AuditLogConfigLogTypeOutput values. You can construct a concrete instance of `AuditLogConfigLogTypeInput` via: 

AuditLogConfigLogTypeArgs{...}

type AuditLogConfigLogTypeOutput added in v0.6.0 

type AuditLogConfigLogTypeOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypeOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypeOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToStringOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypePtrInput added in v0.6.0 

type AuditLogConfigLogTypePtrInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
	ToAuditLogConfigLogTypePtrOutputWithContext(context.Context) AuditLogConfigLogTypePtrOutput
}

func AuditLogConfigLogTypePtr added in v0.6.0 

func AuditLogConfigLogTypePtr(v string) AuditLogConfigLogTypePtrInput

type AuditLogConfigLogTypePtrOutput added in v0.6.0 

type AuditLogConfigLogTypePtrOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypePtrOutput) Elem added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) Elem() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypePtrOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypePtrOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigOutput 

type AuditLogConfigOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigOutput) ElementType 

func (AuditLogConfigOutput) ElementType() reflect.Type

func (AuditLogConfigOutput) ExemptedMembers 

func (o AuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigOutput) LogType 

func (o AuditLogConfigOutput) LogType() AuditLogConfigLogTypePtrOutput

The log type that this config enables.

func (AuditLogConfigOutput) ToAuditLogConfigOutput 

func (o AuditLogConfigOutput) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigOutput) ToAuditLogConfigOutputWithContext 

func (o AuditLogConfigOutput) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigResponse 

type AuditLogConfigResponse struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType string `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigResponseArrayOutput 

type AuditLogConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigResponseArrayOutput) ElementType 

func (AuditLogConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditLogConfigResponseArrayOutput) Index 

func (o AuditLogConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditLogConfigResponseOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput() AuditLogConfigResponseArrayOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext(ctx context.Context) AuditLogConfigResponseArrayOutput

type AuditLogConfigResponseOutput 

type AuditLogConfigResponseOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigResponseOutput) ElementType 

func (AuditLogConfigResponseOutput) ElementType() reflect.Type

func (AuditLogConfigResponseOutput) ExemptedMembers 

func (o AuditLogConfigResponseOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigResponseOutput) LogType 

func (o AuditLogConfigResponseOutput) LogType() pulumi.StringOutput

The log type that this config enables.

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput() AuditLogConfigResponseOutput

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext(ctx context.Context) AuditLogConfigResponseOutput

type Aws 

type Aws struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

Represents an Amazon Web Services identity provider.

type AwsArgs 

type AwsArgs struct {
	// The AWS account ID.
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

Represents an Amazon Web Services identity provider.

func (AwsArgs) ElementType 

func (AwsArgs) ElementType() reflect.Type

func (AwsArgs) ToAwsOutput 

func (i AwsArgs) ToAwsOutput() AwsOutput

func (AwsArgs) ToAwsOutputWithContext 

func (i AwsArgs) ToAwsOutputWithContext(ctx context.Context) AwsOutput

func (AwsArgs) ToAwsPtrOutput 

func (i AwsArgs) ToAwsPtrOutput() AwsPtrOutput

func (AwsArgs) ToAwsPtrOutputWithContext 

func (i AwsArgs) ToAwsPtrOutputWithContext(ctx context.Context) AwsPtrOutput

type AwsInput 

type AwsInput interface {
	pulumi.Input

	ToAwsOutput() AwsOutput
	ToAwsOutputWithContext(context.Context) AwsOutput
}

AwsInput is an input type that accepts AwsArgs and AwsOutput values. You can construct a concrete instance of `AwsInput` via: 

AwsArgs{...}

type AwsOutput 

type AwsOutput struct{ *pulumi.OutputState }

Represents an Amazon Web Services identity provider.

func (AwsOutput) AccountId 

func (o AwsOutput) AccountId() pulumi.StringOutput

The AWS account ID.

func (AwsOutput) ElementType 

func (AwsOutput) ElementType() reflect.Type

func (AwsOutput) ToAwsOutput 

func (o AwsOutput) ToAwsOutput() AwsOutput

func (AwsOutput) ToAwsOutputWithContext 

func (o AwsOutput) ToAwsOutputWithContext(ctx context.Context) AwsOutput

func (AwsOutput) ToAwsPtrOutput 

func (o AwsOutput) ToAwsPtrOutput() AwsPtrOutput

func (AwsOutput) ToAwsPtrOutputWithContext 

func (o AwsOutput) ToAwsPtrOutputWithContext(ctx context.Context) AwsPtrOutput

type AwsPtrInput 

type AwsPtrInput interface {
	pulumi.Input

	ToAwsPtrOutput() AwsPtrOutput
	ToAwsPtrOutputWithContext(context.Context) AwsPtrOutput
}

AwsPtrInput is an input type that accepts AwsArgs, AwsPtr and AwsPtrOutput values. You can construct a concrete instance of `AwsPtrInput` via: 

        AwsArgs{...}

or:

        nil

func AwsPtr 

func AwsPtr(v *AwsArgs) AwsPtrInput

type AwsPtrOutput 

type AwsPtrOutput struct{ *pulumi.OutputState }

func (AwsPtrOutput) AccountId 

func (o AwsPtrOutput) AccountId() pulumi.StringPtrOutput

The AWS account ID.

func (AwsPtrOutput) Elem 

func (o AwsPtrOutput) Elem() AwsOutput

func (AwsPtrOutput) ElementType 

func (AwsPtrOutput) ElementType() reflect.Type

func (AwsPtrOutput) ToAwsPtrOutput 

func (o AwsPtrOutput) ToAwsPtrOutput() AwsPtrOutput

func (AwsPtrOutput) ToAwsPtrOutputWithContext 

func (o AwsPtrOutput) ToAwsPtrOutputWithContext(ctx context.Context) AwsPtrOutput

type AwsResponse 

type AwsResponse struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

Represents an Amazon Web Services identity provider.

type AwsResponseOutput 

type AwsResponseOutput struct{ *pulumi.OutputState }

Represents an Amazon Web Services identity provider.

func (AwsResponseOutput) AccountId 

func (o AwsResponseOutput) AccountId() pulumi.StringOutput

The AWS account ID.

func (AwsResponseOutput) ElementType 

func (AwsResponseOutput) ElementType() reflect.Type

func (AwsResponseOutput) ToAwsResponseOutput 

func (o AwsResponseOutput) ToAwsResponseOutput() AwsResponseOutput

func (AwsResponseOutput) ToAwsResponseOutputWithContext 

func (o AwsResponseOutput) ToAwsResponseOutputWithContext(ctx context.Context) AwsResponseOutput

type Binding 

type Binding struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition *Expr `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role *string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingArgs 

type BindingArgs struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprPtrInput `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayInput `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringPtrInput `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

func (BindingArgs) ElementType 

func (BindingArgs) ElementType() reflect.Type

func (BindingArgs) ToBindingOutput 

func (i BindingArgs) ToBindingOutput() BindingOutput

func (BindingArgs) ToBindingOutputWithContext 

func (i BindingArgs) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingArray 

type BindingArray []BindingInput

func (BindingArray) ElementType 

func (BindingArray) ElementType() reflect.Type

func (BindingArray) ToBindingArrayOutput 

func (i BindingArray) ToBindingArrayOutput() BindingArrayOutput

func (BindingArray) ToBindingArrayOutputWithContext 

func (i BindingArray) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingArrayInput 

type BindingArrayInput interface {
	pulumi.Input

	ToBindingArrayOutput() BindingArrayOutput
	ToBindingArrayOutputWithContext(context.Context) BindingArrayOutput
}

BindingArrayInput is an input type that accepts BindingArray and BindingArrayOutput values. You can construct a concrete instance of `BindingArrayInput` via: 

BindingArray{ BindingArgs{...} }

type BindingArrayOutput 

type BindingArrayOutput struct{ *pulumi.OutputState }

func (BindingArrayOutput) ElementType 

func (BindingArrayOutput) ElementType() reflect.Type

func (BindingArrayOutput) Index 

func (o BindingArrayOutput) Index(i pulumi.IntInput) BindingOutput

func (BindingArrayOutput) ToBindingArrayOutput 

func (o BindingArrayOutput) ToBindingArrayOutput() BindingArrayOutput

func (BindingArrayOutput) ToBindingArrayOutputWithContext 

func (o BindingArrayOutput) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingInput 

type BindingInput interface {
	pulumi.Input

	ToBindingOutput() BindingOutput
	ToBindingOutputWithContext(context.Context) BindingOutput
}

BindingInput is an input type that accepts BindingArgs and BindingOutput values. You can construct a concrete instance of `BindingInput` via: 

BindingArgs{...}

type BindingOutput 

type BindingOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingOutput) Condition 

func (o BindingOutput) Condition() ExprPtrOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingOutput) ElementType 

func (BindingOutput) ElementType() reflect.Type

func (BindingOutput) Members 

func (o BindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingOutput) Role 

func (o BindingOutput) Role() pulumi.StringPtrOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingOutput) ToBindingOutput 

func (o BindingOutput) ToBindingOutput() BindingOutput

func (BindingOutput) ToBindingOutputWithContext 

func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingResponse 

type BindingResponse struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprResponse `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingResponseArrayOutput 

type BindingResponseArrayOutput struct{ *pulumi.OutputState }

func (BindingResponseArrayOutput) ElementType 

func (BindingResponseArrayOutput) ElementType() reflect.Type

func (BindingResponseArrayOutput) Index 

func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutput 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput

type BindingResponseOutput 

type BindingResponseOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingResponseOutput) Condition 

func (o BindingResponseOutput) Condition() ExprResponseOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingResponseOutput) ElementType 

func (BindingResponseOutput) ElementType() reflect.Type

func (BindingResponseOutput) Members 

func (o BindingResponseOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingResponseOutput) Role 

func (o BindingResponseOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingResponseOutput) ToBindingResponseOutput 

func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput

func (BindingResponseOutput) ToBindingResponseOutputWithContext 

func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput

type Condition added in v0.26.0 

type Condition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

type ConditionArgs added in v0.26.0 

type ConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ConditionArgs) ElementType added in v0.26.0 

func (ConditionArgs) ElementType() reflect.Type

func (ConditionArgs) ToConditionOutput added in v0.26.0 

func (i ConditionArgs) ToConditionOutput() ConditionOutput

func (ConditionArgs) ToConditionOutputWithContext added in v0.26.0 

func (i ConditionArgs) ToConditionOutputWithContext(ctx context.Context) ConditionOutput

func (ConditionArgs) ToConditionPtrOutput added in v0.26.0 

func (i ConditionArgs) ToConditionPtrOutput() ConditionPtrOutput

func (ConditionArgs) ToConditionPtrOutputWithContext added in v0.26.0 

func (i ConditionArgs) ToConditionPtrOutputWithContext(ctx context.Context) ConditionPtrOutput

type ConditionInput added in v0.26.0 

type ConditionInput interface {
	pulumi.Input

	ToConditionOutput() ConditionOutput
	ToConditionOutputWithContext(context.Context) ConditionOutput
}

ConditionInput is an input type that accepts ConditionArgs and ConditionOutput values. You can construct a concrete instance of `ConditionInput` via: 

ConditionArgs{...}

type ConditionOutput added in v0.26.0 

type ConditionOutput struct{ *pulumi.OutputState }

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ConditionOutput) Description added in v0.26.0 

func (o ConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.

func (ConditionOutput) ElementType added in v0.26.0 

func (ConditionOutput) ElementType() reflect.Type

func (ConditionOutput) Expression added in v0.26.0 

func (o ConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ConditionOutput) Title added in v0.26.0 

func (o ConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (ConditionOutput) ToConditionOutput added in v0.26.0 

func (o ConditionOutput) ToConditionOutput() ConditionOutput

func (ConditionOutput) ToConditionOutputWithContext added in v0.26.0 

func (o ConditionOutput) ToConditionOutputWithContext(ctx context.Context) ConditionOutput

func (ConditionOutput) ToConditionPtrOutput added in v0.26.0 

func (o ConditionOutput) ToConditionPtrOutput() ConditionPtrOutput

func (ConditionOutput) ToConditionPtrOutputWithContext added in v0.26.0 

func (o ConditionOutput) ToConditionPtrOutputWithContext(ctx context.Context) ConditionPtrOutput

type ConditionPtrInput added in v0.26.0 

type ConditionPtrInput interface {
	pulumi.Input

	ToConditionPtrOutput() ConditionPtrOutput
	ToConditionPtrOutputWithContext(context.Context) ConditionPtrOutput
}

ConditionPtrInput is an input type that accepts ConditionArgs, ConditionPtr and ConditionPtrOutput values. You can construct a concrete instance of `ConditionPtrInput` via: 

        ConditionArgs{...}

or:

        nil

func ConditionPtr added in v0.26.0 

func ConditionPtr(v *ConditionArgs) ConditionPtrInput

type ConditionPtrOutput added in v0.26.0 

type ConditionPtrOutput struct{ *pulumi.OutputState }

func (ConditionPtrOutput) Description added in v0.26.0 

func (o ConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.

func (ConditionPtrOutput) Elem added in v0.26.0 

func (o ConditionPtrOutput) Elem() ConditionOutput

func (ConditionPtrOutput) ElementType added in v0.26.0 

func (ConditionPtrOutput) ElementType() reflect.Type

func (ConditionPtrOutput) Expression added in v0.26.0 

func (o ConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ConditionPtrOutput) Title added in v0.26.0 

func (o ConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (ConditionPtrOutput) ToConditionPtrOutput added in v0.26.0 

func (o ConditionPtrOutput) ToConditionPtrOutput() ConditionPtrOutput

func (ConditionPtrOutput) ToConditionPtrOutputWithContext added in v0.26.0 

func (o ConditionPtrOutput) ToConditionPtrOutputWithContext(ctx context.Context) ConditionPtrOutput

type Expr 

type Expr struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprArgs 

type ExprArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprArgs) ElementType 

func (ExprArgs) ElementType() reflect.Type

func (ExprArgs) ToExprOutput 

func (i ExprArgs) ToExprOutput() ExprOutput

func (ExprArgs) ToExprOutputWithContext 

func (i ExprArgs) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprArgs) ToExprPtrOutput 

func (i ExprArgs) ToExprPtrOutput() ExprPtrOutput

func (ExprArgs) ToExprPtrOutputWithContext 

func (i ExprArgs) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprInput 

type ExprInput interface {
	pulumi.Input

	ToExprOutput() ExprOutput
	ToExprOutputWithContext(context.Context) ExprOutput
}

ExprInput is an input type that accepts ExprArgs and ExprOutput values. You can construct a concrete instance of `ExprInput` via: 

ExprArgs{...}

type ExprOutput 

type ExprOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprOutput) Description 

func (o ExprOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprOutput) ElementType 

func (ExprOutput) ElementType() reflect.Type

func (ExprOutput) Expression 

func (o ExprOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprOutput) Location 

func (o ExprOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprOutput) Title 

func (o ExprOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprOutput) ToExprOutput 

func (o ExprOutput) ToExprOutput() ExprOutput

func (ExprOutput) ToExprOutputWithContext 

func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprOutput) ToExprPtrOutput 

func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprOutput) ToExprPtrOutputWithContext 

func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprPtrInput 

type ExprPtrInput interface {
	pulumi.Input

	ToExprPtrOutput() ExprPtrOutput
	ToExprPtrOutputWithContext(context.Context) ExprPtrOutput
}

ExprPtrInput is an input type that accepts ExprArgs, ExprPtr and ExprPtrOutput values. You can construct a concrete instance of `ExprPtrInput` via: 

        ExprArgs{...}

or:

        nil

func ExprPtr 

func ExprPtr(v *ExprArgs) ExprPtrInput

type ExprPtrOutput 

type ExprPtrOutput struct{ *pulumi.OutputState }

func (ExprPtrOutput) Description 

func (o ExprPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprPtrOutput) Elem 

func (o ExprPtrOutput) Elem() ExprOutput

func (ExprPtrOutput) ElementType 

func (ExprPtrOutput) ElementType() reflect.Type

func (ExprPtrOutput) Expression 

func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprPtrOutput) Location 

func (o ExprPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprPtrOutput) Title 

func (o ExprPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprPtrOutput) ToExprPtrOutput 

func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprPtrOutput) ToExprPtrOutputWithContext 

func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprResponse 

type ExprResponse struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprResponseOutput 

type ExprResponseOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprResponseOutput) Description 

func (o ExprResponseOutput) Description() pulumi.StringOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprResponseOutput) ElementType 

func (ExprResponseOutput) ElementType() reflect.Type

func (ExprResponseOutput) Expression 

func (o ExprResponseOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprResponseOutput) Location 

func (o ExprResponseOutput) Location() pulumi.StringOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprResponseOutput) Title 

func (o ExprResponseOutput) Title() pulumi.StringOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprResponseOutput) ToExprResponseOutput 

func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput

func (ExprResponseOutput) ToExprResponseOutputWithContext 

func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput

type GoogleIamAdminV1WorkforcePoolProviderOidc added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidc struct {
	// The client ID. Must match the audience claim of the JWT issued by the identity provider.
	ClientId string `pulumi:"clientId"`
	// The optional client secret. Required to enable Authorization Code flow for web sign-in.
	ClientSecret *GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret `pulumi:"clientSecret"`
	// The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }
	JwksJson *string `pulumi:"jwksJson"`
	// Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
	WebSsoConfig GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig `pulumi:"webSsoConfig"`
}

Represents an OpenId Connect 1.0 identity provider.

type GoogleIamAdminV1WorkforcePoolProviderOidcArgs added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcArgs struct {
	// The client ID. Must match the audience claim of the JWT issued by the identity provider.
	ClientId pulumi.StringInput `pulumi:"clientId"`
	// The optional client secret. Required to enable Authorization Code flow for web sign-in.
	ClientSecret GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrInput `pulumi:"clientSecret"`
	// The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }
	JwksJson pulumi.StringPtrInput `pulumi:"jwksJson"`
	// Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
	WebSsoConfig GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigInput `pulumi:"webSsoConfig"`
}

Represents an OpenId Connect 1.0 identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutput added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutput() GoogleIamAdminV1WorkforcePoolProviderOidcOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutputWithContext added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutputWithContext added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret struct {
	// The value of the client secret.
	Value *GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue `pulumi:"value"`
}

Representation of a client secret configured for the OIDC provider.

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs struct {
	// The value of the client secret.
	Value GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrInput `pulumi:"value"`
}

Representation of a client secret configured for the OIDC provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutputWithContext added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutputWithContext added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretInput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs and GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretInput` via: 

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs{...}

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput struct{ *pulumi.OutputState }

Representation of a client secret configured for the OIDC provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) Value added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput) Value() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

The value of the client secret.

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrInput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs, GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtr and GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrInput` via: 

        GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs{...}

or:

        nil

func GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtr added in v0.32.0 

func GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtr(v *GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretArgs) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrInput

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) Elem added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) Elem() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) Value added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput) Value() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

The value of the client secret.

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponse added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponse struct {
	// The value of the client secret.
	Value GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponse `pulumi:"value"`
}

Representation of a client secret configured for the OIDC provider.

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput struct{ *pulumi.OutputState }

Representation of a client secret configured for the OIDC provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) Value added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput) Value() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput

The value of the client secret.

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue struct {
	// Input only. The plain text of the client secret value. For security reasons, this field is only used for input and will never be populated in any response.
	PlainText *string `pulumi:"plainText"`
}

Representation of the value of the client secret.

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs struct {
	// Input only. The plain text of the client secret value. For security reasons, this field is only used for input and will never be populated in any response.
	PlainText pulumi.StringPtrInput `pulumi:"plainText"`
}

Representation of the value of the client secret.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutputWithContext added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext added in v0.32.0 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueInput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs and GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueInput` via: 

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs{...}

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput struct{ *pulumi.OutputState }

Representation of the value of the client secret.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) PlainText added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) PlainText() pulumi.StringPtrOutput

Input only. The plain text of the client secret value. For security reasons, this field is only used for input and will never be populated in any response.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrInput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs, GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtr and GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrInput` via: 

        GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs{...}

or:

        nil

func GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtr added in v0.32.0 

func GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtr(v *GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueArgs) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrInput

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) Elem added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) Elem() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) PlainText added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) PlainText() pulumi.StringPtrOutput

Input only. The plain text of the client secret value. For security reasons, this field is only used for input and will never be populated in any response.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValuePtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponse added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponse struct {
	// Input only. The plain text of the client secret value. For security reasons, this field is only used for input and will never be populated in any response.
	PlainText string `pulumi:"plainText"`
	// A thumbprint to represent the current client secret value.
	Thumbprint string `pulumi:"thumbprint"`
}

Representation of the value of the client secret.

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput added in v0.32.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput struct{ *pulumi.OutputState }

Representation of the value of the client secret.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) ElementType added in v0.32.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) PlainText added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) PlainText() pulumi.StringOutput

Input only. The plain text of the client secret value. For security reasons, this field is only used for input and will never be populated in any response.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) Thumbprint added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) Thumbprint() pulumi.StringOutput

A thumbprint to represent the current client secret value.

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutputWithContext added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValueResponseOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcInput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcOutput() GoogleIamAdminV1WorkforcePoolProviderOidcOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcArgs and GoogleIamAdminV1WorkforcePoolProviderOidcOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcInput` via: 

GoogleIamAdminV1WorkforcePoolProviderOidcArgs{...}

type GoogleIamAdminV1WorkforcePoolProviderOidcOutput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcOutput struct{ *pulumi.OutputState }

Represents an OpenId Connect 1.0 identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ClientId added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ClientId() pulumi.StringOutput

The client ID. Must match the audience claim of the JWT issued by the identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ClientSecret added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ClientSecret() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

The optional client secret. Required to enable Authorization Code flow for web sign-in.

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) IssuerUri added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) JwksJson added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) JwksJson() pulumi.StringPtrOutput

OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutput() GoogleIamAdminV1WorkforcePoolProviderOidcOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcOutput) WebSsoConfig added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcOutput) WebSsoConfig() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.

type GoogleIamAdminV1WorkforcePoolProviderOidcPtrInput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcPtrInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcPtrInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcArgs, GoogleIamAdminV1WorkforcePoolProviderOidcPtr and GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcPtrInput` via: 

        GoogleIamAdminV1WorkforcePoolProviderOidcArgs{...}

or:

        nil

func GoogleIamAdminV1WorkforcePoolProviderOidcPtr added in v0.29.0 

func GoogleIamAdminV1WorkforcePoolProviderOidcPtr(v *GoogleIamAdminV1WorkforcePoolProviderOidcArgs) GoogleIamAdminV1WorkforcePoolProviderOidcPtrInput

type GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ClientId added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ClientId() pulumi.StringPtrOutput

The client ID. Must match the audience claim of the JWT issued by the identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ClientSecret added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ClientSecret() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretPtrOutput

The optional client secret. Required to enable Authorization Code flow for web sign-in.

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) Elem added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) Elem() GoogleIamAdminV1WorkforcePoolProviderOidcOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) IssuerUri added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) IssuerUri() pulumi.StringPtrOutput

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) JwksJson added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) JwksJson() pulumi.StringPtrOutput

OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) WebSsoConfig added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcPtrOutput) WebSsoConfig() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.

type GoogleIamAdminV1WorkforcePoolProviderOidcResponse added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcResponse struct {
	// The client ID. Must match the audience claim of the JWT issued by the identity provider.
	ClientId string `pulumi:"clientId"`
	// The optional client secret. Required to enable Authorization Code flow for web sign-in.
	ClientSecret GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponse `pulumi:"clientSecret"`
	// The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
	IssuerUri string `pulumi:"issuerUri"`
	// OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }
	JwksJson string `pulumi:"jwksJson"`
	// Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
	WebSsoConfig GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponse `pulumi:"webSsoConfig"`
}

Represents an OpenId Connect 1.0 identity provider.

type GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput struct{ *pulumi.OutputState }

Represents an OpenId Connect 1.0 identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ClientId added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ClientId() pulumi.StringOutput

The client ID. Must match the audience claim of the JWT issued by the identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ClientSecret added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ClientSecret() GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretResponseOutput

The optional client secret. Required to enable Authorization Code flow for web sign-in.

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) IssuerUri added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) JwksJson added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) JwksJson() pulumi.StringOutput

OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput() GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcResponseOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcResponseOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) WebSsoConfig added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput) WebSsoConfig() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig struct {
	// Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
	AdditionalScopes []string `pulumi:"additionalScopes"`
	// The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
	AssertionClaimsBehavior GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior `pulumi:"assertionClaimsBehavior"`
	// The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.
	ResponseType GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType `pulumi:"responseType"`
}

Configuration for web single sign-on for the OIDC provider.

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs struct {
	// Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
	AdditionalScopes pulumi.StringArrayInput `pulumi:"additionalScopes"`
	// The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
	AssertionClaimsBehavior GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorInput `pulumi:"assertionClaimsBehavior"`
	// The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.
	ResponseType GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeInput `pulumi:"responseType"`
}

Configuration for web single sign-on for the OIDC provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput added in v0.31.1 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutputWithContext added in v0.31.1 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput added in v0.31.1 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext added in v0.31.1 

func (i GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior string

Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringOutput() pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringPtrOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringPtrOutput() pulumi.StringPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringPtrOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehavior) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorInput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorArgs and GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorInput` via: 

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorArgs{...}

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringOutput() pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrInput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput
}

func GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtr added in v0.31.1 

func GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtr(v string) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrInput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) Elem added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) Elem() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToStringPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToStringPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigInput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs and GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigInput` via: 

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs{...}

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput struct{ *pulumi.OutputState }

Configuration for web single sign-on for the OIDC provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) AdditionalScopes added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) AdditionalScopes() pulumi.StringArrayOutput

Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) AssertionClaimsBehavior added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) AssertionClaimsBehavior() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorOutput

The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ResponseType added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ResponseType() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput

The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrInput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs, GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtr and GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrInput` via: 

        GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs{...}

or:

        nil

func GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtr added in v0.31.1 

func GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtr(v *GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigArgs) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrInput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AdditionalScopes added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AdditionalScopes() pulumi.StringArrayOutput

Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AssertionClaimsBehavior added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) AssertionClaimsBehavior() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigAssertionClaimsBehaviorPtrOutput

The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) Elem added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) Elem() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ResponseType added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ResponseType() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput

The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponse added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponse struct {
	// Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
	AdditionalScopes []string `pulumi:"additionalScopes"`
	// The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
	AssertionClaimsBehavior string `pulumi:"assertionClaimsBehavior"`
	// The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.
	ResponseType string `pulumi:"responseType"`
}

Configuration for web single sign-on for the OIDC provider.

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput struct{ *pulumi.OutputState }

Configuration for web single sign-on for the OIDC provider.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) AdditionalScopes added in v0.32.0 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) AdditionalScopes() pulumi.StringArrayOutput

Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) AssertionClaimsBehavior added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) AssertionClaimsBehavior() pulumi.StringOutput

The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ResponseType added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ResponseType() pulumi.StringOutput

The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType string

Required. The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons.

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringOutput() pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringPtrOutput added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringPtrOutput() pulumi.StringPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringPtrOutputWithContext added in v0.31.1 

func (e GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeInput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput
}

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeArgs and GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeInput` via: 

GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeArgs{...}

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringOutput() pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrInput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput
	ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput
}

func GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtr added in v0.31.1 

func GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtr(v string) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrInput

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput added in v0.31.1 

type GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) Elem added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) Elem() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypeOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ElementType added in v0.31.1 

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput() GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToStringPtrOutput added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToStringPtrOutputWithContext added in v0.31.1 

func (o GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfigResponseTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderSaml added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSaml struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

Represents a SAML identity provider.

type GoogleIamAdminV1WorkforcePoolProviderSamlArgs added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSamlArgs struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

Represents a SAML identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutput added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutput() GoogleIamAdminV1WorkforcePoolProviderSamlOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutputWithContext added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput() GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutputWithContext added in v0.29.0 

func (i GoogleIamAdminV1WorkforcePoolProviderSamlArgs) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderSamlInput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSamlInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderSamlOutput() GoogleIamAdminV1WorkforcePoolProviderSamlOutput
	ToGoogleIamAdminV1WorkforcePoolProviderSamlOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlOutput
}

GoogleIamAdminV1WorkforcePoolProviderSamlInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderSamlArgs and GoogleIamAdminV1WorkforcePoolProviderSamlOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderSamlInput` via: 

GoogleIamAdminV1WorkforcePoolProviderSamlArgs{...}

type GoogleIamAdminV1WorkforcePoolProviderSamlOutput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSamlOutput struct{ *pulumi.OutputState }

Represents a SAML identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderSamlOutput) IdpMetadataXml added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.

func (GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutput() GoogleIamAdminV1WorkforcePoolProviderSamlOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput() GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderSamlPtrInput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSamlPtrInput interface {
	pulumi.Input

	ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput() GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput
	ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutputWithContext(context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput
}

GoogleIamAdminV1WorkforcePoolProviderSamlPtrInput is an input type that accepts GoogleIamAdminV1WorkforcePoolProviderSamlArgs, GoogleIamAdminV1WorkforcePoolProviderSamlPtr and GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput values. You can construct a concrete instance of `GoogleIamAdminV1WorkforcePoolProviderSamlPtrInput` via: 

        GoogleIamAdminV1WorkforcePoolProviderSamlArgs{...}

or:

        nil

func GoogleIamAdminV1WorkforcePoolProviderSamlPtr added in v0.29.0 

func GoogleIamAdminV1WorkforcePoolProviderSamlPtr(v *GoogleIamAdminV1WorkforcePoolProviderSamlArgs) GoogleIamAdminV1WorkforcePoolProviderSamlPtrInput

type GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput struct{ *pulumi.OutputState }

func (GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) Elem added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) Elem() GoogleIamAdminV1WorkforcePoolProviderSamlOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) IdpMetadataXml added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) IdpMetadataXml() pulumi.StringPtrOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.

func (GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput() GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlPtrOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlPtrOutput

type GoogleIamAdminV1WorkforcePoolProviderSamlResponse added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSamlResponse struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

Represents a SAML identity provider.

type GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput added in v0.29.0 

type GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput struct{ *pulumi.OutputState }

Represents a SAML identity provider.

func (GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) ElementType added in v0.29.0 

func (GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) ElementType() reflect.Type

func (GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) IdpMetadataXml added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.

func (GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput() GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput

func (GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlResponseOutputWithContext added in v0.29.0 

func (o GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput) ToGoogleIamAdminV1WorkforcePoolProviderSamlResponseOutputWithContext(ctx context.Context) GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput

type Key added in v0.3.0 

type Key struct {
	pulumi.CustomResourceState

	// The key status.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// Specifies the algorithm (and possibly key size) for the key.
	KeyAlgorithm pulumi.StringOutput `pulumi:"keyAlgorithm"`
	// The key origin.
	KeyOrigin pulumi.StringOutput `pulumi:"keyOrigin"`
	// The key type.
	KeyType pulumi.StringOutput `pulumi:"keyType"`
	// The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	Name pulumi.StringOutput `pulumi:"name"`
	// The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
	PrivateKeyData pulumi.StringOutput `pulumi:"privateKeyData"`
	// The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
	PrivateKeyType pulumi.StringOutput `pulumi:"privateKeyType"`
	Project        pulumi.StringOutput `pulumi:"project"`
	// The public key data. Only provided in `GetServiceAccountKey` responses.
	PublicKeyData    pulumi.StringOutput `pulumi:"publicKeyData"`
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
	// The key can be used after this timestamp.
	ValidAfterTime pulumi.StringOutput `pulumi:"validAfterTime"`
	// The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.
	ValidBeforeTime pulumi.StringOutput `pulumi:"validBeforeTime"`
}

Creates a ServiceAccountKey. Auto-naming is currently not supported for this resource.

func GetKey added in v0.3.0 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey added in v0.3.0 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) ElementType added in v0.3.0 

func (*Key) ElementType() reflect.Type

func (*Key) ToKeyOutput added in v0.3.0 

func (i *Key) ToKeyOutput() KeyOutput

func (*Key) ToKeyOutputWithContext added in v0.3.0 

func (i *Key) ToKeyOutputWithContext(ctx context.Context) KeyOutput

type KeyArgs added in v0.3.0 

type KeyArgs struct {
	// Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
	KeyAlgorithm KeyKeyAlgorithmPtrInput
	// The output format of the private key. The default value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format.
	PrivateKeyType   KeyPrivateKeyTypePtrInput
	Project          pulumi.StringPtrInput
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a Key resource.

func (KeyArgs) ElementType added in v0.3.0 

func (KeyArgs) ElementType() reflect.Type

type KeyData added in v0.29.0 

type KeyData struct {
	// The specifications for the key.
	KeySpec KeyDataKeySpec `pulumi:"keySpec"`
}

Represents a public key data along with its format.

type KeyDataArgs added in v0.29.0 

type KeyDataArgs struct {
	// The specifications for the key.
	KeySpec KeyDataKeySpecInput `pulumi:"keySpec"`
}

Represents a public key data along with its format.

func (KeyDataArgs) ElementType added in v0.29.0 

func (KeyDataArgs) ElementType() reflect.Type

func (KeyDataArgs) ToKeyDataOutput added in v0.29.0 

func (i KeyDataArgs) ToKeyDataOutput() KeyDataOutput

func (KeyDataArgs) ToKeyDataOutputWithContext added in v0.29.0 

func (i KeyDataArgs) ToKeyDataOutputWithContext(ctx context.Context) KeyDataOutput

func (KeyDataArgs) ToKeyDataPtrOutput added in v0.29.0 

func (i KeyDataArgs) ToKeyDataPtrOutput() KeyDataPtrOutput

func (KeyDataArgs) ToKeyDataPtrOutputWithContext added in v0.29.0 

func (i KeyDataArgs) ToKeyDataPtrOutputWithContext(ctx context.Context) KeyDataPtrOutput

type KeyDataInput added in v0.29.0 

type KeyDataInput interface {
	pulumi.Input

	ToKeyDataOutput() KeyDataOutput
	ToKeyDataOutputWithContext(context.Context) KeyDataOutput
}

KeyDataInput is an input type that accepts KeyDataArgs and KeyDataOutput values. You can construct a concrete instance of `KeyDataInput` via: 

KeyDataArgs{...}

type KeyDataKeySpec added in v0.29.0 

type KeyDataKeySpec string

Required. The specifications for the key.

func (KeyDataKeySpec) ElementType added in v0.29.0 

func (KeyDataKeySpec) ElementType() reflect.Type

func (KeyDataKeySpec) ToKeyDataKeySpecOutput added in v0.29.0 

func (e KeyDataKeySpec) ToKeyDataKeySpecOutput() KeyDataKeySpecOutput

func (KeyDataKeySpec) ToKeyDataKeySpecOutputWithContext added in v0.29.0 

func (e KeyDataKeySpec) ToKeyDataKeySpecOutputWithContext(ctx context.Context) KeyDataKeySpecOutput

func (KeyDataKeySpec) ToKeyDataKeySpecPtrOutput added in v0.29.0 

func (e KeyDataKeySpec) ToKeyDataKeySpecPtrOutput() KeyDataKeySpecPtrOutput

func (KeyDataKeySpec) ToKeyDataKeySpecPtrOutputWithContext added in v0.29.0 

func (e KeyDataKeySpec) ToKeyDataKeySpecPtrOutputWithContext(ctx context.Context) KeyDataKeySpecPtrOutput

func (KeyDataKeySpec) ToStringOutput added in v0.29.0 

func (e KeyDataKeySpec) ToStringOutput() pulumi.StringOutput

func (KeyDataKeySpec) ToStringOutputWithContext added in v0.29.0 

func (e KeyDataKeySpec) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyDataKeySpec) ToStringPtrOutput added in v0.29.0 

func (e KeyDataKeySpec) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyDataKeySpec) ToStringPtrOutputWithContext added in v0.29.0 

func (e KeyDataKeySpec) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyDataKeySpecInput added in v0.29.0 

type KeyDataKeySpecInput interface {
	pulumi.Input

	ToKeyDataKeySpecOutput() KeyDataKeySpecOutput
	ToKeyDataKeySpecOutputWithContext(context.Context) KeyDataKeySpecOutput
}

KeyDataKeySpecInput is an input type that accepts KeyDataKeySpecArgs and KeyDataKeySpecOutput values. You can construct a concrete instance of `KeyDataKeySpecInput` via: 

KeyDataKeySpecArgs{...}

type KeyDataKeySpecOutput added in v0.29.0 

type KeyDataKeySpecOutput struct{ *pulumi.OutputState }

func (KeyDataKeySpecOutput) ElementType added in v0.29.0 

func (KeyDataKeySpecOutput) ElementType() reflect.Type

func (KeyDataKeySpecOutput) ToKeyDataKeySpecOutput added in v0.29.0 

func (o KeyDataKeySpecOutput) ToKeyDataKeySpecOutput() KeyDataKeySpecOutput

func (KeyDataKeySpecOutput) ToKeyDataKeySpecOutputWithContext added in v0.29.0 

func (o KeyDataKeySpecOutput) ToKeyDataKeySpecOutputWithContext(ctx context.Context) KeyDataKeySpecOutput

func (KeyDataKeySpecOutput) ToKeyDataKeySpecPtrOutput added in v0.29.0 

func (o KeyDataKeySpecOutput) ToKeyDataKeySpecPtrOutput() KeyDataKeySpecPtrOutput

func (KeyDataKeySpecOutput) ToKeyDataKeySpecPtrOutputWithContext added in v0.29.0 

func (o KeyDataKeySpecOutput) ToKeyDataKeySpecPtrOutputWithContext(ctx context.Context) KeyDataKeySpecPtrOutput

func (KeyDataKeySpecOutput) ToStringOutput added in v0.29.0 

func (o KeyDataKeySpecOutput) ToStringOutput() pulumi.StringOutput

func (KeyDataKeySpecOutput) ToStringOutputWithContext added in v0.29.0 

func (o KeyDataKeySpecOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyDataKeySpecOutput) ToStringPtrOutput added in v0.29.0 

func (o KeyDataKeySpecOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyDataKeySpecOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o KeyDataKeySpecOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyDataKeySpecPtrInput added in v0.29.0 

type KeyDataKeySpecPtrInput interface {
	pulumi.Input

	ToKeyDataKeySpecPtrOutput() KeyDataKeySpecPtrOutput
	ToKeyDataKeySpecPtrOutputWithContext(context.Context) KeyDataKeySpecPtrOutput
}

func KeyDataKeySpecPtr added in v0.29.0 

func KeyDataKeySpecPtr(v string) KeyDataKeySpecPtrInput

type KeyDataKeySpecPtrOutput added in v0.29.0 

type KeyDataKeySpecPtrOutput struct{ *pulumi.OutputState }

func (KeyDataKeySpecPtrOutput) Elem added in v0.29.0 

func (o KeyDataKeySpecPtrOutput) Elem() KeyDataKeySpecOutput

func (KeyDataKeySpecPtrOutput) ElementType added in v0.29.0 

func (KeyDataKeySpecPtrOutput) ElementType() reflect.Type

func (KeyDataKeySpecPtrOutput) ToKeyDataKeySpecPtrOutput added in v0.29.0 

func (o KeyDataKeySpecPtrOutput) ToKeyDataKeySpecPtrOutput() KeyDataKeySpecPtrOutput

func (KeyDataKeySpecPtrOutput) ToKeyDataKeySpecPtrOutputWithContext added in v0.29.0 

func (o KeyDataKeySpecPtrOutput) ToKeyDataKeySpecPtrOutputWithContext(ctx context.Context) KeyDataKeySpecPtrOutput

func (KeyDataKeySpecPtrOutput) ToStringPtrOutput added in v0.29.0 

func (o KeyDataKeySpecPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyDataKeySpecPtrOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o KeyDataKeySpecPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyDataOutput added in v0.29.0 

type KeyDataOutput struct{ *pulumi.OutputState }

Represents a public key data along with its format.

func (KeyDataOutput) ElementType added in v0.29.0 

func (KeyDataOutput) ElementType() reflect.Type

func (KeyDataOutput) KeySpec added in v0.29.0 

func (o KeyDataOutput) KeySpec() KeyDataKeySpecOutput

The specifications for the key.

func (KeyDataOutput) ToKeyDataOutput added in v0.29.0 

func (o KeyDataOutput) ToKeyDataOutput() KeyDataOutput

func (KeyDataOutput) ToKeyDataOutputWithContext added in v0.29.0 

func (o KeyDataOutput) ToKeyDataOutputWithContext(ctx context.Context) KeyDataOutput

func (KeyDataOutput) ToKeyDataPtrOutput added in v0.29.0 

func (o KeyDataOutput) ToKeyDataPtrOutput() KeyDataPtrOutput

func (KeyDataOutput) ToKeyDataPtrOutputWithContext added in v0.29.0 

func (o KeyDataOutput) ToKeyDataPtrOutputWithContext(ctx context.Context) KeyDataPtrOutput

type KeyDataPtrInput added in v0.29.0 

type KeyDataPtrInput interface {
	pulumi.Input

	ToKeyDataPtrOutput() KeyDataPtrOutput
	ToKeyDataPtrOutputWithContext(context.Context) KeyDataPtrOutput
}

KeyDataPtrInput is an input type that accepts KeyDataArgs, KeyDataPtr and KeyDataPtrOutput values. You can construct a concrete instance of `KeyDataPtrInput` via: 

        KeyDataArgs{...}

or:

        nil

func KeyDataPtr added in v0.29.0 

func KeyDataPtr(v *KeyDataArgs) KeyDataPtrInput

type KeyDataPtrOutput added in v0.29.0 

type KeyDataPtrOutput struct{ *pulumi.OutputState }

func (KeyDataPtrOutput) Elem added in v0.29.0 

func (o KeyDataPtrOutput) Elem() KeyDataOutput

func (KeyDataPtrOutput) ElementType added in v0.29.0 

func (KeyDataPtrOutput) ElementType() reflect.Type

func (KeyDataPtrOutput) KeySpec added in v0.29.0 

func (o KeyDataPtrOutput) KeySpec() KeyDataKeySpecPtrOutput

The specifications for the key.

func (KeyDataPtrOutput) ToKeyDataPtrOutput added in v0.29.0 

func (o KeyDataPtrOutput) ToKeyDataPtrOutput() KeyDataPtrOutput

func (KeyDataPtrOutput) ToKeyDataPtrOutputWithContext added in v0.29.0 

func (o KeyDataPtrOutput) ToKeyDataPtrOutputWithContext(ctx context.Context) KeyDataPtrOutput

type KeyDataResponse added in v0.29.0 

type KeyDataResponse struct {
	// The format of the key.
	Format string `pulumi:"format"`
	// The key data. The format of the key is represented by the format field.
	Key string `pulumi:"key"`
	// The specifications for the key.
	KeySpec string `pulumi:"keySpec"`
	// Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate.
	NotAfterTime string `pulumi:"notAfterTime"`
	// Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate.
	NotBeforeTime string `pulumi:"notBeforeTime"`
}

Represents a public key data along with its format.

type KeyDataResponseOutput added in v0.29.0 

type KeyDataResponseOutput struct{ *pulumi.OutputState }

Represents a public key data along with its format.

func (KeyDataResponseOutput) ElementType added in v0.29.0 

func (KeyDataResponseOutput) ElementType() reflect.Type

func (KeyDataResponseOutput) Format added in v0.29.0 

func (o KeyDataResponseOutput) Format() pulumi.StringOutput

The format of the key.

func (KeyDataResponseOutput) Key added in v0.29.0 

func (o KeyDataResponseOutput) Key() pulumi.StringOutput

The key data. The format of the key is represented by the format field.

func (KeyDataResponseOutput) KeySpec added in v0.29.0 

func (o KeyDataResponseOutput) KeySpec() pulumi.StringOutput

The specifications for the key.

func (KeyDataResponseOutput) NotAfterTime added in v0.29.0 

func (o KeyDataResponseOutput) NotAfterTime() pulumi.StringOutput

Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate.

func (KeyDataResponseOutput) NotBeforeTime added in v0.29.0 

func (o KeyDataResponseOutput) NotBeforeTime() pulumi.StringOutput

Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate.

func (KeyDataResponseOutput) ToKeyDataResponseOutput added in v0.29.0 

func (o KeyDataResponseOutput) ToKeyDataResponseOutput() KeyDataResponseOutput

func (KeyDataResponseOutput) ToKeyDataResponseOutputWithContext added in v0.29.0 

func (o KeyDataResponseOutput) ToKeyDataResponseOutputWithContext(ctx context.Context) KeyDataResponseOutput

type KeyInput added in v0.3.0 

type KeyInput interface {
	pulumi.Input

	ToKeyOutput() KeyOutput
	ToKeyOutputWithContext(ctx context.Context) KeyOutput
}

type KeyKeyAlgorithm added in v0.4.0 

type KeyKeyAlgorithm string

Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.

func (KeyKeyAlgorithm) ElementType added in v0.4.0 

func (KeyKeyAlgorithm) ElementType() reflect.Type

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmOutput added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmOutput() KeyKeyAlgorithmOutput

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmOutputWithContext added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmOutputWithContext(ctx context.Context) KeyKeyAlgorithmOutput

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutput added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutputWithContext added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutputWithContext(ctx context.Context) KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithm) ToStringOutput added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringOutput() pulumi.StringOutput

func (KeyKeyAlgorithm) ToStringOutputWithContext added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyKeyAlgorithm) ToStringPtrOutput added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyKeyAlgorithm) ToStringPtrOutputWithContext added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyKeyAlgorithmInput added in v0.6.0 

type KeyKeyAlgorithmInput interface {
	pulumi.Input

	ToKeyKeyAlgorithmOutput() KeyKeyAlgorithmOutput
	ToKeyKeyAlgorithmOutputWithContext(context.Context) KeyKeyAlgorithmOutput
}

KeyKeyAlgorithmInput is an input type that accepts KeyKeyAlgorithmArgs and KeyKeyAlgorithmOutput values. You can construct a concrete instance of `KeyKeyAlgorithmInput` via: 

KeyKeyAlgorithmArgs{...}

type KeyKeyAlgorithmOutput added in v0.6.0 

type KeyKeyAlgorithmOutput struct{ *pulumi.OutputState }

func (KeyKeyAlgorithmOutput) ElementType added in v0.6.0 

func (KeyKeyAlgorithmOutput) ElementType() reflect.Type

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutput() KeyKeyAlgorithmOutput

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutputWithContext(ctx context.Context) KeyKeyAlgorithmOutput

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutputWithContext(ctx context.Context) KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmOutput) ToStringOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringOutput() pulumi.StringOutput

func (KeyKeyAlgorithmOutput) ToStringOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyKeyAlgorithmOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyKeyAlgorithmOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyKeyAlgorithmPtrInput added in v0.6.0 

type KeyKeyAlgorithmPtrInput interface {
	pulumi.Input

	ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput
	ToKeyKeyAlgorithmPtrOutputWithContext(context.Context) KeyKeyAlgorithmPtrOutput
}

func KeyKeyAlgorithmPtr added in v0.6.0 

func KeyKeyAlgorithmPtr(v string) KeyKeyAlgorithmPtrInput

type KeyKeyAlgorithmPtrOutput added in v0.6.0 

type KeyKeyAlgorithmPtrOutput struct{ *pulumi.OutputState }

func (KeyKeyAlgorithmPtrOutput) Elem added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) Elem() KeyKeyAlgorithmOutput

func (KeyKeyAlgorithmPtrOutput) ElementType added in v0.6.0 

func (KeyKeyAlgorithmPtrOutput) ElementType() reflect.Type

func (KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutputWithContext(ctx context.Context) KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyKeyAlgorithmPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyOutput added in v0.3.0 

type KeyOutput struct{ *pulumi.OutputState }

func (KeyOutput) Disabled added in v0.19.0 

func (o KeyOutput) Disabled() pulumi.BoolOutput

The key status.

func (KeyOutput) ElementType added in v0.3.0 

func (KeyOutput) ElementType() reflect.Type

func (KeyOutput) KeyAlgorithm added in v0.19.0 

func (o KeyOutput) KeyAlgorithm() pulumi.StringOutput

Specifies the algorithm (and possibly key size) for the key.

func (KeyOutput) KeyOrigin added in v0.19.0 

func (o KeyOutput) KeyOrigin() pulumi.StringOutput

The key origin.

func (KeyOutput) KeyType added in v0.19.0 

func (o KeyOutput) KeyType() pulumi.StringOutput

The key type.

func (KeyOutput) Name added in v0.19.0 

func (o KeyOutput) Name() pulumi.StringOutput

The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.

func (KeyOutput) PrivateKeyData added in v0.19.0 

func (o KeyOutput) PrivateKeyData() pulumi.StringOutput

The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.

func (KeyOutput) PrivateKeyType added in v0.19.0 

func (o KeyOutput) PrivateKeyType() pulumi.StringOutput

The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.

func (KeyOutput) Project added in v0.21.0 

func (o KeyOutput) Project() pulumi.StringOutput

func (KeyOutput) PublicKeyData added in v0.19.0 

func (o KeyOutput) PublicKeyData() pulumi.StringOutput

The public key data. Only provided in `GetServiceAccountKey` responses.

func (KeyOutput) ServiceAccountId added in v0.21.0 

func (o KeyOutput) ServiceAccountId() pulumi.StringOutput

func (KeyOutput) ToKeyOutput added in v0.3.0 

func (o KeyOutput) ToKeyOutput() KeyOutput

func (KeyOutput) ToKeyOutputWithContext added in v0.3.0 

func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput

func (KeyOutput) ValidAfterTime added in v0.19.0 

func (o KeyOutput) ValidAfterTime() pulumi.StringOutput

The key can be used after this timestamp.

func (KeyOutput) ValidBeforeTime added in v0.19.0 

func (o KeyOutput) ValidBeforeTime() pulumi.StringOutput

The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

type KeyPrivateKeyType added in v0.4.0 

type KeyPrivateKeyType string

The output format of the private key. The default value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format.

func (KeyPrivateKeyType) ElementType added in v0.4.0 

func (KeyPrivateKeyType) ElementType() reflect.Type

func (KeyPrivateKeyType) ToKeyPrivateKeyTypeOutput added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypeOutput() KeyPrivateKeyTypeOutput

func (KeyPrivateKeyType) ToKeyPrivateKeyTypeOutputWithContext added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypeOutputWithContext(ctx context.Context) KeyPrivateKeyTypeOutput

func (KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutput added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutputWithContext added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutputWithContext(ctx context.Context) KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyType) ToStringOutput added in v0.4.0 

func (e KeyPrivateKeyType) ToStringOutput() pulumi.StringOutput

func (KeyPrivateKeyType) ToStringOutputWithContext added in v0.4.0 

func (e KeyPrivateKeyType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyPrivateKeyType) ToStringPtrOutput added in v0.4.0 

func (e KeyPrivateKeyType) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyPrivateKeyType) ToStringPtrOutputWithContext added in v0.4.0 

func (e KeyPrivateKeyType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyPrivateKeyTypeInput added in v0.6.0 

type KeyPrivateKeyTypeInput interface {
	pulumi.Input

	ToKeyPrivateKeyTypeOutput() KeyPrivateKeyTypeOutput
	ToKeyPrivateKeyTypeOutputWithContext(context.Context) KeyPrivateKeyTypeOutput
}

KeyPrivateKeyTypeInput is an input type that accepts KeyPrivateKeyTypeArgs and KeyPrivateKeyTypeOutput values. You can construct a concrete instance of `KeyPrivateKeyTypeInput` via: 

KeyPrivateKeyTypeArgs{...}

type KeyPrivateKeyTypeOutput added in v0.6.0 

type KeyPrivateKeyTypeOutput struct{ *pulumi.OutputState }

func (KeyPrivateKeyTypeOutput) ElementType added in v0.6.0 

func (KeyPrivateKeyTypeOutput) ElementType() reflect.Type

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutput() KeyPrivateKeyTypeOutput

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutputWithContext(ctx context.Context) KeyPrivateKeyTypeOutput

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutputWithContext(ctx context.Context) KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypeOutput) ToStringOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringOutput() pulumi.StringOutput

func (KeyPrivateKeyTypeOutput) ToStringOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyPrivateKeyTypeOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyPrivateKeyTypeOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyPrivateKeyTypePtrInput added in v0.6.0 

type KeyPrivateKeyTypePtrInput interface {
	pulumi.Input

	ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput
	ToKeyPrivateKeyTypePtrOutputWithContext(context.Context) KeyPrivateKeyTypePtrOutput
}

func KeyPrivateKeyTypePtr added in v0.6.0 

func KeyPrivateKeyTypePtr(v string) KeyPrivateKeyTypePtrInput

type KeyPrivateKeyTypePtrOutput added in v0.6.0 

type KeyPrivateKeyTypePtrOutput struct{ *pulumi.OutputState }

func (KeyPrivateKeyTypePtrOutput) Elem added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) Elem() KeyPrivateKeyTypeOutput

func (KeyPrivateKeyTypePtrOutput) ElementType added in v0.6.0 

func (KeyPrivateKeyTypePtrOutput) ElementType() reflect.Type

func (KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutputWithContext(ctx context.Context) KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyPrivateKeyTypePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyState added in v0.3.0 

type KeyState struct {
}

func (KeyState) ElementType added in v0.3.0 

func (KeyState) ElementType() reflect.Type

type LookupKeyArgs added in v0.4.0 

type LookupKeyArgs struct {
	KeyId            string  `pulumi:"keyId"`
	Project          *string `pulumi:"project"`
	PublicKeyType    *string `pulumi:"publicKeyType"`
	ServiceAccountId string  `pulumi:"serviceAccountId"`
}

type LookupKeyOutputArgs added in v0.8.0 

type LookupKeyOutputArgs struct {
	KeyId            pulumi.StringInput    `pulumi:"keyId"`
	Project          pulumi.StringPtrInput `pulumi:"project"`
	PublicKeyType    pulumi.StringPtrInput `pulumi:"publicKeyType"`
	ServiceAccountId pulumi.StringInput    `pulumi:"serviceAccountId"`
}

func (LookupKeyOutputArgs) ElementType added in v0.8.0 

func (LookupKeyOutputArgs) ElementType() reflect.Type

type LookupKeyResult added in v0.4.0 

type LookupKeyResult struct {
	// The key status.
	Disabled bool `pulumi:"disabled"`
	// Specifies the algorithm (and possibly key size) for the key.
	KeyAlgorithm string `pulumi:"keyAlgorithm"`
	// The key origin.
	KeyOrigin string `pulumi:"keyOrigin"`
	// The key type.
	KeyType string `pulumi:"keyType"`
	// The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	Name string `pulumi:"name"`
	// The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
	PrivateKeyData string `pulumi:"privateKeyData"`
	// The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
	PrivateKeyType string `pulumi:"privateKeyType"`
	// The public key data. Only provided in `GetServiceAccountKey` responses.
	PublicKeyData string `pulumi:"publicKeyData"`
	// The key can be used after this timestamp.
	ValidAfterTime string `pulumi:"validAfterTime"`
	// The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.
	ValidBeforeTime string `pulumi:"validBeforeTime"`
}

func LookupKey added in v0.4.0 

func LookupKey(ctx *pulumi.Context, args *LookupKeyArgs, opts ...pulumi.InvokeOption) (*LookupKeyResult, error)

Gets a ServiceAccountKey.

type LookupKeyResultOutput added in v0.8.0 

type LookupKeyResultOutput struct{ *pulumi.OutputState }

func LookupKeyOutput added in v0.8.0 

func LookupKeyOutput(ctx *pulumi.Context, args LookupKeyOutputArgs, opts ...pulumi.InvokeOption) LookupKeyResultOutput

func (LookupKeyResultOutput) Disabled added in v0.8.0 

func (o LookupKeyResultOutput) Disabled() pulumi.BoolOutput

The key status.

func (LookupKeyResultOutput) ElementType added in v0.8.0 

func (LookupKeyResultOutput) ElementType() reflect.Type

func (LookupKeyResultOutput) KeyAlgorithm added in v0.8.0 

func (o LookupKeyResultOutput) KeyAlgorithm() pulumi.StringOutput

Specifies the algorithm (and possibly key size) for the key.

func (LookupKeyResultOutput) KeyOrigin added in v0.8.0 

func (o LookupKeyResultOutput) KeyOrigin() pulumi.StringOutput

The key origin.

func (LookupKeyResultOutput) KeyType added in v0.8.0 

func (o LookupKeyResultOutput) KeyType() pulumi.StringOutput

The key type.

func (LookupKeyResultOutput) Name added in v0.8.0 

func (o LookupKeyResultOutput) Name() pulumi.StringOutput

The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.

func (LookupKeyResultOutput) PrivateKeyData added in v0.8.0 

func (o LookupKeyResultOutput) PrivateKeyData() pulumi.StringOutput

The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.

func (LookupKeyResultOutput) PrivateKeyType added in v0.8.0 

func (o LookupKeyResultOutput) PrivateKeyType() pulumi.StringOutput

The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.

func (LookupKeyResultOutput) PublicKeyData added in v0.8.0 

func (o LookupKeyResultOutput) PublicKeyData() pulumi.StringOutput

The public key data. Only provided in `GetServiceAccountKey` responses.

func (LookupKeyResultOutput) ToLookupKeyResultOutput added in v0.8.0 

func (o LookupKeyResultOutput) ToLookupKeyResultOutput() LookupKeyResultOutput

func (LookupKeyResultOutput) ToLookupKeyResultOutputWithContext added in v0.8.0 

func (o LookupKeyResultOutput) ToLookupKeyResultOutputWithContext(ctx context.Context) LookupKeyResultOutput

func (LookupKeyResultOutput) ValidAfterTime added in v0.8.0 

func (o LookupKeyResultOutput) ValidAfterTime() pulumi.StringOutput

The key can be used after this timestamp.

func (LookupKeyResultOutput) ValidBeforeTime added in v0.8.0 

func (o LookupKeyResultOutput) ValidBeforeTime() pulumi.StringOutput

The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

type LookupOrganizationRoleArgs added in v0.4.0 

type LookupOrganizationRoleArgs struct {
	OrganizationId string `pulumi:"organizationId"`
	RoleId         string `pulumi:"roleId"`
}

type LookupOrganizationRoleOutputArgs added in v0.8.0 

type LookupOrganizationRoleOutputArgs struct {
	OrganizationId pulumi.StringInput `pulumi:"organizationId"`
	RoleId         pulumi.StringInput `pulumi:"roleId"`
}

func (LookupOrganizationRoleOutputArgs) ElementType added in v0.8.0 

func (LookupOrganizationRoleOutputArgs) ElementType() reflect.Type

type LookupOrganizationRoleResult added in v0.4.0 

type LookupOrganizationRoleResult struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted bool `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description string `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag string `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions []string `pulumi:"includedPermissions"`
	// The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.
	Name string `pulumi:"name"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage string `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title string `pulumi:"title"`
}

func LookupOrganizationRole added in v0.4.0 

func LookupOrganizationRole(ctx *pulumi.Context, args *LookupOrganizationRoleArgs, opts ...pulumi.InvokeOption) (*LookupOrganizationRoleResult, error)

Gets the definition of a Role.

type LookupOrganizationRoleResultOutput added in v0.8.0 

type LookupOrganizationRoleResultOutput struct{ *pulumi.OutputState }

func LookupOrganizationRoleOutput added in v0.8.0 

func LookupOrganizationRoleOutput(ctx *pulumi.Context, args LookupOrganizationRoleOutputArgs, opts ...pulumi.InvokeOption) LookupOrganizationRoleResultOutput

func (LookupOrganizationRoleResultOutput) Deleted added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (LookupOrganizationRoleResultOutput) Description added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (LookupOrganizationRoleResultOutput) ElementType added in v0.8.0 

func (LookupOrganizationRoleResultOutput) ElementType() reflect.Type

func (LookupOrganizationRoleResultOutput) Etag added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (LookupOrganizationRoleResultOutput) IncludedPermissions added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (LookupOrganizationRoleResultOutput) Name added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Name() pulumi.StringOutput

The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.

func (LookupOrganizationRoleResultOutput) Stage added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (LookupOrganizationRoleResultOutput) Title added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutput added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutput() LookupOrganizationRoleResultOutput

func (LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutputWithContext added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutputWithContext(ctx context.Context) LookupOrganizationRoleResultOutput

type LookupProviderArgs added in v0.4.0 

type LookupProviderArgs struct {
	Location               string  `pulumi:"location"`
	Project                *string `pulumi:"project"`
	ProviderId             string  `pulumi:"providerId"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

type LookupProviderOutputArgs added in v0.8.0 

type LookupProviderOutputArgs struct {
	Location               pulumi.StringInput    `pulumi:"location"`
	Project                pulumi.StringPtrInput `pulumi:"project"`
	ProviderId             pulumi.StringInput    `pulumi:"providerId"`
	WorkloadIdentityPoolId pulumi.StringInput    `pulumi:"workloadIdentityPoolId"`
}

func (LookupProviderOutputArgs) ElementType added in v0.8.0 

func (LookupProviderOutputArgs) ElementType() reflect.Type

type LookupProviderResult added in v0.4.0 

type LookupProviderResult struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition string `pulumi:"attributeCondition"`
	//  Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: “`{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }“` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping map[string]string `pulumi:"attributeMapping"`
	// An Amazon Web Services identity provider.
	Aws AwsResponse `pulumi:"aws"`
	// A description for the provider. Cannot exceed 256 characters.
	Description string `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled bool `pulumi:"disabled"`
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName string `pulumi:"displayName"`
	// Time after which the workload identity pool provider will be permanently purged and cannot be recovered.
	ExpireTime string `pulumi:"expireTime"`
	// The resource name of the provider.
	Name string `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider.
	Oidc OidcResponse `pulumi:"oidc"`
	// An SAML 2.0 identity provider.
	Saml SamlResponse `pulumi:"saml"`
	// The state of the provider.
	State string `pulumi:"state"`
}

func LookupProvider added in v0.4.0 

func LookupProvider(ctx *pulumi.Context, args *LookupProviderArgs, opts ...pulumi.InvokeOption) (*LookupProviderResult, error)

Gets an individual WorkloadIdentityPoolProvider.

type LookupProviderResultOutput added in v0.8.0 

type LookupProviderResultOutput struct{ *pulumi.OutputState }

func LookupProviderOutput added in v0.8.0 

func LookupProviderOutput(ctx *pulumi.Context, args LookupProviderOutputArgs, opts ...pulumi.InvokeOption) LookupProviderResultOutput

func (LookupProviderResultOutput) AttributeCondition added in v0.8.0 

func (o LookupProviderResultOutput) AttributeCondition() pulumi.StringOutput

[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ```"'admins' in google.groups"```

func (LookupProviderResultOutput) AttributeMapping added in v0.8.0 

func (o LookupProviderResultOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: ```{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }``` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ```{"google.subject": "assertion.sub"}```

func (LookupProviderResultOutput) Aws added in v0.8.0 

func (o LookupProviderResultOutput) Aws() AwsResponseOutput

An Amazon Web Services identity provider.

func (LookupProviderResultOutput) Description added in v0.8.0 

func (o LookupProviderResultOutput) Description() pulumi.StringOutput

A description for the provider. Cannot exceed 256 characters.

func (LookupProviderResultOutput) Disabled added in v0.8.0 

func (o LookupProviderResultOutput) Disabled() pulumi.BoolOutput

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (LookupProviderResultOutput) DisplayName added in v0.8.0 

func (o LookupProviderResultOutput) DisplayName() pulumi.StringOutput

A display name for the provider. Cannot exceed 32 characters.

func (LookupProviderResultOutput) ElementType added in v0.8.0 

func (LookupProviderResultOutput) ElementType() reflect.Type

func (LookupProviderResultOutput) ExpireTime added in v0.32.0 

func (o LookupProviderResultOutput) ExpireTime() pulumi.StringOutput

Time after which the workload identity pool provider will be permanently purged and cannot be recovered.

func (LookupProviderResultOutput) Name added in v0.8.0 

func (o LookupProviderResultOutput) Name() pulumi.StringOutput

The resource name of the provider.

func (LookupProviderResultOutput) Oidc added in v0.8.0 

func (o LookupProviderResultOutput) Oidc() OidcResponseOutput

An OpenId Connect 1.0 identity provider.

func (LookupProviderResultOutput) Saml added in v0.19.0 

func (o LookupProviderResultOutput) Saml() SamlResponseOutput

An SAML 2.0 identity provider.

func (LookupProviderResultOutput) State added in v0.8.0 

func (o LookupProviderResultOutput) State() pulumi.StringOutput

The state of the provider.

func (LookupProviderResultOutput) ToLookupProviderResultOutput added in v0.8.0 

func (o LookupProviderResultOutput) ToLookupProviderResultOutput() LookupProviderResultOutput

func (LookupProviderResultOutput) ToLookupProviderResultOutputWithContext added in v0.8.0 

func (o LookupProviderResultOutput) ToLookupProviderResultOutputWithContext(ctx context.Context) LookupProviderResultOutput

type LookupRoleArgs added in v0.4.0 

type LookupRoleArgs struct {
	Project *string `pulumi:"project"`
	RoleId  string  `pulumi:"roleId"`
}

type LookupRoleOutputArgs added in v0.8.0 

type LookupRoleOutputArgs struct {
	Project pulumi.StringPtrInput `pulumi:"project"`
	RoleId  pulumi.StringInput    `pulumi:"roleId"`
}

func (LookupRoleOutputArgs) ElementType added in v0.8.0 

func (LookupRoleOutputArgs) ElementType() reflect.Type

type LookupRoleResult added in v0.4.0 

type LookupRoleResult struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted bool `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description string `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag string `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions []string `pulumi:"includedPermissions"`
	// The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.
	Name string `pulumi:"name"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage string `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title string `pulumi:"title"`
}

func LookupRole added in v0.4.0 

func LookupRole(ctx *pulumi.Context, args *LookupRoleArgs, opts ...pulumi.InvokeOption) (*LookupRoleResult, error)

Gets the definition of a Role.

type LookupRoleResultOutput added in v0.8.0 

type LookupRoleResultOutput struct{ *pulumi.OutputState }

func LookupRoleOutput added in v0.8.0 

func LookupRoleOutput(ctx *pulumi.Context, args LookupRoleOutputArgs, opts ...pulumi.InvokeOption) LookupRoleResultOutput

func (LookupRoleResultOutput) Deleted added in v0.8.0 

func (o LookupRoleResultOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (LookupRoleResultOutput) Description added in v0.8.0 

func (o LookupRoleResultOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (LookupRoleResultOutput) ElementType added in v0.8.0 

func (LookupRoleResultOutput) ElementType() reflect.Type

func (LookupRoleResultOutput) Etag added in v0.8.0 

func (o LookupRoleResultOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (LookupRoleResultOutput) IncludedPermissions added in v0.8.0 

func (o LookupRoleResultOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (LookupRoleResultOutput) Name added in v0.8.0 

func (o LookupRoleResultOutput) Name() pulumi.StringOutput

The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.

func (LookupRoleResultOutput) Stage added in v0.8.0 

func (o LookupRoleResultOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (LookupRoleResultOutput) Title added in v0.8.0 

func (o LookupRoleResultOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (LookupRoleResultOutput) ToLookupRoleResultOutput added in v0.8.0 

func (o LookupRoleResultOutput) ToLookupRoleResultOutput() LookupRoleResultOutput

func (LookupRoleResultOutput) ToLookupRoleResultOutputWithContext added in v0.8.0 

func (o LookupRoleResultOutput) ToLookupRoleResultOutputWithContext(ctx context.Context) LookupRoleResultOutput

type LookupServiceAccountArgs added in v0.4.0 

type LookupServiceAccountArgs struct {
	Project          *string `pulumi:"project"`
	ServiceAccountId string  `pulumi:"serviceAccountId"`
}

type LookupServiceAccountIamPolicyArgs added in v0.4.0 

type LookupServiceAccountIamPolicyArgs struct {
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
	ServiceAccountId              string  `pulumi:"serviceAccountId"`
}

type LookupServiceAccountIamPolicyOutputArgs added in v0.8.0 

type LookupServiceAccountIamPolicyOutputArgs struct {
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
	ServiceAccountId              pulumi.StringInput    `pulumi:"serviceAccountId"`
}

func (LookupServiceAccountIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupServiceAccountIamPolicyOutputArgs) ElementType() reflect.Type

type LookupServiceAccountIamPolicyResult added in v0.4.0 

type LookupServiceAccountIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupServiceAccountIamPolicy added in v0.4.0 

func LookupServiceAccountIamPolicy(ctx *pulumi.Context, args *LookupServiceAccountIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupServiceAccountIamPolicyResult, error)

Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy) method.

type LookupServiceAccountIamPolicyResultOutput added in v0.8.0 

type LookupServiceAccountIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupServiceAccountIamPolicyOutput added in v0.8.0 

func LookupServiceAccountIamPolicyOutput(ctx *pulumi.Context, args LookupServiceAccountIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupServiceAccountIamPolicyResultOutput

func (LookupServiceAccountIamPolicyResultOutput) AuditConfigs added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupServiceAccountIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupServiceAccountIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupServiceAccountIamPolicyResultOutput) ElementType() reflect.Type

func (LookupServiceAccountIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutput added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutput() LookupServiceAccountIamPolicyResultOutput

func (LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutputWithContext(ctx context.Context) LookupServiceAccountIamPolicyResultOutput

func (LookupServiceAccountIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupServiceAccountOutputArgs added in v0.8.0 

type LookupServiceAccountOutputArgs struct {
	Project          pulumi.StringPtrInput `pulumi:"project"`
	ServiceAccountId pulumi.StringInput    `pulumi:"serviceAccountId"`
}

func (LookupServiceAccountOutputArgs) ElementType added in v0.8.0 

func (LookupServiceAccountOutputArgs) ElementType() reflect.Type

type LookupServiceAccountResult added in v0.4.0 

type LookupServiceAccountResult struct {
	// Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.
	Description string `pulumi:"description"`
	// Whether the service account is disabled.
	Disabled bool `pulumi:"disabled"`
	// Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.
	DisplayName string `pulumi:"displayName"`
	// The email address of the service account.
	Email string `pulumi:"email"`
	// Deprecated. Do not use.
	//
	// Deprecated: Deprecated. Do not use.
	Etag string `pulumi:"etag"`
	// The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
	Name string `pulumi:"name"`
	// The OAuth 2.0 client ID for the service account.
	Oauth2ClientId string `pulumi:"oauth2ClientId"`
	// The ID of the project that owns the service account.
	Project string `pulumi:"project"`
	// The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.
	UniqueId string `pulumi:"uniqueId"`
}

func LookupServiceAccount added in v0.4.0 

func LookupServiceAccount(ctx *pulumi.Context, args *LookupServiceAccountArgs, opts ...pulumi.InvokeOption) (*LookupServiceAccountResult, error)

Gets a ServiceAccount.

type LookupServiceAccountResultOutput added in v0.8.0 

type LookupServiceAccountResultOutput struct{ *pulumi.OutputState }

func LookupServiceAccountOutput added in v0.8.0 

func LookupServiceAccountOutput(ctx *pulumi.Context, args LookupServiceAccountOutputArgs, opts ...pulumi.InvokeOption) LookupServiceAccountResultOutput

func (LookupServiceAccountResultOutput) Description added in v0.8.0 

func (o LookupServiceAccountResultOutput) Description() pulumi.StringOutput

Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.

func (LookupServiceAccountResultOutput) Disabled added in v0.8.0 

func (o LookupServiceAccountResultOutput) Disabled() pulumi.BoolOutput

Whether the service account is disabled.

func (LookupServiceAccountResultOutput) DisplayName added in v0.8.0 

func (o LookupServiceAccountResultOutput) DisplayName() pulumi.StringOutput

Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.

func (LookupServiceAccountResultOutput) ElementType added in v0.8.0 

func (LookupServiceAccountResultOutput) ElementType() reflect.Type

func (LookupServiceAccountResultOutput) Email added in v0.8.0 

func (o LookupServiceAccountResultOutput) Email() pulumi.StringOutput

The email address of the service account.

func (LookupServiceAccountResultOutput) Etag deprecated added in v0.17.0 

func (o LookupServiceAccountResultOutput) Etag() pulumi.StringOutput

Deprecated. Do not use.

Deprecated: Deprecated. Do not use.

func (LookupServiceAccountResultOutput) Name added in v0.8.0 

func (o LookupServiceAccountResultOutput) Name() pulumi.StringOutput

The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.

func (LookupServiceAccountResultOutput) Oauth2ClientId added in v0.8.0 

func (o LookupServiceAccountResultOutput) Oauth2ClientId() pulumi.StringOutput

The OAuth 2.0 client ID for the service account.

func (LookupServiceAccountResultOutput) Project added in v0.8.0 

func (o LookupServiceAccountResultOutput) Project() pulumi.StringOutput

The ID of the project that owns the service account.

func (LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutput added in v0.8.0 

func (o LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutput() LookupServiceAccountResultOutput

func (LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutputWithContext added in v0.8.0 

func (o LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutputWithContext(ctx context.Context) LookupServiceAccountResultOutput

func (LookupServiceAccountResultOutput) UniqueId added in v0.8.0 

func (o LookupServiceAccountResultOutput) UniqueId() pulumi.StringOutput

The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.

type LookupWorkforcePoolArgs added in v0.29.0 

type LookupWorkforcePoolArgs struct {
	Location        string `pulumi:"location"`
	WorkforcePoolId string `pulumi:"workforcePoolId"`
}

type LookupWorkforcePoolIamPolicyArgs added in v0.29.0 

type LookupWorkforcePoolIamPolicyArgs struct {
	Location        string `pulumi:"location"`
	WorkforcePoolId string `pulumi:"workforcePoolId"`
}

type LookupWorkforcePoolIamPolicyOutputArgs added in v0.29.0 

type LookupWorkforcePoolIamPolicyOutputArgs struct {
	Location        pulumi.StringInput `pulumi:"location"`
	WorkforcePoolId pulumi.StringInput `pulumi:"workforcePoolId"`
}

func (LookupWorkforcePoolIamPolicyOutputArgs) ElementType added in v0.29.0 

func (LookupWorkforcePoolIamPolicyOutputArgs) ElementType() reflect.Type

type LookupWorkforcePoolIamPolicyResult added in v0.29.0 

type LookupWorkforcePoolIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupWorkforcePoolIamPolicy added in v0.29.0 

func LookupWorkforcePoolIamPolicy(ctx *pulumi.Context, args *LookupWorkforcePoolIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupWorkforcePoolIamPolicyResult, error)

Gets IAM policies on a WorkforcePool.

type LookupWorkforcePoolIamPolicyResultOutput added in v0.29.0 

type LookupWorkforcePoolIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupWorkforcePoolIamPolicyOutput added in v0.29.0 

func LookupWorkforcePoolIamPolicyOutput(ctx *pulumi.Context, args LookupWorkforcePoolIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupWorkforcePoolIamPolicyResultOutput

func (LookupWorkforcePoolIamPolicyResultOutput) AuditConfigs added in v0.29.0 

func (o LookupWorkforcePoolIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupWorkforcePoolIamPolicyResultOutput) Bindings added in v0.29.0 

func (o LookupWorkforcePoolIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupWorkforcePoolIamPolicyResultOutput) ElementType added in v0.29.0 

func (LookupWorkforcePoolIamPolicyResultOutput) ElementType() reflect.Type

func (LookupWorkforcePoolIamPolicyResultOutput) Etag added in v0.29.0 

func (o LookupWorkforcePoolIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupWorkforcePoolIamPolicyResultOutput) ToLookupWorkforcePoolIamPolicyResultOutput added in v0.29.0 

func (o LookupWorkforcePoolIamPolicyResultOutput) ToLookupWorkforcePoolIamPolicyResultOutput() LookupWorkforcePoolIamPolicyResultOutput

func (LookupWorkforcePoolIamPolicyResultOutput) ToLookupWorkforcePoolIamPolicyResultOutputWithContext added in v0.29.0 

func (o LookupWorkforcePoolIamPolicyResultOutput) ToLookupWorkforcePoolIamPolicyResultOutputWithContext(ctx context.Context) LookupWorkforcePoolIamPolicyResultOutput

func (LookupWorkforcePoolIamPolicyResultOutput) Version added in v0.29.0 

func (o LookupWorkforcePoolIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupWorkforcePoolKeyArgs added in v0.29.0 

type LookupWorkforcePoolKeyArgs struct {
	KeyId           string `pulumi:"keyId"`
	Location        string `pulumi:"location"`
	ProviderId      string `pulumi:"providerId"`
	WorkforcePoolId string `pulumi:"workforcePoolId"`
}

type LookupWorkforcePoolKeyOutputArgs added in v0.29.0 

type LookupWorkforcePoolKeyOutputArgs struct {
	KeyId           pulumi.StringInput `pulumi:"keyId"`
	Location        pulumi.StringInput `pulumi:"location"`
	ProviderId      pulumi.StringInput `pulumi:"providerId"`
	WorkforcePoolId pulumi.StringInput `pulumi:"workforcePoolId"`
}

func (LookupWorkforcePoolKeyOutputArgs) ElementType added in v0.29.0 

func (LookupWorkforcePoolKeyOutputArgs) ElementType() reflect.Type

type LookupWorkforcePoolKeyResult added in v0.29.0 

type LookupWorkforcePoolKeyResult struct {
	// The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
	ExpireTime string `pulumi:"expireTime"`
	// Immutable. Public half of the asymmetric key.
	KeyData KeyDataResponse `pulumi:"keyData"`
	// The resource name of the key.
	Name string `pulumi:"name"`
	// The state of the key.
	State string `pulumi:"state"`
	// The purpose of the key.
	Use string `pulumi:"use"`
}

func LookupWorkforcePoolKey added in v0.29.0 

func LookupWorkforcePoolKey(ctx *pulumi.Context, args *LookupWorkforcePoolKeyArgs, opts ...pulumi.InvokeOption) (*LookupWorkforcePoolKeyResult, error)

Gets a WorkforcePoolProviderKey.

type LookupWorkforcePoolKeyResultOutput added in v0.29.0 

type LookupWorkforcePoolKeyResultOutput struct{ *pulumi.OutputState }

func LookupWorkforcePoolKeyOutput added in v0.29.0 

func LookupWorkforcePoolKeyOutput(ctx *pulumi.Context, args LookupWorkforcePoolKeyOutputArgs, opts ...pulumi.InvokeOption) LookupWorkforcePoolKeyResultOutput

func (LookupWorkforcePoolKeyResultOutput) ElementType added in v0.29.0 

func (LookupWorkforcePoolKeyResultOutput) ElementType() reflect.Type

func (LookupWorkforcePoolKeyResultOutput) ExpireTime added in v0.29.0 

func (o LookupWorkforcePoolKeyResultOutput) ExpireTime() pulumi.StringOutput

The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.

func (LookupWorkforcePoolKeyResultOutput) KeyData added in v0.29.0 

func (o LookupWorkforcePoolKeyResultOutput) KeyData() KeyDataResponseOutput

Immutable. Public half of the asymmetric key.

func (LookupWorkforcePoolKeyResultOutput) Name added in v0.29.0 

func (o LookupWorkforcePoolKeyResultOutput) Name() pulumi.StringOutput

The resource name of the key.

func (LookupWorkforcePoolKeyResultOutput) State added in v0.29.0 

func (o LookupWorkforcePoolKeyResultOutput) State() pulumi.StringOutput

The state of the key.

func (LookupWorkforcePoolKeyResultOutput) ToLookupWorkforcePoolKeyResultOutput added in v0.29.0 

func (o LookupWorkforcePoolKeyResultOutput) ToLookupWorkforcePoolKeyResultOutput() LookupWorkforcePoolKeyResultOutput

func (LookupWorkforcePoolKeyResultOutput) ToLookupWorkforcePoolKeyResultOutputWithContext added in v0.29.0 

func (o LookupWorkforcePoolKeyResultOutput) ToLookupWorkforcePoolKeyResultOutputWithContext(ctx context.Context) LookupWorkforcePoolKeyResultOutput

func (LookupWorkforcePoolKeyResultOutput) Use added in v0.29.0 

func (o LookupWorkforcePoolKeyResultOutput) Use() pulumi.StringOutput

The purpose of the key.

type LookupWorkforcePoolOutputArgs added in v0.29.0 

type LookupWorkforcePoolOutputArgs struct {
	Location        pulumi.StringInput `pulumi:"location"`
	WorkforcePoolId pulumi.StringInput `pulumi:"workforcePoolId"`
}

func (LookupWorkforcePoolOutputArgs) ElementType added in v0.29.0 

func (LookupWorkforcePoolOutputArgs) ElementType() reflect.Type

type LookupWorkforcePoolProviderArgs added in v0.29.0 

type LookupWorkforcePoolProviderArgs struct {
	Location        string `pulumi:"location"`
	ProviderId      string `pulumi:"providerId"`
	WorkforcePoolId string `pulumi:"workforcePoolId"`
}

type LookupWorkforcePoolProviderOutputArgs added in v0.29.0 

type LookupWorkforcePoolProviderOutputArgs struct {
	Location        pulumi.StringInput `pulumi:"location"`
	ProviderId      pulumi.StringInput `pulumi:"providerId"`
	WorkforcePoolId pulumi.StringInput `pulumi:"workforcePoolId"`
}

func (LookupWorkforcePoolProviderOutputArgs) ElementType added in v0.29.0 

func (LookupWorkforcePoolProviderOutputArgs) ElementType() reflect.Type

type LookupWorkforcePoolProviderResult added in v0.29.0 

type LookupWorkforcePoolProviderResult struct {
	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. `google.profile_photo` and `google.display_name` are not supported. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credentials will be accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition string `pulumi:"attributeCondition"`
	// Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/locations/global/workforcePools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 4KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping map[string]string `pulumi:"attributeMapping"`
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description string `pulumi:"description"`
	// Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled bool `pulumi:"disabled"`
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName string `pulumi:"displayName"`
	// Time after which the workload pool provider will be permanently purged and cannot be recovered.
	ExpireTime string `pulumi:"expireTime"`
	// The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`
	Name string `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider configuration.
	Oidc GoogleIamAdminV1WorkforcePoolProviderOidcResponse `pulumi:"oidc"`
	// A SAML identity provider configuration.
	Saml GoogleIamAdminV1WorkforcePoolProviderSamlResponse `pulumi:"saml"`
	// The state of the provider.
	State string `pulumi:"state"`
}

func LookupWorkforcePoolProvider added in v0.29.0 

func LookupWorkforcePoolProvider(ctx *pulumi.Context, args *LookupWorkforcePoolProviderArgs, opts ...pulumi.InvokeOption) (*LookupWorkforcePoolProviderResult, error)

Gets an individual WorkforcePoolProvider.

type LookupWorkforcePoolProviderResultOutput added in v0.29.0 

type LookupWorkforcePoolProviderResultOutput struct{ *pulumi.OutputState }

func LookupWorkforcePoolProviderOutput added in v0.29.0 

func LookupWorkforcePoolProviderOutput(ctx *pulumi.Context, args LookupWorkforcePoolProviderOutputArgs, opts ...pulumi.InvokeOption) LookupWorkforcePoolProviderResultOutput

func (LookupWorkforcePoolProviderResultOutput) AttributeCondition added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) AttributeCondition() pulumi.StringOutput

A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. `google.profile_photo` and `google.display_name` are not supported. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credentials will be accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ```"'admins' in google.groups"```

func (LookupWorkforcePoolProviderResultOutput) AttributeMapping added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/locations/global/workforcePools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 4KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ```{"google.subject": "assertion.sub"}```

func (LookupWorkforcePoolProviderResultOutput) Description added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) Description() pulumi.StringOutput

A user-specified description of the provider. Cannot exceed 256 characters.

func (LookupWorkforcePoolProviderResultOutput) Disabled added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) Disabled() pulumi.BoolOutput

Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (LookupWorkforcePoolProviderResultOutput) DisplayName added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) DisplayName() pulumi.StringOutput

A user-specified display name for the provider. Cannot exceed 32 characters.

func (LookupWorkforcePoolProviderResultOutput) ElementType added in v0.29.0 

func (LookupWorkforcePoolProviderResultOutput) ElementType() reflect.Type

func (LookupWorkforcePoolProviderResultOutput) ExpireTime added in v0.32.0 

func (o LookupWorkforcePoolProviderResultOutput) ExpireTime() pulumi.StringOutput

Time after which the workload pool provider will be permanently purged and cannot be recovered.

func (LookupWorkforcePoolProviderResultOutput) Name added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) Name() pulumi.StringOutput

The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`

func (LookupWorkforcePoolProviderResultOutput) Oidc added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) Oidc() GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput

An OpenId Connect 1.0 identity provider configuration.

func (LookupWorkforcePoolProviderResultOutput) Saml added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) Saml() GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput

A SAML identity provider configuration.

func (LookupWorkforcePoolProviderResultOutput) State added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) State() pulumi.StringOutput

The state of the provider.

func (LookupWorkforcePoolProviderResultOutput) ToLookupWorkforcePoolProviderResultOutput added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) ToLookupWorkforcePoolProviderResultOutput() LookupWorkforcePoolProviderResultOutput

func (LookupWorkforcePoolProviderResultOutput) ToLookupWorkforcePoolProviderResultOutputWithContext added in v0.29.0 

func (o LookupWorkforcePoolProviderResultOutput) ToLookupWorkforcePoolProviderResultOutputWithContext(ctx context.Context) LookupWorkforcePoolProviderResultOutput

type LookupWorkforcePoolResult added in v0.29.0 

type LookupWorkforcePoolResult struct {
	// Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	AccessRestrictions AccessRestrictionsResponse `pulumi:"accessRestrictions"`
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description string `pulumi:"description"`
	// Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled bool `pulumi:"disabled"`
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName string `pulumi:"displayName"`
	// Time after which the workforce pool will be permanently purged and cannot be recovered.
	ExpireTime string `pulumi:"expireTime"`
	// The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`
	Name string `pulumi:"name"`
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	Parent string `pulumi:"parent"`
	// Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration` is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in the SAML assertion.
	SessionDuration string `pulumi:"sessionDuration"`
	// The state of the pool.
	State string `pulumi:"state"`
}

func LookupWorkforcePool added in v0.29.0 

func LookupWorkforcePool(ctx *pulumi.Context, args *LookupWorkforcePoolArgs, opts ...pulumi.InvokeOption) (*LookupWorkforcePoolResult, error)

Gets an individual WorkforcePool.

type LookupWorkforcePoolResultOutput added in v0.29.0 

type LookupWorkforcePoolResultOutput struct{ *pulumi.OutputState }

func LookupWorkforcePoolOutput added in v0.29.0 

func LookupWorkforcePoolOutput(ctx *pulumi.Context, args LookupWorkforcePoolOutputArgs, opts ...pulumi.InvokeOption) LookupWorkforcePoolResultOutput

func (LookupWorkforcePoolResultOutput) AccessRestrictions added in v0.32.0 

func (o LookupWorkforcePoolResultOutput) AccessRestrictions() AccessRestrictionsResponseOutput

Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.

func (LookupWorkforcePoolResultOutput) Description added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) Description() pulumi.StringOutput

A user-specified description of the pool. Cannot exceed 256 characters.

func (LookupWorkforcePoolResultOutput) Disabled added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) Disabled() pulumi.BoolOutput

Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (LookupWorkforcePoolResultOutput) DisplayName added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) DisplayName() pulumi.StringOutput

A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.

func (LookupWorkforcePoolResultOutput) ElementType added in v0.29.0 

func (LookupWorkforcePoolResultOutput) ElementType() reflect.Type

func (LookupWorkforcePoolResultOutput) ExpireTime added in v0.32.0 

func (o LookupWorkforcePoolResultOutput) ExpireTime() pulumi.StringOutput

Time after which the workforce pool will be permanently purged and cannot be recovered.

func (LookupWorkforcePoolResultOutput) Name added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) Name() pulumi.StringOutput

The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`

func (LookupWorkforcePoolResultOutput) Parent added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) Parent() pulumi.StringOutput

Immutable. The resource name of the parent. Format: `organizations/{org-id}`.

func (LookupWorkforcePoolResultOutput) SessionDuration added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) SessionDuration() pulumi.StringOutput

Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration` is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in the SAML assertion.

func (LookupWorkforcePoolResultOutput) State added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) State() pulumi.StringOutput

The state of the pool.

func (LookupWorkforcePoolResultOutput) ToLookupWorkforcePoolResultOutput added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) ToLookupWorkforcePoolResultOutput() LookupWorkforcePoolResultOutput

func (LookupWorkforcePoolResultOutput) ToLookupWorkforcePoolResultOutputWithContext added in v0.29.0 

func (o LookupWorkforcePoolResultOutput) ToLookupWorkforcePoolResultOutputWithContext(ctx context.Context) LookupWorkforcePoolResultOutput

type LookupWorkloadIdentityPoolArgs added in v0.4.0 

type LookupWorkloadIdentityPoolArgs struct {
	Location               string  `pulumi:"location"`
	Project                *string `pulumi:"project"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

type LookupWorkloadIdentityPoolKeyArgs added in v0.29.0 

type LookupWorkloadIdentityPoolKeyArgs struct {
	KeyId                  string  `pulumi:"keyId"`
	Location               string  `pulumi:"location"`
	Project                *string `pulumi:"project"`
	ProviderId             string  `pulumi:"providerId"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

type LookupWorkloadIdentityPoolKeyOutputArgs added in v0.29.0 

type LookupWorkloadIdentityPoolKeyOutputArgs struct {
	KeyId                  pulumi.StringInput    `pulumi:"keyId"`
	Location               pulumi.StringInput    `pulumi:"location"`
	Project                pulumi.StringPtrInput `pulumi:"project"`
	ProviderId             pulumi.StringInput    `pulumi:"providerId"`
	WorkloadIdentityPoolId pulumi.StringInput    `pulumi:"workloadIdentityPoolId"`
}

func (LookupWorkloadIdentityPoolKeyOutputArgs) ElementType added in v0.29.0 

func (LookupWorkloadIdentityPoolKeyOutputArgs) ElementType() reflect.Type

type LookupWorkloadIdentityPoolKeyResult added in v0.29.0 

type LookupWorkloadIdentityPoolKeyResult struct {
	// Time after which the key will be permanently purged and cannot be recovered. Note that the key may get purged before this timestamp if the total limit of keys per provider is crossed.
	ExpireTime string `pulumi:"expireTime"`
	// Immutable. Public half of the asymmetric key.
	KeyData KeyDataResponse `pulumi:"keyData"`
	// The resource name of the key.
	Name string `pulumi:"name"`
	// The state of the key.
	State string `pulumi:"state"`
	// The purpose of the key.
	Use string `pulumi:"use"`
}

func LookupWorkloadIdentityPoolKey added in v0.29.0 

func LookupWorkloadIdentityPoolKey(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolKeyArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolKeyResult, error)

Gets an individual WorkloadIdentityPoolProviderKey.

type LookupWorkloadIdentityPoolKeyResultOutput added in v0.29.0 

type LookupWorkloadIdentityPoolKeyResultOutput struct{ *pulumi.OutputState }

func LookupWorkloadIdentityPoolKeyOutput added in v0.29.0 

func LookupWorkloadIdentityPoolKeyOutput(ctx *pulumi.Context, args LookupWorkloadIdentityPoolKeyOutputArgs, opts ...pulumi.InvokeOption) LookupWorkloadIdentityPoolKeyResultOutput

func (LookupWorkloadIdentityPoolKeyResultOutput) ElementType added in v0.29.0 

func (LookupWorkloadIdentityPoolKeyResultOutput) ElementType() reflect.Type

func (LookupWorkloadIdentityPoolKeyResultOutput) ExpireTime added in v0.29.0 

func (o LookupWorkloadIdentityPoolKeyResultOutput) ExpireTime() pulumi.StringOutput

Time after which the key will be permanently purged and cannot be recovered. Note that the key may get purged before this timestamp if the total limit of keys per provider is crossed.

func (LookupWorkloadIdentityPoolKeyResultOutput) KeyData added in v0.29.0 

func (o LookupWorkloadIdentityPoolKeyResultOutput) KeyData() KeyDataResponseOutput

Immutable. Public half of the asymmetric key.

func (LookupWorkloadIdentityPoolKeyResultOutput) Name added in v0.29.0 

func (o LookupWorkloadIdentityPoolKeyResultOutput) Name() pulumi.StringOutput

The resource name of the key.

func (LookupWorkloadIdentityPoolKeyResultOutput) State added in v0.29.0 

func (o LookupWorkloadIdentityPoolKeyResultOutput) State() pulumi.StringOutput

The state of the key.

func (LookupWorkloadIdentityPoolKeyResultOutput) ToLookupWorkloadIdentityPoolKeyResultOutput added in v0.29.0 

func (o LookupWorkloadIdentityPoolKeyResultOutput) ToLookupWorkloadIdentityPoolKeyResultOutput() LookupWorkloadIdentityPoolKeyResultOutput

func (LookupWorkloadIdentityPoolKeyResultOutput) ToLookupWorkloadIdentityPoolKeyResultOutputWithContext added in v0.29.0 

func (o LookupWorkloadIdentityPoolKeyResultOutput) ToLookupWorkloadIdentityPoolKeyResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolKeyResultOutput

func (LookupWorkloadIdentityPoolKeyResultOutput) Use added in v0.29.0 

func (o LookupWorkloadIdentityPoolKeyResultOutput) Use() pulumi.StringOutput

The purpose of the key.

type LookupWorkloadIdentityPoolOutputArgs added in v0.8.0 

type LookupWorkloadIdentityPoolOutputArgs struct {
	Location               pulumi.StringInput    `pulumi:"location"`
	Project                pulumi.StringPtrInput `pulumi:"project"`
	WorkloadIdentityPoolId pulumi.StringInput    `pulumi:"workloadIdentityPoolId"`
}

func (LookupWorkloadIdentityPoolOutputArgs) ElementType added in v0.8.0 

func (LookupWorkloadIdentityPoolOutputArgs) ElementType() reflect.Type

type LookupWorkloadIdentityPoolResult added in v0.4.0 

type LookupWorkloadIdentityPoolResult struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description string `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled bool `pulumi:"disabled"`
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName string `pulumi:"displayName"`
	// Time after which the workload identity pool will be permanently purged and cannot be recovered.
	ExpireTime string `pulumi:"expireTime"`
	// The resource name of the pool.
	Name string `pulumi:"name"`
	// The state of the pool.
	State string `pulumi:"state"`
}

func LookupWorkloadIdentityPool added in v0.4.0 

func LookupWorkloadIdentityPool(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolResult, error)

Gets an individual WorkloadIdentityPool.

type LookupWorkloadIdentityPoolResultOutput added in v0.8.0 

type LookupWorkloadIdentityPoolResultOutput struct{ *pulumi.OutputState }

func LookupWorkloadIdentityPoolOutput added in v0.8.0 

func LookupWorkloadIdentityPoolOutput(ctx *pulumi.Context, args LookupWorkloadIdentityPoolOutputArgs, opts ...pulumi.InvokeOption) LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) Description added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) Description() pulumi.StringOutput

A description of the pool. Cannot exceed 256 characters.

func (LookupWorkloadIdentityPoolResultOutput) Disabled added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) Disabled() pulumi.BoolOutput

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (LookupWorkloadIdentityPoolResultOutput) DisplayName added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) DisplayName() pulumi.StringOutput

A display name for the pool. Cannot exceed 32 characters.

func (LookupWorkloadIdentityPoolResultOutput) ElementType added in v0.8.0 

func (LookupWorkloadIdentityPoolResultOutput) ElementType() reflect.Type

func (LookupWorkloadIdentityPoolResultOutput) ExpireTime added in v0.32.0 

func (o LookupWorkloadIdentityPoolResultOutput) ExpireTime() pulumi.StringOutput

Time after which the workload identity pool will be permanently purged and cannot be recovered.

func (LookupWorkloadIdentityPoolResultOutput) Name added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) Name() pulumi.StringOutput

The resource name of the pool.

func (LookupWorkloadIdentityPoolResultOutput) State added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) State() pulumi.StringOutput

The state of the pool.

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput() LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolResultOutput

type Oidc 

type Oidc struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: “`//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/“`
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL. Must be an HTTPS endpoint.
	IssuerUri string `pulumi:"issuerUri"`
	// Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }
	JwksJson *string `pulumi:"jwksJson"`
}

Represents an OpenId Connect 1.0 identity provider.

type OidcArgs 

type OidcArgs struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: “`//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/“`
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	// The OIDC issuer URL. Must be an HTTPS endpoint.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
	// Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }
	JwksJson pulumi.StringPtrInput `pulumi:"jwksJson"`
}

Represents an OpenId Connect 1.0 identity provider.

func (OidcArgs) ElementType 

func (OidcArgs) ElementType() reflect.Type

func (OidcArgs) ToOidcOutput 

func (i OidcArgs) ToOidcOutput() OidcOutput

func (OidcArgs) ToOidcOutputWithContext 

func (i OidcArgs) ToOidcOutputWithContext(ctx context.Context) OidcOutput

func (OidcArgs) ToOidcPtrOutput 

func (i OidcArgs) ToOidcPtrOutput() OidcPtrOutput

func (OidcArgs) ToOidcPtrOutputWithContext 

func (i OidcArgs) ToOidcPtrOutputWithContext(ctx context.Context) OidcPtrOutput

type OidcInput 

type OidcInput interface {
	pulumi.Input

	ToOidcOutput() OidcOutput
	ToOidcOutputWithContext(context.Context) OidcOutput
}

OidcInput is an input type that accepts OidcArgs and OidcOutput values. You can construct a concrete instance of `OidcInput` via: 

OidcArgs{...}

type OidcOutput 

type OidcOutput struct{ *pulumi.OutputState }

Represents an OpenId Connect 1.0 identity provider.

func (OidcOutput) AllowedAudiences 

func (o OidcOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/```

func (OidcOutput) ElementType 

func (OidcOutput) ElementType() reflect.Type

func (OidcOutput) IssuerUri 

func (o OidcOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URL. Must be an HTTPS endpoint.

func (OidcOutput) JwksJson added in v0.32.0 

func (o OidcOutput) JwksJson() pulumi.StringPtrOutput

Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }

func (OidcOutput) ToOidcOutput 

func (o OidcOutput) ToOidcOutput() OidcOutput

func (OidcOutput) ToOidcOutputWithContext 

func (o OidcOutput) ToOidcOutputWithContext(ctx context.Context) OidcOutput

func (OidcOutput) ToOidcPtrOutput 

func (o OidcOutput) ToOidcPtrOutput() OidcPtrOutput

func (OidcOutput) ToOidcPtrOutputWithContext 

func (o OidcOutput) ToOidcPtrOutputWithContext(ctx context.Context) OidcPtrOutput

type OidcPtrInput 

type OidcPtrInput interface {
	pulumi.Input

	ToOidcPtrOutput() OidcPtrOutput
	ToOidcPtrOutputWithContext(context.Context) OidcPtrOutput
}

OidcPtrInput is an input type that accepts OidcArgs, OidcPtr and OidcPtrOutput values. You can construct a concrete instance of `OidcPtrInput` via: 

        OidcArgs{...}

or:

        nil

func OidcPtr 

func OidcPtr(v *OidcArgs) OidcPtrInput

type OidcPtrOutput 

type OidcPtrOutput struct{ *pulumi.OutputState }

func (OidcPtrOutput) AllowedAudiences 

func (o OidcPtrOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/```

func (OidcPtrOutput) Elem 

func (o OidcPtrOutput) Elem() OidcOutput

func (OidcPtrOutput) ElementType 

func (OidcPtrOutput) ElementType() reflect.Type

func (OidcPtrOutput) IssuerUri 

func (o OidcPtrOutput) IssuerUri() pulumi.StringPtrOutput

The OIDC issuer URL. Must be an HTTPS endpoint.

func (OidcPtrOutput) JwksJson added in v0.32.0 

func (o OidcPtrOutput) JwksJson() pulumi.StringPtrOutput

Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }

func (OidcPtrOutput) ToOidcPtrOutput 

func (o OidcPtrOutput) ToOidcPtrOutput() OidcPtrOutput

func (OidcPtrOutput) ToOidcPtrOutputWithContext 

func (o OidcPtrOutput) ToOidcPtrOutputWithContext(ctx context.Context) OidcPtrOutput

type OidcResponse 

type OidcResponse struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: “`//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/“`
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL. Must be an HTTPS endpoint.
	IssuerUri string `pulumi:"issuerUri"`
	// Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }
	JwksJson string `pulumi:"jwksJson"`
}

Represents an OpenId Connect 1.0 identity provider.

type OidcResponseOutput 

type OidcResponseOutput struct{ *pulumi.OutputState }

Represents an OpenId Connect 1.0 identity provider.

func (OidcResponseOutput) AllowedAudiences 

func (o OidcResponseOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/```

func (OidcResponseOutput) ElementType 

func (OidcResponseOutput) ElementType() reflect.Type

func (OidcResponseOutput) IssuerUri 

func (o OidcResponseOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URL. Must be an HTTPS endpoint.

func (OidcResponseOutput) JwksJson added in v0.32.0 

func (o OidcResponseOutput) JwksJson() pulumi.StringOutput

Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }

func (OidcResponseOutput) ToOidcResponseOutput 

func (o OidcResponseOutput) ToOidcResponseOutput() OidcResponseOutput

func (OidcResponseOutput) ToOidcResponseOutputWithContext 

func (o OidcResponseOutput) ToOidcResponseOutputWithContext(ctx context.Context) OidcResponseOutput

type OrganizationRole 

type OrganizationRole struct {
	pulumi.CustomResourceState

	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolOutput `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description pulumi.StringOutput `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayOutput `pulumi:"includedPermissions"`
	// The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.
	Name           pulumi.StringOutput `pulumi:"name"`
	OrganizationId pulumi.StringOutput `pulumi:"organizationId"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage pulumi.StringOutput `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringOutput `pulumi:"title"`
}

Creates a new custom Role.

func GetOrganizationRole 

func GetOrganizationRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationRoleState, opts ...pulumi.ResourceOption) (*OrganizationRole, error)

GetOrganizationRole gets an existing OrganizationRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationRole 

func NewOrganizationRole(ctx *pulumi.Context,
	name string, args *OrganizationRoleArgs, opts ...pulumi.ResourceOption) (*OrganizationRole, error)

NewOrganizationRole registers a new resource with the given unique name, arguments, and options.

func (*OrganizationRole) ElementType 

func (*OrganizationRole) ElementType() reflect.Type

func (*OrganizationRole) ToOrganizationRoleOutput 

func (i *OrganizationRole) ToOrganizationRoleOutput() OrganizationRoleOutput

func (*OrganizationRole) ToOrganizationRoleOutputWithContext 

func (i *OrganizationRole) ToOrganizationRoleOutputWithContext(ctx context.Context) OrganizationRoleOutput

type OrganizationRoleArgs 

type OrganizationRoleArgs struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolPtrInput
	// Optional. A human-readable description for the role.
	Description pulumi.StringPtrInput
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringPtrInput
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayInput
	// The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.
	Name           pulumi.StringPtrInput
	OrganizationId pulumi.StringInput
	// The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (`_`), and periods (`.`). It must contain a minimum of 3 characters and a maximum of 64 characters.
	RoleId pulumi.StringPtrInput
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage OrganizationRoleStagePtrInput
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringPtrInput
}

The set of arguments for constructing a OrganizationRole resource.

func (OrganizationRoleArgs) ElementType 

func (OrganizationRoleArgs) ElementType() reflect.Type

type OrganizationRoleInput 

type OrganizationRoleInput interface {
	pulumi.Input

	ToOrganizationRoleOutput() OrganizationRoleOutput
	ToOrganizationRoleOutputWithContext(ctx context.Context) OrganizationRoleOutput
}

type OrganizationRoleOutput 

type OrganizationRoleOutput struct{ *pulumi.OutputState }

func (OrganizationRoleOutput) Deleted added in v0.19.0 

func (o OrganizationRoleOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (OrganizationRoleOutput) Description added in v0.19.0 

func (o OrganizationRoleOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (OrganizationRoleOutput) ElementType 

func (OrganizationRoleOutput) ElementType() reflect.Type

func (OrganizationRoleOutput) Etag added in v0.19.0 

func (o OrganizationRoleOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (OrganizationRoleOutput) IncludedPermissions added in v0.19.0 

func (o OrganizationRoleOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (OrganizationRoleOutput) Name added in v0.19.0 

func (o OrganizationRoleOutput) Name() pulumi.StringOutput

The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.

func (OrganizationRoleOutput) OrganizationId added in v0.21.0 

func (o OrganizationRoleOutput) OrganizationId() pulumi.StringOutput

func (OrganizationRoleOutput) Stage added in v0.19.0 

func (o OrganizationRoleOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (OrganizationRoleOutput) Title added in v0.19.0 

func (o OrganizationRoleOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (OrganizationRoleOutput) ToOrganizationRoleOutput 

func (o OrganizationRoleOutput) ToOrganizationRoleOutput() OrganizationRoleOutput

func (OrganizationRoleOutput) ToOrganizationRoleOutputWithContext 

func (o OrganizationRoleOutput) ToOrganizationRoleOutputWithContext(ctx context.Context) OrganizationRoleOutput

type OrganizationRoleStage added in v0.4.0 

type OrganizationRoleStage string

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (OrganizationRoleStage) ElementType added in v0.4.0 

func (OrganizationRoleStage) ElementType() reflect.Type

func (OrganizationRoleStage) ToOrganizationRoleStageOutput added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStageOutput() OrganizationRoleStageOutput

func (OrganizationRoleStage) ToOrganizationRoleStageOutputWithContext added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStageOutputWithContext(ctx context.Context) OrganizationRoleStageOutput

func (OrganizationRoleStage) ToOrganizationRoleStagePtrOutput added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput

func (OrganizationRoleStage) ToOrganizationRoleStagePtrOutputWithContext added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStagePtrOutputWithContext(ctx context.Context) OrganizationRoleStagePtrOutput

func (OrganizationRoleStage) ToStringOutput added in v0.4.0 

func (e OrganizationRoleStage) ToStringOutput() pulumi.StringOutput

func (OrganizationRoleStage) ToStringOutputWithContext added in v0.4.0 

func (e OrganizationRoleStage) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (OrganizationRoleStage) ToStringPtrOutput added in v0.4.0 

func (e OrganizationRoleStage) ToStringPtrOutput() pulumi.StringPtrOutput

func (OrganizationRoleStage) ToStringPtrOutputWithContext added in v0.4.0 

func (e OrganizationRoleStage) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type OrganizationRoleStageInput added in v0.6.0 

type OrganizationRoleStageInput interface {
	pulumi.Input

	ToOrganizationRoleStageOutput() OrganizationRoleStageOutput
	ToOrganizationRoleStageOutputWithContext(context.Context) OrganizationRoleStageOutput
}

OrganizationRoleStageInput is an input type that accepts OrganizationRoleStageArgs and OrganizationRoleStageOutput values. You can construct a concrete instance of `OrganizationRoleStageInput` via: 

OrganizationRoleStageArgs{...}

type OrganizationRoleStageOutput added in v0.6.0 

type OrganizationRoleStageOutput struct{ *pulumi.OutputState }

func (OrganizationRoleStageOutput) ElementType added in v0.6.0 

func (OrganizationRoleStageOutput) ElementType() reflect.Type

func (OrganizationRoleStageOutput) ToOrganizationRoleStageOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStageOutput() OrganizationRoleStageOutput

func (OrganizationRoleStageOutput) ToOrganizationRoleStageOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStageOutputWithContext(ctx context.Context) OrganizationRoleStageOutput

func (OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput

func (OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutputWithContext(ctx context.Context) OrganizationRoleStagePtrOutput

func (OrganizationRoleStageOutput) ToStringOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringOutput() pulumi.StringOutput

func (OrganizationRoleStageOutput) ToStringOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (OrganizationRoleStageOutput) ToStringPtrOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (OrganizationRoleStageOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type OrganizationRoleStagePtrInput added in v0.6.0 

type OrganizationRoleStagePtrInput interface {
	pulumi.Input

	ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput
	ToOrganizationRoleStagePtrOutputWithContext(context.Context) OrganizationRoleStagePtrOutput
}

func OrganizationRoleStagePtr added in v0.6.0 

func OrganizationRoleStagePtr(v string) OrganizationRoleStagePtrInput

type OrganizationRoleStagePtrOutput added in v0.6.0 

type OrganizationRoleStagePtrOutput struct{ *pulumi.OutputState }

func (OrganizationRoleStagePtrOutput) Elem added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) Elem() OrganizationRoleStageOutput

func (OrganizationRoleStagePtrOutput) ElementType added in v0.6.0 

func (OrganizationRoleStagePtrOutput) ElementType() reflect.Type

func (OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutput added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput

func (OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutputWithContext(ctx context.Context) OrganizationRoleStagePtrOutput

func (OrganizationRoleStagePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (OrganizationRoleStagePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type OrganizationRoleState 

type OrganizationRoleState struct {
}

func (OrganizationRoleState) ElementType 

func (OrganizationRoleState) ElementType() reflect.Type

type Provider added in v0.3.0 

type Provider struct {
	pulumi.CustomResourceState

	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition pulumi.StringOutput `pulumi:"attributeCondition"`
	//  Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: “`{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }“` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// An Amazon Web Services identity provider.
	Aws AwsResponseOutput `pulumi:"aws"`
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringOutput `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Time after which the workload identity pool provider will be permanently purged and cannot be recovered.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	Location   pulumi.StringOutput `pulumi:"location"`
	// The resource name of the provider.
	Name pulumi.StringOutput `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider.
	Oidc    OidcResponseOutput  `pulumi:"oidc"`
	Project pulumi.StringOutput `pulumi:"project"`
	// An SAML 2.0 identity provider.
	Saml SamlResponseOutput `pulumi:"saml"`
	// The state of the provider.
	State                  pulumi.StringOutput `pulumi:"state"`
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
	// Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolProviderId pulumi.StringOutput `pulumi:"workloadIdentityPoolProviderId"`
}

Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You cannot reuse the name of a deleted provider until 30 days after deletion. Auto-naming is currently not supported for this resource.

func GetProvider added in v0.3.0 

func GetProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ProviderState, opts ...pulumi.ResourceOption) (*Provider, error)

GetProvider gets an existing Provider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewProvider added in v0.3.0 

func NewProvider(ctx *pulumi.Context,
	name string, args *ProviderArgs, opts ...pulumi.ResourceOption) (*Provider, error)

NewProvider registers a new resource with the given unique name, arguments, and options.

func (*Provider) ElementType added in v0.3.0 

func (*Provider) ElementType() reflect.Type

func (*Provider) ToProviderOutput added in v0.3.0 

func (i *Provider) ToProviderOutput() ProviderOutput

func (*Provider) ToProviderOutputWithContext added in v0.3.0 

func (i *Provider) ToProviderOutputWithContext(ctx context.Context) ProviderOutput

type ProviderArgs added in v0.3.0 

type ProviderArgs struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition pulumi.StringPtrInput
	//  Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: “`{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }“` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider.
	Aws AwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	Location    pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider.
	Oidc    OidcPtrInput
	Project pulumi.StringPtrInput
	// An SAML 2.0 identity provider.
	Saml                   SamlPtrInput
	WorkloadIdentityPoolId pulumi.StringInput
	// Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolProviderId pulumi.StringInput
}

The set of arguments for constructing a Provider resource.

func (ProviderArgs) ElementType added in v0.3.0 

func (ProviderArgs) ElementType() reflect.Type

type ProviderInput added in v0.3.0 

type ProviderInput interface {
	pulumi.Input

	ToProviderOutput() ProviderOutput
	ToProviderOutputWithContext(ctx context.Context) ProviderOutput
}

type ProviderOutput added in v0.3.0 

type ProviderOutput struct{ *pulumi.OutputState }

func (ProviderOutput) AttributeCondition added in v0.19.0 

func (o ProviderOutput) AttributeCondition() pulumi.StringOutput

[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ```"'admins' in google.groups"```

func (ProviderOutput) AttributeMapping added in v0.19.0 

func (o ProviderOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: ```{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }``` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ```{"google.subject": "assertion.sub"}```

func (ProviderOutput) Aws added in v0.19.0 

func (o ProviderOutput) Aws() AwsResponseOutput

An Amazon Web Services identity provider.

func (ProviderOutput) Description added in v0.19.0 

func (o ProviderOutput) Description() pulumi.StringOutput

A description for the provider. Cannot exceed 256 characters.

func (ProviderOutput) Disabled added in v0.19.0 

func (o ProviderOutput) Disabled() pulumi.BoolOutput

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (ProviderOutput) DisplayName added in v0.19.0 

func (o ProviderOutput) DisplayName() pulumi.StringOutput

A display name for the provider. Cannot exceed 32 characters.

func (ProviderOutput) ElementType added in v0.3.0 

func (ProviderOutput) ElementType() reflect.Type

func (ProviderOutput) ExpireTime added in v0.32.0 

func (o ProviderOutput) ExpireTime() pulumi.StringOutput

Time after which the workload identity pool provider will be permanently purged and cannot be recovered.

func (ProviderOutput) Location added in v0.21.0 

func (o ProviderOutput) Location() pulumi.StringOutput

func (ProviderOutput) Name added in v0.19.0 

func (o ProviderOutput) Name() pulumi.StringOutput

The resource name of the provider.

func (ProviderOutput) Oidc added in v0.19.0 

func (o ProviderOutput) Oidc() OidcResponseOutput

An OpenId Connect 1.0 identity provider.

func (ProviderOutput) Project added in v0.21.0 

func (o ProviderOutput) Project() pulumi.StringOutput

func (ProviderOutput) Saml added in v0.19.0 

func (o ProviderOutput) Saml() SamlResponseOutput

An SAML 2.0 identity provider.

func (ProviderOutput) State added in v0.19.0 

func (o ProviderOutput) State() pulumi.StringOutput

The state of the provider.

func (ProviderOutput) ToProviderOutput added in v0.3.0 

func (o ProviderOutput) ToProviderOutput() ProviderOutput

func (ProviderOutput) ToProviderOutputWithContext added in v0.3.0 

func (o ProviderOutput) ToProviderOutputWithContext(ctx context.Context) ProviderOutput

func (ProviderOutput) WorkloadIdentityPoolId added in v0.21.0 

func (o ProviderOutput) WorkloadIdentityPoolId() pulumi.StringOutput

func (ProviderOutput) WorkloadIdentityPoolProviderId added in v0.21.0 

func (o ProviderOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type ProviderState added in v0.3.0 

type ProviderState struct {
}

func (ProviderState) ElementType added in v0.3.0 

func (ProviderState) ElementType() reflect.Type

type Role 

type Role struct {
	pulumi.CustomResourceState

	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolOutput `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description pulumi.StringOutput `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayOutput `pulumi:"includedPermissions"`
	// The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage pulumi.StringOutput `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringOutput `pulumi:"title"`
}

Creates a new custom Role.

func GetRole 

func GetRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleState, opts ...pulumi.ResourceOption) (*Role, error)

GetRole gets an existing Role resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRole 

func NewRole(ctx *pulumi.Context,
	name string, args *RoleArgs, opts ...pulumi.ResourceOption) (*Role, error)

NewRole registers a new resource with the given unique name, arguments, and options.

func (*Role) ElementType 

func (*Role) ElementType() reflect.Type

func (*Role) ToRoleOutput 

func (i *Role) ToRoleOutput() RoleOutput

func (*Role) ToRoleOutputWithContext 

func (i *Role) ToRoleOutputWithContext(ctx context.Context) RoleOutput

type RoleArgs 

type RoleArgs struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolPtrInput
	// Optional. A human-readable description for the role.
	Description pulumi.StringPtrInput
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringPtrInput
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayInput
	// The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (`_`), and periods (`.`). It must contain a minimum of 3 characters and a maximum of 64 characters.
	RoleId pulumi.StringPtrInput
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage RoleStagePtrInput
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringPtrInput
}

The set of arguments for constructing a Role resource.

func (RoleArgs) ElementType 

func (RoleArgs) ElementType() reflect.Type

type RoleInput 

type RoleInput interface {
	pulumi.Input

	ToRoleOutput() RoleOutput
	ToRoleOutputWithContext(ctx context.Context) RoleOutput
}

type RoleOutput 

type RoleOutput struct{ *pulumi.OutputState }

func (RoleOutput) Deleted added in v0.19.0 

func (o RoleOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (RoleOutput) Description added in v0.19.0 

func (o RoleOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (RoleOutput) ElementType 

func (RoleOutput) ElementType() reflect.Type

func (RoleOutput) Etag added in v0.19.0 

func (o RoleOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (RoleOutput) IncludedPermissions added in v0.19.0 

func (o RoleOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (RoleOutput) Name added in v0.19.0 

func (o RoleOutput) Name() pulumi.StringOutput

The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.

func (RoleOutput) Project added in v0.21.0 

func (o RoleOutput) Project() pulumi.StringOutput

func (RoleOutput) Stage added in v0.19.0 

func (o RoleOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (RoleOutput) Title added in v0.19.0 

func (o RoleOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (RoleOutput) ToRoleOutput 

func (o RoleOutput) ToRoleOutput() RoleOutput

func (RoleOutput) ToRoleOutputWithContext 

func (o RoleOutput) ToRoleOutputWithContext(ctx context.Context) RoleOutput

type RoleStage added in v0.4.0 

type RoleStage string

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (RoleStage) ElementType added in v0.4.0 

func (RoleStage) ElementType() reflect.Type

func (RoleStage) ToRoleStageOutput added in v0.6.0 

func (e RoleStage) ToRoleStageOutput() RoleStageOutput

func (RoleStage) ToRoleStageOutputWithContext added in v0.6.0 

func (e RoleStage) ToRoleStageOutputWithContext(ctx context.Context) RoleStageOutput

func (RoleStage) ToRoleStagePtrOutput added in v0.6.0 

func (e RoleStage) ToRoleStagePtrOutput() RoleStagePtrOutput

func (RoleStage) ToRoleStagePtrOutputWithContext added in v0.6.0 

func (e RoleStage) ToRoleStagePtrOutputWithContext(ctx context.Context) RoleStagePtrOutput

func (RoleStage) ToStringOutput added in v0.4.0 

func (e RoleStage) ToStringOutput() pulumi.StringOutput

func (RoleStage) ToStringOutputWithContext added in v0.4.0 

func (e RoleStage) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (RoleStage) ToStringPtrOutput added in v0.4.0 

func (e RoleStage) ToStringPtrOutput() pulumi.StringPtrOutput

func (RoleStage) ToStringPtrOutputWithContext added in v0.4.0 

func (e RoleStage) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type RoleStageInput added in v0.6.0 

type RoleStageInput interface {
	pulumi.Input

	ToRoleStageOutput() RoleStageOutput
	ToRoleStageOutputWithContext(context.Context) RoleStageOutput
}

RoleStageInput is an input type that accepts RoleStageArgs and RoleStageOutput values. You can construct a concrete instance of `RoleStageInput` via: 

RoleStageArgs{...}

type RoleStageOutput added in v0.6.0 

type RoleStageOutput struct{ *pulumi.OutputState }

func (RoleStageOutput) ElementType added in v0.6.0 

func (RoleStageOutput) ElementType() reflect.Type

func (RoleStageOutput) ToRoleStageOutput added in v0.6.0 

func (o RoleStageOutput) ToRoleStageOutput() RoleStageOutput

func (RoleStageOutput) ToRoleStageOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToRoleStageOutputWithContext(ctx context.Context) RoleStageOutput

func (RoleStageOutput) ToRoleStagePtrOutput added in v0.6.0 

func (o RoleStageOutput) ToRoleStagePtrOutput() RoleStagePtrOutput

func (RoleStageOutput) ToRoleStagePtrOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToRoleStagePtrOutputWithContext(ctx context.Context) RoleStagePtrOutput

func (RoleStageOutput) ToStringOutput added in v0.6.0 

func (o RoleStageOutput) ToStringOutput() pulumi.StringOutput

func (RoleStageOutput) ToStringOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (RoleStageOutput) ToStringPtrOutput added in v0.6.0 

func (o RoleStageOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (RoleStageOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type RoleStagePtrInput added in v0.6.0 

type RoleStagePtrInput interface {
	pulumi.Input

	ToRoleStagePtrOutput() RoleStagePtrOutput
	ToRoleStagePtrOutputWithContext(context.Context) RoleStagePtrOutput
}

func RoleStagePtr added in v0.6.0 

func RoleStagePtr(v string) RoleStagePtrInput

type RoleStagePtrOutput added in v0.6.0 

type RoleStagePtrOutput struct{ *pulumi.OutputState }

func (RoleStagePtrOutput) Elem added in v0.6.0 

func (o RoleStagePtrOutput) Elem() RoleStageOutput

func (RoleStagePtrOutput) ElementType added in v0.6.0 

func (RoleStagePtrOutput) ElementType() reflect.Type

func (RoleStagePtrOutput) ToRoleStagePtrOutput added in v0.6.0 

func (o RoleStagePtrOutput) ToRoleStagePtrOutput() RoleStagePtrOutput

func (RoleStagePtrOutput) ToRoleStagePtrOutputWithContext added in v0.6.0 

func (o RoleStagePtrOutput) ToRoleStagePtrOutputWithContext(ctx context.Context) RoleStagePtrOutput

func (RoleStagePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o RoleStagePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (RoleStagePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o RoleStagePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type RoleState 

type RoleState struct {
}

func (RoleState) ElementType 

func (RoleState) ElementType() reflect.Type

type Saml added in v0.19.0 

type Saml struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

Represents an SAML 2.0 identity provider.

type SamlArgs added in v0.19.0 

type SamlArgs struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

Represents an SAML 2.0 identity provider.

func (SamlArgs) ElementType added in v0.19.0 

func (SamlArgs) ElementType() reflect.Type

func (SamlArgs) ToSamlOutput added in v0.19.0 

func (i SamlArgs) ToSamlOutput() SamlOutput

func (SamlArgs) ToSamlOutputWithContext added in v0.19.0 

func (i SamlArgs) ToSamlOutputWithContext(ctx context.Context) SamlOutput

func (SamlArgs) ToSamlPtrOutput added in v0.19.0 

func (i SamlArgs) ToSamlPtrOutput() SamlPtrOutput

func (SamlArgs) ToSamlPtrOutputWithContext added in v0.19.0 

func (i SamlArgs) ToSamlPtrOutputWithContext(ctx context.Context) SamlPtrOutput

type SamlInput added in v0.19.0 

type SamlInput interface {
	pulumi.Input

	ToSamlOutput() SamlOutput
	ToSamlOutputWithContext(context.Context) SamlOutput
}

SamlInput is an input type that accepts SamlArgs and SamlOutput values. You can construct a concrete instance of `SamlInput` via: 

SamlArgs{...}

type SamlOutput added in v0.19.0 

type SamlOutput struct{ *pulumi.OutputState }

Represents an SAML 2.0 identity provider.

func (SamlOutput) ElementType added in v0.19.0 

func (SamlOutput) ElementType() reflect.Type

func (SamlOutput) IdpMetadataXml added in v0.19.0 

func (o SamlOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata

func (SamlOutput) ToSamlOutput added in v0.19.0 

func (o SamlOutput) ToSamlOutput() SamlOutput

func (SamlOutput) ToSamlOutputWithContext added in v0.19.0 

func (o SamlOutput) ToSamlOutputWithContext(ctx context.Context) SamlOutput

func (SamlOutput) ToSamlPtrOutput added in v0.19.0 

func (o SamlOutput) ToSamlPtrOutput() SamlPtrOutput

func (SamlOutput) ToSamlPtrOutputWithContext added in v0.19.0 

func (o SamlOutput) ToSamlPtrOutputWithContext(ctx context.Context) SamlPtrOutput

type SamlPtrInput added in v0.19.0 

type SamlPtrInput interface {
	pulumi.Input

	ToSamlPtrOutput() SamlPtrOutput
	ToSamlPtrOutputWithContext(context.Context) SamlPtrOutput
}

SamlPtrInput is an input type that accepts SamlArgs, SamlPtr and SamlPtrOutput values. You can construct a concrete instance of `SamlPtrInput` via: 

        SamlArgs{...}

or:

        nil

func SamlPtr added in v0.19.0 

func SamlPtr(v *SamlArgs) SamlPtrInput

type SamlPtrOutput added in v0.19.0 

type SamlPtrOutput struct{ *pulumi.OutputState }

func (SamlPtrOutput) Elem added in v0.19.0 

func (o SamlPtrOutput) Elem() SamlOutput

func (SamlPtrOutput) ElementType added in v0.19.0 

func (SamlPtrOutput) ElementType() reflect.Type

func (SamlPtrOutput) IdpMetadataXml added in v0.19.0 

func (o SamlPtrOutput) IdpMetadataXml() pulumi.StringPtrOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata

func (SamlPtrOutput) ToSamlPtrOutput added in v0.19.0 

func (o SamlPtrOutput) ToSamlPtrOutput() SamlPtrOutput

func (SamlPtrOutput) ToSamlPtrOutputWithContext added in v0.19.0 

func (o SamlPtrOutput) ToSamlPtrOutputWithContext(ctx context.Context) SamlPtrOutput

type SamlResponse added in v0.19.0 

type SamlResponse struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

Represents an SAML 2.0 identity provider.

type SamlResponseOutput added in v0.19.0 

type SamlResponseOutput struct{ *pulumi.OutputState }

Represents an SAML 2.0 identity provider.

func (SamlResponseOutput) ElementType added in v0.19.0 

func (SamlResponseOutput) ElementType() reflect.Type

func (SamlResponseOutput) IdpMetadataXml added in v0.19.0 

func (o SamlResponseOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata

func (SamlResponseOutput) ToSamlResponseOutput added in v0.19.0 

func (o SamlResponseOutput) ToSamlResponseOutput() SamlResponseOutput

func (SamlResponseOutput) ToSamlResponseOutputWithContext added in v0.19.0 

func (o SamlResponseOutput) ToSamlResponseOutputWithContext(ctx context.Context) SamlResponseOutput

type ServiceAccount 

type ServiceAccount struct {
	pulumi.CustomResourceState

	// Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.
	Description pulumi.StringOutput `pulumi:"description"`
	// Whether the service account is disabled.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The email address of the service account.
	Email pulumi.StringOutput `pulumi:"email"`
	// Deprecated. Do not use.
	//
	// Deprecated: Deprecated. Do not use.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
	Name pulumi.StringOutput `pulumi:"name"`
	// The OAuth 2.0 client ID for the service account.
	Oauth2ClientId pulumi.StringOutput `pulumi:"oauth2ClientId"`
	Project        pulumi.StringOutput `pulumi:"project"`
	// The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.
	UniqueId pulumi.StringOutput `pulumi:"uniqueId"`
}

Creates a ServiceAccount. Auto-naming is currently not supported for this resource.

func GetServiceAccount 

func GetServiceAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountState, opts ...pulumi.ResourceOption) (*ServiceAccount, error)

GetServiceAccount gets an existing ServiceAccount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccount 

func NewServiceAccount(ctx *pulumi.Context,
	name string, args *ServiceAccountArgs, opts ...pulumi.ResourceOption) (*ServiceAccount, error)

NewServiceAccount registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccount) ElementType 

func (*ServiceAccount) ElementType() reflect.Type

func (*ServiceAccount) ToServiceAccountOutput 

func (i *ServiceAccount) ToServiceAccountOutput() ServiceAccountOutput

func (*ServiceAccount) ToServiceAccountOutputWithContext 

func (i *ServiceAccount) ToServiceAccountOutputWithContext(ctx context.Context) ServiceAccountOutput

type ServiceAccountArgs 

type ServiceAccountArgs struct {
	// The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
	AccountId pulumi.StringInput
	// Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.
	DisplayName pulumi.StringPtrInput
	// Deprecated. Do not use.
	//
	// Deprecated: Deprecated. Do not use.
	Etag pulumi.StringPtrInput
	// The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a ServiceAccount resource.

func (ServiceAccountArgs) ElementType 

func (ServiceAccountArgs) ElementType() reflect.Type

type ServiceAccountIamBinding added in v0.26.0 

type ServiceAccountIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources).

func GetServiceAccountIamBinding added in v0.26.0 

func GetServiceAccountIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountIamBindingState, opts ...pulumi.ResourceOption) (*ServiceAccountIamBinding, error)

GetServiceAccountIamBinding gets an existing ServiceAccountIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccountIamBinding added in v0.26.0 

func NewServiceAccountIamBinding(ctx *pulumi.Context,
	name string, args *ServiceAccountIamBindingArgs, opts ...pulumi.ResourceOption) (*ServiceAccountIamBinding, error)

NewServiceAccountIamBinding registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccountIamBinding) ElementType added in v0.26.0 

func (*ServiceAccountIamBinding) ElementType() reflect.Type

func (*ServiceAccountIamBinding) ToServiceAccountIamBindingOutput added in v0.26.0 

func (i *ServiceAccountIamBinding) ToServiceAccountIamBindingOutput() ServiceAccountIamBindingOutput

func (*ServiceAccountIamBinding) ToServiceAccountIamBindingOutputWithContext added in v0.26.0 

func (i *ServiceAccountIamBinding) ToServiceAccountIamBindingOutputWithContext(ctx context.Context) ServiceAccountIamBindingOutput

type ServiceAccountIamBindingArgs added in v0.26.0 

type ServiceAccountIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a ServiceAccountIamBinding resource.

func (ServiceAccountIamBindingArgs) ElementType added in v0.26.0 

func (ServiceAccountIamBindingArgs) ElementType() reflect.Type

type ServiceAccountIamBindingInput added in v0.26.0 

type ServiceAccountIamBindingInput interface {
	pulumi.Input

	ToServiceAccountIamBindingOutput() ServiceAccountIamBindingOutput
	ToServiceAccountIamBindingOutputWithContext(ctx context.Context) ServiceAccountIamBindingOutput
}

type ServiceAccountIamBindingOutput added in v0.26.0 

type ServiceAccountIamBindingOutput struct{ *pulumi.OutputState }

func (ServiceAccountIamBindingOutput) Condition added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Condition() ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ServiceAccountIamBindingOutput) ElementType added in v0.26.0 

func (ServiceAccountIamBindingOutput) ElementType() reflect.Type

func (ServiceAccountIamBindingOutput) Etag added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (ServiceAccountIamBindingOutput) Members added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (ServiceAccountIamBindingOutput) Name added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (ServiceAccountIamBindingOutput) Project added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (ServiceAccountIamBindingOutput) Role added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutput added in v0.26.0 

func (o ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutput() ServiceAccountIamBindingOutput

func (ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutputWithContext added in v0.26.0 

func (o ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutputWithContext(ctx context.Context) ServiceAccountIamBindingOutput

type ServiceAccountIamBindingState added in v0.26.0 

type ServiceAccountIamBindingState struct {
}

func (ServiceAccountIamBindingState) ElementType added in v0.26.0 

func (ServiceAccountIamBindingState) ElementType() reflect.Type

type ServiceAccountIamMember added in v0.26.0 

type ServiceAccountIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources).

func GetServiceAccountIamMember added in v0.26.0 

func GetServiceAccountIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountIamMemberState, opts ...pulumi.ResourceOption) (*ServiceAccountIamMember, error)

GetServiceAccountIamMember gets an existing ServiceAccountIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccountIamMember added in v0.26.0 

func NewServiceAccountIamMember(ctx *pulumi.Context,
	name string, args *ServiceAccountIamMemberArgs, opts ...pulumi.ResourceOption) (*ServiceAccountIamMember, error)

NewServiceAccountIamMember registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccountIamMember) ElementType added in v0.26.0 

func (*ServiceAccountIamMember) ElementType() reflect.Type

func (*ServiceAccountIamMember) ToServiceAccountIamMemberOutput added in v0.26.0 

func (i *ServiceAccountIamMember) ToServiceAccountIamMemberOutput() ServiceAccountIamMemberOutput

func (*ServiceAccountIamMember) ToServiceAccountIamMemberOutputWithContext added in v0.26.0 

func (i *ServiceAccountIamMember) ToServiceAccountIamMemberOutputWithContext(ctx context.Context) ServiceAccountIamMemberOutput

type ServiceAccountIamMemberArgs added in v0.26.0 

type ServiceAccountIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a ServiceAccountIamMember resource.

func (ServiceAccountIamMemberArgs) ElementType added in v0.26.0 

func (ServiceAccountIamMemberArgs) ElementType() reflect.Type

type ServiceAccountIamMemberInput added in v0.26.0 

type ServiceAccountIamMemberInput interface {
	pulumi.Input

	ToServiceAccountIamMemberOutput() ServiceAccountIamMemberOutput
	ToServiceAccountIamMemberOutputWithContext(ctx context.Context) ServiceAccountIamMemberOutput
}

type ServiceAccountIamMemberOutput added in v0.26.0 

type ServiceAccountIamMemberOutput struct{ *pulumi.OutputState }

func (ServiceAccountIamMemberOutput) Condition added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Condition() ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ServiceAccountIamMemberOutput) ElementType added in v0.26.0 

func (ServiceAccountIamMemberOutput) ElementType() reflect.Type

func (ServiceAccountIamMemberOutput) Etag added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (ServiceAccountIamMemberOutput) Member added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (ServiceAccountIamMemberOutput) Name added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (ServiceAccountIamMemberOutput) Project added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (ServiceAccountIamMemberOutput) Role added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutput added in v0.26.0 

func (o ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutput() ServiceAccountIamMemberOutput

func (ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutputWithContext added in v0.26.0 

func (o ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutputWithContext(ctx context.Context) ServiceAccountIamMemberOutput

type ServiceAccountIamMemberState added in v0.26.0 

type ServiceAccountIamMemberState struct {
}

func (ServiceAccountIamMemberState) ElementType added in v0.26.0 

func (ServiceAccountIamMemberState) ElementType() reflect.Type

type ServiceAccountIamPolicy 

type ServiceAccountIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag             pulumi.StringOutput `pulumi:"etag"`
	Project          pulumi.StringOutput `pulumi:"project"`
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources). Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetServiceAccountIamPolicy 

func GetServiceAccountIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountIamPolicyState, opts ...pulumi.ResourceOption) (*ServiceAccountIamPolicy, error)

GetServiceAccountIamPolicy gets an existing ServiceAccountIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccountIamPolicy 

func NewServiceAccountIamPolicy(ctx *pulumi.Context,
	name string, args *ServiceAccountIamPolicyArgs, opts ...pulumi.ResourceOption) (*ServiceAccountIamPolicy, error)

NewServiceAccountIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccountIamPolicy) ElementType 

func (*ServiceAccountIamPolicy) ElementType() reflect.Type

func (*ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutput 

func (i *ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutput() ServiceAccountIamPolicyOutput

func (*ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutputWithContext 

func (i *ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutputWithContext(ctx context.Context) ServiceAccountIamPolicyOutput

type ServiceAccountIamPolicyArgs 

type ServiceAccountIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag             pulumi.StringPtrInput
	Project          pulumi.StringPtrInput
	ServiceAccountId pulumi.StringInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a ServiceAccountIamPolicy resource.

func (ServiceAccountIamPolicyArgs) ElementType 

func (ServiceAccountIamPolicyArgs) ElementType() reflect.Type

type ServiceAccountIamPolicyInput 

type ServiceAccountIamPolicyInput interface {
	pulumi.Input

	ToServiceAccountIamPolicyOutput() ServiceAccountIamPolicyOutput
	ToServiceAccountIamPolicyOutputWithContext(ctx context.Context) ServiceAccountIamPolicyOutput
}

type ServiceAccountIamPolicyOutput 

type ServiceAccountIamPolicyOutput struct{ *pulumi.OutputState }

func (ServiceAccountIamPolicyOutput) AuditConfigs added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (ServiceAccountIamPolicyOutput) Bindings added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (ServiceAccountIamPolicyOutput) ElementType 

func (ServiceAccountIamPolicyOutput) ElementType() reflect.Type

func (ServiceAccountIamPolicyOutput) Etag added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (ServiceAccountIamPolicyOutput) Project added in v0.21.0 

func (o ServiceAccountIamPolicyOutput) Project() pulumi.StringOutput

func (ServiceAccountIamPolicyOutput) ServiceAccountId added in v0.21.0 

func (o ServiceAccountIamPolicyOutput) ServiceAccountId() pulumi.StringOutput

func (ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutput 

func (o ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutput() ServiceAccountIamPolicyOutput

func (ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutputWithContext 

func (o ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutputWithContext(ctx context.Context) ServiceAccountIamPolicyOutput

func (ServiceAccountIamPolicyOutput) Version added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type ServiceAccountIamPolicyState 

type ServiceAccountIamPolicyState struct {
}

func (ServiceAccountIamPolicyState) ElementType 

func (ServiceAccountIamPolicyState) ElementType() reflect.Type

type ServiceAccountInput 

type ServiceAccountInput interface {
	pulumi.Input

	ToServiceAccountOutput() ServiceAccountOutput
	ToServiceAccountOutputWithContext(ctx context.Context) ServiceAccountOutput
}

type ServiceAccountOutput 

type ServiceAccountOutput struct{ *pulumi.OutputState }

func (ServiceAccountOutput) Description added in v0.19.0 

func (o ServiceAccountOutput) Description() pulumi.StringOutput

Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.

func (ServiceAccountOutput) Disabled added in v0.19.0 

func (o ServiceAccountOutput) Disabled() pulumi.BoolOutput

Whether the service account is disabled.

func (ServiceAccountOutput) DisplayName added in v0.19.0 

func (o ServiceAccountOutput) DisplayName() pulumi.StringOutput

Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.

func (ServiceAccountOutput) ElementType 

func (ServiceAccountOutput) ElementType() reflect.Type

func (ServiceAccountOutput) Email added in v0.19.0 

func (o ServiceAccountOutput) Email() pulumi.StringOutput

The email address of the service account.

func (ServiceAccountOutput) Etag deprecated added in v0.19.0 

func (o ServiceAccountOutput) Etag() pulumi.StringOutput

Deprecated. Do not use.

Deprecated: Deprecated. Do not use.

func (ServiceAccountOutput) Name added in v0.19.0 

func (o ServiceAccountOutput) Name() pulumi.StringOutput

The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.

func (ServiceAccountOutput) Oauth2ClientId added in v0.19.0 

func (o ServiceAccountOutput) Oauth2ClientId() pulumi.StringOutput

The OAuth 2.0 client ID for the service account.

func (ServiceAccountOutput) Project added in v0.19.0 

func (o ServiceAccountOutput) Project() pulumi.StringOutput

func (ServiceAccountOutput) ToServiceAccountOutput 

func (o ServiceAccountOutput) ToServiceAccountOutput() ServiceAccountOutput

func (ServiceAccountOutput) ToServiceAccountOutputWithContext 

func (o ServiceAccountOutput) ToServiceAccountOutputWithContext(ctx context.Context) ServiceAccountOutput

func (ServiceAccountOutput) UniqueId added in v0.19.0 

func (o ServiceAccountOutput) UniqueId() pulumi.StringOutput

The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.

type ServiceAccountState 

type ServiceAccountState struct {
}

func (ServiceAccountState) ElementType 

func (ServiceAccountState) ElementType() reflect.Type

type ServiceConfig added in v0.32.0 

type ServiceConfig struct {
	// Optional. Domain name of the service. Example: console.cloud.google
	Domain *string `pulumi:"domain"`
}

Configuration for a service.

type ServiceConfigArgs added in v0.32.0 

type ServiceConfigArgs struct {
	// Optional. Domain name of the service. Example: console.cloud.google
	Domain pulumi.StringPtrInput `pulumi:"domain"`
}

Configuration for a service.

func (ServiceConfigArgs) ElementType added in v0.32.0 

func (ServiceConfigArgs) ElementType() reflect.Type

func (ServiceConfigArgs) ToServiceConfigOutput added in v0.32.0 

func (i ServiceConfigArgs) ToServiceConfigOutput() ServiceConfigOutput

func (ServiceConfigArgs) ToServiceConfigOutputWithContext added in v0.32.0 

func (i ServiceConfigArgs) ToServiceConfigOutputWithContext(ctx context.Context) ServiceConfigOutput

type ServiceConfigArray added in v0.32.0 

type ServiceConfigArray []ServiceConfigInput

func (ServiceConfigArray) ElementType added in v0.32.0 

func (ServiceConfigArray) ElementType() reflect.Type

func (ServiceConfigArray) ToServiceConfigArrayOutput added in v0.32.0 

func (i ServiceConfigArray) ToServiceConfigArrayOutput() ServiceConfigArrayOutput

func (ServiceConfigArray) ToServiceConfigArrayOutputWithContext added in v0.32.0 

func (i ServiceConfigArray) ToServiceConfigArrayOutputWithContext(ctx context.Context) ServiceConfigArrayOutput

type ServiceConfigArrayInput added in v0.32.0 

type ServiceConfigArrayInput interface {
	pulumi.Input

	ToServiceConfigArrayOutput() ServiceConfigArrayOutput
	ToServiceConfigArrayOutputWithContext(context.Context) ServiceConfigArrayOutput
}

ServiceConfigArrayInput is an input type that accepts ServiceConfigArray and ServiceConfigArrayOutput values. You can construct a concrete instance of `ServiceConfigArrayInput` via: 

ServiceConfigArray{ ServiceConfigArgs{...} }

type ServiceConfigArrayOutput added in v0.32.0 

type ServiceConfigArrayOutput struct{ *pulumi.OutputState }

func (ServiceConfigArrayOutput) ElementType added in v0.32.0 

func (ServiceConfigArrayOutput) ElementType() reflect.Type

func (ServiceConfigArrayOutput) Index added in v0.32.0 

func (o ServiceConfigArrayOutput) Index(i pulumi.IntInput) ServiceConfigOutput

func (ServiceConfigArrayOutput) ToServiceConfigArrayOutput added in v0.32.0 

func (o ServiceConfigArrayOutput) ToServiceConfigArrayOutput() ServiceConfigArrayOutput

func (ServiceConfigArrayOutput) ToServiceConfigArrayOutputWithContext added in v0.32.0 

func (o ServiceConfigArrayOutput) ToServiceConfigArrayOutputWithContext(ctx context.Context) ServiceConfigArrayOutput

type ServiceConfigInput added in v0.32.0 

type ServiceConfigInput interface {
	pulumi.Input

	ToServiceConfigOutput() ServiceConfigOutput
	ToServiceConfigOutputWithContext(context.Context) ServiceConfigOutput
}

ServiceConfigInput is an input type that accepts ServiceConfigArgs and ServiceConfigOutput values. You can construct a concrete instance of `ServiceConfigInput` via: 

ServiceConfigArgs{...}

type ServiceConfigOutput added in v0.32.0 

type ServiceConfigOutput struct{ *pulumi.OutputState }

Configuration for a service.

func (ServiceConfigOutput) Domain added in v0.32.0 

func (o ServiceConfigOutput) Domain() pulumi.StringPtrOutput

Optional. Domain name of the service. Example: console.cloud.google

func (ServiceConfigOutput) ElementType added in v0.32.0 

func (ServiceConfigOutput) ElementType() reflect.Type

func (ServiceConfigOutput) ToServiceConfigOutput added in v0.32.0 

func (o ServiceConfigOutput) ToServiceConfigOutput() ServiceConfigOutput

func (ServiceConfigOutput) ToServiceConfigOutputWithContext added in v0.32.0 

func (o ServiceConfigOutput) ToServiceConfigOutputWithContext(ctx context.Context) ServiceConfigOutput

type ServiceConfigResponse added in v0.32.0 

type ServiceConfigResponse struct {
	// Optional. Domain name of the service. Example: console.cloud.google
	Domain string `pulumi:"domain"`
}

Configuration for a service.

type ServiceConfigResponseArrayOutput added in v0.32.0 

type ServiceConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (ServiceConfigResponseArrayOutput) ElementType added in v0.32.0 

func (ServiceConfigResponseArrayOutput) ElementType() reflect.Type

func (ServiceConfigResponseArrayOutput) Index added in v0.32.0 

func (o ServiceConfigResponseArrayOutput) Index(i pulumi.IntInput) ServiceConfigResponseOutput

func (ServiceConfigResponseArrayOutput) ToServiceConfigResponseArrayOutput added in v0.32.0 

func (o ServiceConfigResponseArrayOutput) ToServiceConfigResponseArrayOutput() ServiceConfigResponseArrayOutput

func (ServiceConfigResponseArrayOutput) ToServiceConfigResponseArrayOutputWithContext added in v0.32.0 

func (o ServiceConfigResponseArrayOutput) ToServiceConfigResponseArrayOutputWithContext(ctx context.Context) ServiceConfigResponseArrayOutput

type ServiceConfigResponseOutput added in v0.32.0 

type ServiceConfigResponseOutput struct{ *pulumi.OutputState }

Configuration for a service.

func (ServiceConfigResponseOutput) Domain added in v0.32.0 

func (o ServiceConfigResponseOutput) Domain() pulumi.StringOutput

Optional. Domain name of the service. Example: console.cloud.google

func (ServiceConfigResponseOutput) ElementType added in v0.32.0 

func (ServiceConfigResponseOutput) ElementType() reflect.Type

func (ServiceConfigResponseOutput) ToServiceConfigResponseOutput added in v0.32.0 

func (o ServiceConfigResponseOutput) ToServiceConfigResponseOutput() ServiceConfigResponseOutput

func (ServiceConfigResponseOutput) ToServiceConfigResponseOutputWithContext added in v0.32.0 

func (o ServiceConfigResponseOutput) ToServiceConfigResponseOutputWithContext(ctx context.Context) ServiceConfigResponseOutput

type WorkforcePool added in v0.29.0 

type WorkforcePool struct {
	pulumi.CustomResourceState

	// Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	AccessRestrictions AccessRestrictionsResponseOutput `pulumi:"accessRestrictions"`
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringOutput `pulumi:"description"`
	// Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Time after which the workforce pool will be permanently purged and cannot be recovered.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	Location   pulumi.StringOutput `pulumi:"location"`
	// The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`
	Name pulumi.StringOutput `pulumi:"name"`
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration` is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in the SAML assertion.
	SessionDuration pulumi.StringOutput `pulumi:"sessionDuration"`
	// The state of the pool.
	State pulumi.StringOutput `pulumi:"state"`
	// The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringPtrOutput `pulumi:"workforcePoolId"`
}

Creates a new WorkforcePool. You cannot reuse the name of a deleted pool until 30 days after deletion. Auto-naming is currently not supported for this resource.

func GetWorkforcePool added in v0.29.0 

func GetWorkforcePool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolState, opts ...pulumi.ResourceOption) (*WorkforcePool, error)

GetWorkforcePool gets an existing WorkforcePool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePool added in v0.29.0 

func NewWorkforcePool(ctx *pulumi.Context,
	name string, args *WorkforcePoolArgs, opts ...pulumi.ResourceOption) (*WorkforcePool, error)

NewWorkforcePool registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePool) ElementType added in v0.29.0 

func (*WorkforcePool) ElementType() reflect.Type

func (*WorkforcePool) ToWorkforcePoolOutput added in v0.29.0 

func (i *WorkforcePool) ToWorkforcePoolOutput() WorkforcePoolOutput

func (*WorkforcePool) ToWorkforcePoolOutputWithContext added in v0.29.0 

func (i *WorkforcePool) ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput

type WorkforcePoolArgs added in v0.29.0 

type WorkforcePoolArgs struct {
	// Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
	AccessRestrictions AccessRestrictionsPtrInput
	// A user-specified description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	Location    pulumi.StringPtrInput
	// Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
	Parent pulumi.StringPtrInput
	// Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration` is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in the SAML assertion.
	SessionDuration pulumi.StringPtrInput
	// The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolId pulumi.StringPtrInput
}

The set of arguments for constructing a WorkforcePool resource.

func (WorkforcePoolArgs) ElementType added in v0.29.0 

func (WorkforcePoolArgs) ElementType() reflect.Type

type WorkforcePoolIamBinding added in v0.29.0 

type WorkforcePoolIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets IAM policies on a WorkforcePool.

func GetWorkforcePoolIamBinding added in v0.29.0 

func GetWorkforcePoolIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolIamBindingState, opts ...pulumi.ResourceOption) (*WorkforcePoolIamBinding, error)

GetWorkforcePoolIamBinding gets an existing WorkforcePoolIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePoolIamBinding added in v0.29.0 

func NewWorkforcePoolIamBinding(ctx *pulumi.Context,
	name string, args *WorkforcePoolIamBindingArgs, opts ...pulumi.ResourceOption) (*WorkforcePoolIamBinding, error)

NewWorkforcePoolIamBinding registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePoolIamBinding) ElementType added in v0.29.0 

func (*WorkforcePoolIamBinding) ElementType() reflect.Type

func (*WorkforcePoolIamBinding) ToWorkforcePoolIamBindingOutput added in v0.29.0 

func (i *WorkforcePoolIamBinding) ToWorkforcePoolIamBindingOutput() WorkforcePoolIamBindingOutput

func (*WorkforcePoolIamBinding) ToWorkforcePoolIamBindingOutputWithContext added in v0.29.0 

func (i *WorkforcePoolIamBinding) ToWorkforcePoolIamBindingOutputWithContext(ctx context.Context) WorkforcePoolIamBindingOutput

type WorkforcePoolIamBindingArgs added in v0.29.0 

type WorkforcePoolIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a WorkforcePoolIamBinding resource.

func (WorkforcePoolIamBindingArgs) ElementType added in v0.29.0 

func (WorkforcePoolIamBindingArgs) ElementType() reflect.Type

type WorkforcePoolIamBindingInput added in v0.29.0 

type WorkforcePoolIamBindingInput interface {
	pulumi.Input

	ToWorkforcePoolIamBindingOutput() WorkforcePoolIamBindingOutput
	ToWorkforcePoolIamBindingOutputWithContext(ctx context.Context) WorkforcePoolIamBindingOutput
}

type WorkforcePoolIamBindingOutput added in v0.29.0 

type WorkforcePoolIamBindingOutput struct{ *pulumi.OutputState }

func (WorkforcePoolIamBindingOutput) Condition added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) Condition() ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (WorkforcePoolIamBindingOutput) ElementType added in v0.29.0 

func (WorkforcePoolIamBindingOutput) ElementType() reflect.Type

func (WorkforcePoolIamBindingOutput) Etag added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (WorkforcePoolIamBindingOutput) Members added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (WorkforcePoolIamBindingOutput) Name added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (WorkforcePoolIamBindingOutput) Project added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (WorkforcePoolIamBindingOutput) Role added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (WorkforcePoolIamBindingOutput) ToWorkforcePoolIamBindingOutput added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) ToWorkforcePoolIamBindingOutput() WorkforcePoolIamBindingOutput

func (WorkforcePoolIamBindingOutput) ToWorkforcePoolIamBindingOutputWithContext added in v0.29.0 

func (o WorkforcePoolIamBindingOutput) ToWorkforcePoolIamBindingOutputWithContext(ctx context.Context) WorkforcePoolIamBindingOutput

type WorkforcePoolIamBindingState added in v0.29.0 

type WorkforcePoolIamBindingState struct {
}

func (WorkforcePoolIamBindingState) ElementType added in v0.29.0 

func (WorkforcePoolIamBindingState) ElementType() reflect.Type

type WorkforcePoolIamMember added in v0.29.0 

type WorkforcePoolIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets IAM policies on a WorkforcePool.

func GetWorkforcePoolIamMember added in v0.29.0 

func GetWorkforcePoolIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolIamMemberState, opts ...pulumi.ResourceOption) (*WorkforcePoolIamMember, error)

GetWorkforcePoolIamMember gets an existing WorkforcePoolIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePoolIamMember added in v0.29.0 

func NewWorkforcePoolIamMember(ctx *pulumi.Context,
	name string, args *WorkforcePoolIamMemberArgs, opts ...pulumi.ResourceOption) (*WorkforcePoolIamMember, error)

NewWorkforcePoolIamMember registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePoolIamMember) ElementType added in v0.29.0 

func (*WorkforcePoolIamMember) ElementType() reflect.Type

func (*WorkforcePoolIamMember) ToWorkforcePoolIamMemberOutput added in v0.29.0 

func (i *WorkforcePoolIamMember) ToWorkforcePoolIamMemberOutput() WorkforcePoolIamMemberOutput

func (*WorkforcePoolIamMember) ToWorkforcePoolIamMemberOutputWithContext added in v0.29.0 

func (i *WorkforcePoolIamMember) ToWorkforcePoolIamMemberOutputWithContext(ctx context.Context) WorkforcePoolIamMemberOutput

type WorkforcePoolIamMemberArgs added in v0.29.0 

type WorkforcePoolIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a WorkforcePoolIamMember resource.

func (WorkforcePoolIamMemberArgs) ElementType added in v0.29.0 

func (WorkforcePoolIamMemberArgs) ElementType() reflect.Type

type WorkforcePoolIamMemberInput added in v0.29.0 

type WorkforcePoolIamMemberInput interface {
	pulumi.Input

	ToWorkforcePoolIamMemberOutput() WorkforcePoolIamMemberOutput
	ToWorkforcePoolIamMemberOutputWithContext(ctx context.Context) WorkforcePoolIamMemberOutput
}

type WorkforcePoolIamMemberOutput added in v0.29.0 

type WorkforcePoolIamMemberOutput struct{ *pulumi.OutputState }

func (WorkforcePoolIamMemberOutput) Condition added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) Condition() ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (WorkforcePoolIamMemberOutput) ElementType added in v0.29.0 

func (WorkforcePoolIamMemberOutput) ElementType() reflect.Type

func (WorkforcePoolIamMemberOutput) Etag added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (WorkforcePoolIamMemberOutput) Member added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (WorkforcePoolIamMemberOutput) Name added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (WorkforcePoolIamMemberOutput) Project added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (WorkforcePoolIamMemberOutput) Role added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (WorkforcePoolIamMemberOutput) ToWorkforcePoolIamMemberOutput added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) ToWorkforcePoolIamMemberOutput() WorkforcePoolIamMemberOutput

func (WorkforcePoolIamMemberOutput) ToWorkforcePoolIamMemberOutputWithContext added in v0.29.0 

func (o WorkforcePoolIamMemberOutput) ToWorkforcePoolIamMemberOutputWithContext(ctx context.Context) WorkforcePoolIamMemberOutput

type WorkforcePoolIamMemberState added in v0.29.0 

type WorkforcePoolIamMemberState struct {
}

func (WorkforcePoolIamMemberState) ElementType added in v0.29.0 

func (WorkforcePoolIamMemberState) ElementType() reflect.Type

type WorkforcePoolIamPolicy added in v0.29.0 

type WorkforcePoolIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringOutput `pulumi:"etag"`
	Location pulumi.StringOutput `pulumi:"location"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version         pulumi.IntOutput    `pulumi:"version"`
	WorkforcePoolId pulumi.StringOutput `pulumi:"workforcePoolId"`
}

Sets IAM policies on a WorkforcePool. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetWorkforcePoolIamPolicy added in v0.29.0 

func GetWorkforcePoolIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolIamPolicyState, opts ...pulumi.ResourceOption) (*WorkforcePoolIamPolicy, error)

GetWorkforcePoolIamPolicy gets an existing WorkforcePoolIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePoolIamPolicy added in v0.29.0 

func NewWorkforcePoolIamPolicy(ctx *pulumi.Context,
	name string, args *WorkforcePoolIamPolicyArgs, opts ...pulumi.ResourceOption) (*WorkforcePoolIamPolicy, error)

NewWorkforcePoolIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePoolIamPolicy) ElementType added in v0.29.0 

func (*WorkforcePoolIamPolicy) ElementType() reflect.Type

func (*WorkforcePoolIamPolicy) ToWorkforcePoolIamPolicyOutput added in v0.29.0 

func (i *WorkforcePoolIamPolicy) ToWorkforcePoolIamPolicyOutput() WorkforcePoolIamPolicyOutput

func (*WorkforcePoolIamPolicy) ToWorkforcePoolIamPolicyOutputWithContext added in v0.29.0 

func (i *WorkforcePoolIamPolicy) ToWorkforcePoolIamPolicyOutputWithContext(ctx context.Context) WorkforcePoolIamPolicyOutput

type WorkforcePoolIamPolicyArgs added in v0.29.0 

type WorkforcePoolIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringPtrInput
	Location pulumi.StringPtrInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version         pulumi.IntPtrInput
	WorkforcePoolId pulumi.StringInput
}

The set of arguments for constructing a WorkforcePoolIamPolicy resource.

func (WorkforcePoolIamPolicyArgs) ElementType added in v0.29.0 

func (WorkforcePoolIamPolicyArgs) ElementType() reflect.Type

type WorkforcePoolIamPolicyInput added in v0.29.0 

type WorkforcePoolIamPolicyInput interface {
	pulumi.Input

	ToWorkforcePoolIamPolicyOutput() WorkforcePoolIamPolicyOutput
	ToWorkforcePoolIamPolicyOutputWithContext(ctx context.Context) WorkforcePoolIamPolicyOutput
}

type WorkforcePoolIamPolicyOutput added in v0.29.0 

type WorkforcePoolIamPolicyOutput struct{ *pulumi.OutputState }

func (WorkforcePoolIamPolicyOutput) AuditConfigs added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (WorkforcePoolIamPolicyOutput) Bindings added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (WorkforcePoolIamPolicyOutput) ElementType added in v0.29.0 

func (WorkforcePoolIamPolicyOutput) ElementType() reflect.Type

func (WorkforcePoolIamPolicyOutput) Etag added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (WorkforcePoolIamPolicyOutput) Location added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) Location() pulumi.StringOutput

func (WorkforcePoolIamPolicyOutput) ToWorkforcePoolIamPolicyOutput added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) ToWorkforcePoolIamPolicyOutput() WorkforcePoolIamPolicyOutput

func (WorkforcePoolIamPolicyOutput) ToWorkforcePoolIamPolicyOutputWithContext added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) ToWorkforcePoolIamPolicyOutputWithContext(ctx context.Context) WorkforcePoolIamPolicyOutput

func (WorkforcePoolIamPolicyOutput) Version added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (WorkforcePoolIamPolicyOutput) WorkforcePoolId added in v0.29.0 

func (o WorkforcePoolIamPolicyOutput) WorkforcePoolId() pulumi.StringOutput

type WorkforcePoolIamPolicyState added in v0.29.0 

type WorkforcePoolIamPolicyState struct {
}

func (WorkforcePoolIamPolicyState) ElementType added in v0.29.0 

func (WorkforcePoolIamPolicyState) ElementType() reflect.Type

type WorkforcePoolInput added in v0.29.0 

type WorkforcePoolInput interface {
	pulumi.Input

	ToWorkforcePoolOutput() WorkforcePoolOutput
	ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput
}

type WorkforcePoolKey added in v0.29.0 

type WorkforcePoolKey struct {
	pulumi.CustomResourceState

	// The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	// Immutable. Public half of the asymmetric key.
	KeyData  KeyDataResponseOutput `pulumi:"keyData"`
	Location pulumi.StringOutput   `pulumi:"location"`
	// The resource name of the key.
	Name       pulumi.StringOutput `pulumi:"name"`
	ProviderId pulumi.StringOutput `pulumi:"providerId"`
	// The state of the key.
	State pulumi.StringOutput `pulumi:"state"`
	// The purpose of the key.
	Use             pulumi.StringOutput `pulumi:"use"`
	WorkforcePoolId pulumi.StringOutput `pulumi:"workforcePoolId"`
	// Required. The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	WorkforcePoolProviderKeyId pulumi.StringOutput `pulumi:"workforcePoolProviderKeyId"`
}

Creates a new WorkforcePoolProviderKey in a WorkforcePoolProvider. Auto-naming is currently not supported for this resource.

func GetWorkforcePoolKey added in v0.29.0 

func GetWorkforcePoolKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolKeyState, opts ...pulumi.ResourceOption) (*WorkforcePoolKey, error)

GetWorkforcePoolKey gets an existing WorkforcePoolKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePoolKey added in v0.29.0 

func NewWorkforcePoolKey(ctx *pulumi.Context,
	name string, args *WorkforcePoolKeyArgs, opts ...pulumi.ResourceOption) (*WorkforcePoolKey, error)

NewWorkforcePoolKey registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePoolKey) ElementType added in v0.29.0 

func (*WorkforcePoolKey) ElementType() reflect.Type

func (*WorkforcePoolKey) ToWorkforcePoolKeyOutput added in v0.29.0 

func (i *WorkforcePoolKey) ToWorkforcePoolKeyOutput() WorkforcePoolKeyOutput

func (*WorkforcePoolKey) ToWorkforcePoolKeyOutputWithContext added in v0.29.0 

func (i *WorkforcePoolKey) ToWorkforcePoolKeyOutputWithContext(ctx context.Context) WorkforcePoolKeyOutput

type WorkforcePoolKeyArgs added in v0.29.0 

type WorkforcePoolKeyArgs struct {
	// Immutable. Public half of the asymmetric key.
	KeyData    KeyDataPtrInput
	Location   pulumi.StringPtrInput
	ProviderId pulumi.StringInput
	// The purpose of the key.
	Use             WorkforcePoolKeyUseInput
	WorkforcePoolId pulumi.StringInput
	// Required. The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
	WorkforcePoolProviderKeyId pulumi.StringInput
}

The set of arguments for constructing a WorkforcePoolKey resource.

func (WorkforcePoolKeyArgs) ElementType added in v0.29.0 

func (WorkforcePoolKeyArgs) ElementType() reflect.Type

type WorkforcePoolKeyInput added in v0.29.0 

type WorkforcePoolKeyInput interface {
	pulumi.Input

	ToWorkforcePoolKeyOutput() WorkforcePoolKeyOutput
	ToWorkforcePoolKeyOutputWithContext(ctx context.Context) WorkforcePoolKeyOutput
}

type WorkforcePoolKeyOutput added in v0.29.0 

type WorkforcePoolKeyOutput struct{ *pulumi.OutputState }

func (WorkforcePoolKeyOutput) ElementType added in v0.29.0 

func (WorkforcePoolKeyOutput) ElementType() reflect.Type

func (WorkforcePoolKeyOutput) ExpireTime added in v0.29.0 

func (o WorkforcePoolKeyOutput) ExpireTime() pulumi.StringOutput

The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.

func (WorkforcePoolKeyOutput) KeyData added in v0.29.0 

func (o WorkforcePoolKeyOutput) KeyData() KeyDataResponseOutput

Immutable. Public half of the asymmetric key.

func (WorkforcePoolKeyOutput) Location added in v0.29.0 

func (o WorkforcePoolKeyOutput) Location() pulumi.StringOutput

func (WorkforcePoolKeyOutput) Name added in v0.29.0 

func (o WorkforcePoolKeyOutput) Name() pulumi.StringOutput

The resource name of the key.

func (WorkforcePoolKeyOutput) ProviderId added in v0.29.0 

func (o WorkforcePoolKeyOutput) ProviderId() pulumi.StringOutput

func (WorkforcePoolKeyOutput) State added in v0.29.0 

func (o WorkforcePoolKeyOutput) State() pulumi.StringOutput

The state of the key.

func (WorkforcePoolKeyOutput) ToWorkforcePoolKeyOutput added in v0.29.0 

func (o WorkforcePoolKeyOutput) ToWorkforcePoolKeyOutput() WorkforcePoolKeyOutput

func (WorkforcePoolKeyOutput) ToWorkforcePoolKeyOutputWithContext added in v0.29.0 

func (o WorkforcePoolKeyOutput) ToWorkforcePoolKeyOutputWithContext(ctx context.Context) WorkforcePoolKeyOutput

func (WorkforcePoolKeyOutput) Use added in v0.29.0 

func (o WorkforcePoolKeyOutput) Use() pulumi.StringOutput

The purpose of the key.

func (WorkforcePoolKeyOutput) WorkforcePoolId added in v0.29.0 

func (o WorkforcePoolKeyOutput) WorkforcePoolId() pulumi.StringOutput

func (WorkforcePoolKeyOutput) WorkforcePoolProviderKeyId added in v0.29.0 

func (o WorkforcePoolKeyOutput) WorkforcePoolProviderKeyId() pulumi.StringOutput

Required. The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].

type WorkforcePoolKeyState added in v0.29.0 

type WorkforcePoolKeyState struct {
}

func (WorkforcePoolKeyState) ElementType added in v0.29.0 

func (WorkforcePoolKeyState) ElementType() reflect.Type

type WorkforcePoolKeyUse added in v0.29.0 

type WorkforcePoolKeyUse string

Required. The purpose of the key.

func (WorkforcePoolKeyUse) ElementType added in v0.29.0 

func (WorkforcePoolKeyUse) ElementType() reflect.Type

func (WorkforcePoolKeyUse) ToStringOutput added in v0.29.0 

func (e WorkforcePoolKeyUse) ToStringOutput() pulumi.StringOutput

func (WorkforcePoolKeyUse) ToStringOutputWithContext added in v0.29.0 

func (e WorkforcePoolKeyUse) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (WorkforcePoolKeyUse) ToStringPtrOutput added in v0.29.0 

func (e WorkforcePoolKeyUse) ToStringPtrOutput() pulumi.StringPtrOutput

func (WorkforcePoolKeyUse) ToStringPtrOutputWithContext added in v0.29.0 

func (e WorkforcePoolKeyUse) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (WorkforcePoolKeyUse) ToWorkforcePoolKeyUseOutput added in v0.29.0 

func (e WorkforcePoolKeyUse) ToWorkforcePoolKeyUseOutput() WorkforcePoolKeyUseOutput

func (WorkforcePoolKeyUse) ToWorkforcePoolKeyUseOutputWithContext added in v0.29.0 

func (e WorkforcePoolKeyUse) ToWorkforcePoolKeyUseOutputWithContext(ctx context.Context) WorkforcePoolKeyUseOutput

func (WorkforcePoolKeyUse) ToWorkforcePoolKeyUsePtrOutput added in v0.29.0 

func (e WorkforcePoolKeyUse) ToWorkforcePoolKeyUsePtrOutput() WorkforcePoolKeyUsePtrOutput

func (WorkforcePoolKeyUse) ToWorkforcePoolKeyUsePtrOutputWithContext added in v0.29.0 

func (e WorkforcePoolKeyUse) ToWorkforcePoolKeyUsePtrOutputWithContext(ctx context.Context) WorkforcePoolKeyUsePtrOutput

type WorkforcePoolKeyUseInput added in v0.29.0 

type WorkforcePoolKeyUseInput interface {
	pulumi.Input

	ToWorkforcePoolKeyUseOutput() WorkforcePoolKeyUseOutput
	ToWorkforcePoolKeyUseOutputWithContext(context.Context) WorkforcePoolKeyUseOutput
}

WorkforcePoolKeyUseInput is an input type that accepts WorkforcePoolKeyUseArgs and WorkforcePoolKeyUseOutput values. You can construct a concrete instance of `WorkforcePoolKeyUseInput` via: 

WorkforcePoolKeyUseArgs{...}

type WorkforcePoolKeyUseOutput added in v0.29.0 

type WorkforcePoolKeyUseOutput struct{ *pulumi.OutputState }

func (WorkforcePoolKeyUseOutput) ElementType added in v0.29.0 

func (WorkforcePoolKeyUseOutput) ElementType() reflect.Type

func (WorkforcePoolKeyUseOutput) ToStringOutput added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToStringOutput() pulumi.StringOutput

func (WorkforcePoolKeyUseOutput) ToStringOutputWithContext added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (WorkforcePoolKeyUseOutput) ToStringPtrOutput added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (WorkforcePoolKeyUseOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUseOutput added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUseOutput() WorkforcePoolKeyUseOutput

func (WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUseOutputWithContext added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUseOutputWithContext(ctx context.Context) WorkforcePoolKeyUseOutput

func (WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUsePtrOutput added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUsePtrOutput() WorkforcePoolKeyUsePtrOutput

func (WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUsePtrOutputWithContext added in v0.29.0 

func (o WorkforcePoolKeyUseOutput) ToWorkforcePoolKeyUsePtrOutputWithContext(ctx context.Context) WorkforcePoolKeyUsePtrOutput

type WorkforcePoolKeyUsePtrInput added in v0.29.0 

type WorkforcePoolKeyUsePtrInput interface {
	pulumi.Input

	ToWorkforcePoolKeyUsePtrOutput() WorkforcePoolKeyUsePtrOutput
	ToWorkforcePoolKeyUsePtrOutputWithContext(context.Context) WorkforcePoolKeyUsePtrOutput
}

func WorkforcePoolKeyUsePtr added in v0.29.0 

func WorkforcePoolKeyUsePtr(v string) WorkforcePoolKeyUsePtrInput

type WorkforcePoolKeyUsePtrOutput added in v0.29.0 

type WorkforcePoolKeyUsePtrOutput struct{ *pulumi.OutputState }

func (WorkforcePoolKeyUsePtrOutput) Elem added in v0.29.0 

func (o WorkforcePoolKeyUsePtrOutput) Elem() WorkforcePoolKeyUseOutput

func (WorkforcePoolKeyUsePtrOutput) ElementType added in v0.29.0 

func (WorkforcePoolKeyUsePtrOutput) ElementType() reflect.Type

func (WorkforcePoolKeyUsePtrOutput) ToStringPtrOutput added in v0.29.0 

func (o WorkforcePoolKeyUsePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (WorkforcePoolKeyUsePtrOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o WorkforcePoolKeyUsePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (WorkforcePoolKeyUsePtrOutput) ToWorkforcePoolKeyUsePtrOutput added in v0.29.0 

func (o WorkforcePoolKeyUsePtrOutput) ToWorkforcePoolKeyUsePtrOutput() WorkforcePoolKeyUsePtrOutput

func (WorkforcePoolKeyUsePtrOutput) ToWorkforcePoolKeyUsePtrOutputWithContext added in v0.29.0 

func (o WorkforcePoolKeyUsePtrOutput) ToWorkforcePoolKeyUsePtrOutputWithContext(ctx context.Context) WorkforcePoolKeyUsePtrOutput

type WorkforcePoolOutput added in v0.29.0 

type WorkforcePoolOutput struct{ *pulumi.OutputState }

func (WorkforcePoolOutput) AccessRestrictions added in v0.32.0 

func (o WorkforcePoolOutput) AccessRestrictions() AccessRestrictionsResponseOutput

Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.

func (WorkforcePoolOutput) Description added in v0.29.0 

func (o WorkforcePoolOutput) Description() pulumi.StringOutput

A user-specified description of the pool. Cannot exceed 256 characters.

func (WorkforcePoolOutput) Disabled added in v0.29.0 

func (o WorkforcePoolOutput) Disabled() pulumi.BoolOutput

Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkforcePoolOutput) DisplayName added in v0.29.0 

func (o WorkforcePoolOutput) DisplayName() pulumi.StringOutput

A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.

func (WorkforcePoolOutput) ElementType added in v0.29.0 

func (WorkforcePoolOutput) ElementType() reflect.Type

func (WorkforcePoolOutput) ExpireTime added in v0.32.0 

func (o WorkforcePoolOutput) ExpireTime() pulumi.StringOutput

Time after which the workforce pool will be permanently purged and cannot be recovered.

func (WorkforcePoolOutput) Location added in v0.29.0 

func (o WorkforcePoolOutput) Location() pulumi.StringOutput

func (WorkforcePoolOutput) Name added in v0.29.0 

func (o WorkforcePoolOutput) Name() pulumi.StringOutput

The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`

func (WorkforcePoolOutput) Parent added in v0.29.0 

func (o WorkforcePoolOutput) Parent() pulumi.StringOutput

Immutable. The resource name of the parent. Format: `organizations/{org-id}`.

func (WorkforcePoolOutput) SessionDuration added in v0.29.0 

func (o WorkforcePoolOutput) SessionDuration() pulumi.StringOutput

Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration` is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in the SAML assertion.

func (WorkforcePoolOutput) State added in v0.29.0 

func (o WorkforcePoolOutput) State() pulumi.StringOutput

The state of the pool.

func (WorkforcePoolOutput) ToWorkforcePoolOutput added in v0.29.0 

func (o WorkforcePoolOutput) ToWorkforcePoolOutput() WorkforcePoolOutput

func (WorkforcePoolOutput) ToWorkforcePoolOutputWithContext added in v0.29.0 

func (o WorkforcePoolOutput) ToWorkforcePoolOutputWithContext(ctx context.Context) WorkforcePoolOutput

func (WorkforcePoolOutput) WorkforcePoolId added in v0.29.0 

func (o WorkforcePoolOutput) WorkforcePoolId() pulumi.StringPtrOutput

The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkforcePoolProvider added in v0.29.0 

type WorkforcePoolProvider struct {
	pulumi.CustomResourceState

	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. `google.profile_photo` and `google.display_name` are not supported. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credentials will be accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition pulumi.StringOutput `pulumi:"attributeCondition"`
	// Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/locations/global/workforcePools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 4KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringOutput `pulumi:"description"`
	// Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Time after which the workload pool provider will be permanently purged and cannot be recovered.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	Location   pulumi.StringOutput `pulumi:"location"`
	// The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`
	Name pulumi.StringOutput `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider configuration.
	Oidc GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput `pulumi:"oidc"`
	// A SAML identity provider configuration.
	Saml GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput `pulumi:"saml"`
	// The state of the provider.
	State           pulumi.StringOutput `pulumi:"state"`
	WorkforcePoolId pulumi.StringOutput `pulumi:"workforcePoolId"`
	// Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolProviderId pulumi.StringOutput `pulumi:"workforcePoolProviderId"`
}

Creates a new WorkforcePoolProvider in a WorkforcePool. You cannot reuse the name of a deleted provider until 30 days after deletion. Auto-naming is currently not supported for this resource.

func GetWorkforcePoolProvider added in v0.29.0 

func GetWorkforcePoolProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkforcePoolProviderState, opts ...pulumi.ResourceOption) (*WorkforcePoolProvider, error)

GetWorkforcePoolProvider gets an existing WorkforcePoolProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkforcePoolProvider added in v0.29.0 

func NewWorkforcePoolProvider(ctx *pulumi.Context,
	name string, args *WorkforcePoolProviderArgs, opts ...pulumi.ResourceOption) (*WorkforcePoolProvider, error)

NewWorkforcePoolProvider registers a new resource with the given unique name, arguments, and options.

func (*WorkforcePoolProvider) ElementType added in v0.29.0 

func (*WorkforcePoolProvider) ElementType() reflect.Type

func (*WorkforcePoolProvider) ToWorkforcePoolProviderOutput added in v0.29.0 

func (i *WorkforcePoolProvider) ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput

func (*WorkforcePoolProvider) ToWorkforcePoolProviderOutputWithContext added in v0.29.0 

func (i *WorkforcePoolProvider) ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput

type WorkforcePoolProviderArgs added in v0.29.0 

type WorkforcePoolProviderArgs struct {
	// A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. `google.profile_photo` and `google.display_name` are not supported. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credentials will be accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/locations/global/workforcePools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 4KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping pulumi.StringMapInput
	// A user-specified description of the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A user-specified display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	Location    pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider configuration.
	Oidc GoogleIamAdminV1WorkforcePoolProviderOidcPtrInput
	// A SAML identity provider configuration.
	Saml            GoogleIamAdminV1WorkforcePoolProviderSamlPtrInput
	WorkforcePoolId pulumi.StringInput
	// Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkforcePoolProviderId pulumi.StringInput
}

The set of arguments for constructing a WorkforcePoolProvider resource.

func (WorkforcePoolProviderArgs) ElementType added in v0.29.0 

func (WorkforcePoolProviderArgs) ElementType() reflect.Type

type WorkforcePoolProviderInput added in v0.29.0 

type WorkforcePoolProviderInput interface {
	pulumi.Input

	ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput
	ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput
}

type WorkforcePoolProviderOutput added in v0.29.0 

type WorkforcePoolProviderOutput struct{ *pulumi.OutputState }

func (WorkforcePoolProviderOutput) AttributeCondition added in v0.29.0 

func (o WorkforcePoolProviderOutput) AttributeCondition() pulumi.StringOutput

A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. `google.profile_photo` and `google.display_name` are not supported. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credentials will be accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ```"'admins' in google.groups"```

func (WorkforcePoolProviderOutput) AttributeMapping added in v0.29.0 

func (o WorkforcePoolProviderOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/locations/global/workforcePools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 4KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ```{"google.subject": "assertion.sub"}```

func (WorkforcePoolProviderOutput) Description added in v0.29.0 

func (o WorkforcePoolProviderOutput) Description() pulumi.StringOutput

A user-specified description of the provider. Cannot exceed 256 characters.

func (WorkforcePoolProviderOutput) Disabled added in v0.29.0 

func (o WorkforcePoolProviderOutput) Disabled() pulumi.BoolOutput

Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (WorkforcePoolProviderOutput) DisplayName added in v0.29.0 

func (o WorkforcePoolProviderOutput) DisplayName() pulumi.StringOutput

A user-specified display name for the provider. Cannot exceed 32 characters.

func (WorkforcePoolProviderOutput) ElementType added in v0.29.0 

func (WorkforcePoolProviderOutput) ElementType() reflect.Type

func (WorkforcePoolProviderOutput) ExpireTime added in v0.32.0 

func (o WorkforcePoolProviderOutput) ExpireTime() pulumi.StringOutput

Time after which the workload pool provider will be permanently purged and cannot be recovered.

func (WorkforcePoolProviderOutput) Location added in v0.29.0 

func (o WorkforcePoolProviderOutput) Location() pulumi.StringOutput

func (WorkforcePoolProviderOutput) Name added in v0.29.0 

func (o WorkforcePoolProviderOutput) Name() pulumi.StringOutput

The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`

func (WorkforcePoolProviderOutput) Oidc added in v0.29.0 

func (o WorkforcePoolProviderOutput) Oidc() GoogleIamAdminV1WorkforcePoolProviderOidcResponseOutput

An OpenId Connect 1.0 identity provider configuration.

func (WorkforcePoolProviderOutput) Saml added in v0.29.0 

func (o WorkforcePoolProviderOutput) Saml() GoogleIamAdminV1WorkforcePoolProviderSamlResponseOutput

A SAML identity provider configuration.

func (WorkforcePoolProviderOutput) State added in v0.29.0 

func (o WorkforcePoolProviderOutput) State() pulumi.StringOutput

The state of the provider.

func (WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutput added in v0.29.0 

func (o WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutput() WorkforcePoolProviderOutput

func (WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutputWithContext added in v0.29.0 

func (o WorkforcePoolProviderOutput) ToWorkforcePoolProviderOutputWithContext(ctx context.Context) WorkforcePoolProviderOutput

func (WorkforcePoolProviderOutput) WorkforcePoolId added in v0.29.0 

func (o WorkforcePoolProviderOutput) WorkforcePoolId() pulumi.StringOutput

func (WorkforcePoolProviderOutput) WorkforcePoolProviderId added in v0.29.0 

func (o WorkforcePoolProviderOutput) WorkforcePoolProviderId() pulumi.StringOutput

Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkforcePoolProviderState added in v0.29.0 

type WorkforcePoolProviderState struct {
}

func (WorkforcePoolProviderState) ElementType added in v0.29.0 

func (WorkforcePoolProviderState) ElementType() reflect.Type

type WorkforcePoolState added in v0.29.0 

type WorkforcePoolState struct {
}

func (WorkforcePoolState) ElementType added in v0.29.0 

func (WorkforcePoolState) ElementType() reflect.Type

type WorkloadIdentityPool 

type WorkloadIdentityPool struct {
	pulumi.CustomResourceState

	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringOutput `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Time after which the workload identity pool will be permanently purged and cannot be recovered.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	Location   pulumi.StringOutput `pulumi:"location"`
	// The resource name of the pool.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// The state of the pool.
	State pulumi.StringOutput `pulumi:"state"`
	// Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
}

Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted pool until 30 days after deletion. Auto-naming is currently not supported for this resource.

func GetWorkloadIdentityPool 

func GetWorkloadIdentityPool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

GetWorkloadIdentityPool gets an existing WorkloadIdentityPool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPool 

func NewWorkloadIdentityPool(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

NewWorkloadIdentityPool registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPool) ElementType 

func (*WorkloadIdentityPool) ElementType() reflect.Type

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutput 

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext 

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

type WorkloadIdentityPoolArgs 

type WorkloadIdentityPoolArgs struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	Location    pulumi.StringPtrInput
	Project     pulumi.StringPtrInput
	// Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringInput
}

The set of arguments for constructing a WorkloadIdentityPool resource.

func (WorkloadIdentityPoolArgs) ElementType 

func (WorkloadIdentityPoolArgs) ElementType() reflect.Type

type WorkloadIdentityPoolInput 

type WorkloadIdentityPoolInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
	ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
}

type WorkloadIdentityPoolKey added in v0.29.0 

type WorkloadIdentityPoolKey struct {
	pulumi.CustomResourceState

	// Time after which the key will be permanently purged and cannot be recovered. Note that the key may get purged before this timestamp if the total limit of keys per provider is crossed.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	// Immutable. Public half of the asymmetric key.
	KeyData  KeyDataResponseOutput `pulumi:"keyData"`
	Location pulumi.StringOutput   `pulumi:"location"`
	// The resource name of the key.
	Name       pulumi.StringOutput `pulumi:"name"`
	Project    pulumi.StringOutput `pulumi:"project"`
	ProviderId pulumi.StringOutput `pulumi:"providerId"`
	// The state of the key.
	State pulumi.StringOutput `pulumi:"state"`
	// The purpose of the key.
	Use                    pulumi.StringOutput `pulumi:"use"`
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
	// Required. The ID to use for the key, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-].
	WorkloadIdentityPoolProviderKeyId pulumi.StringOutput `pulumi:"workloadIdentityPoolProviderKeyId"`
}

Create a new WorkloadIdentityPoolProviderKey in a WorkloadIdentityPoolProvider. Auto-naming is currently not supported for this resource.

func GetWorkloadIdentityPoolKey added in v0.29.0 

func GetWorkloadIdentityPoolKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolKeyState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolKey, error)

GetWorkloadIdentityPoolKey gets an existing WorkloadIdentityPoolKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPoolKey added in v0.29.0 

func NewWorkloadIdentityPoolKey(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolKeyArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPoolKey, error)

NewWorkloadIdentityPoolKey registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPoolKey) ElementType added in v0.29.0 

func (*WorkloadIdentityPoolKey) ElementType() reflect.Type

func (*WorkloadIdentityPoolKey) ToWorkloadIdentityPoolKeyOutput added in v0.29.0 

func (i *WorkloadIdentityPoolKey) ToWorkloadIdentityPoolKeyOutput() WorkloadIdentityPoolKeyOutput

func (*WorkloadIdentityPoolKey) ToWorkloadIdentityPoolKeyOutputWithContext added in v0.29.0 

func (i *WorkloadIdentityPoolKey) ToWorkloadIdentityPoolKeyOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyOutput

type WorkloadIdentityPoolKeyArgs added in v0.29.0 

type WorkloadIdentityPoolKeyArgs struct {
	// Immutable. Public half of the asymmetric key.
	KeyData    KeyDataPtrInput
	Location   pulumi.StringPtrInput
	Project    pulumi.StringPtrInput
	ProviderId pulumi.StringInput
	// The purpose of the key.
	Use                    WorkloadIdentityPoolKeyUseInput
	WorkloadIdentityPoolId pulumi.StringInput
	// Required. The ID to use for the key, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-].
	WorkloadIdentityPoolProviderKeyId pulumi.StringInput
}

The set of arguments for constructing a WorkloadIdentityPoolKey resource.

func (WorkloadIdentityPoolKeyArgs) ElementType added in v0.29.0 

func (WorkloadIdentityPoolKeyArgs) ElementType() reflect.Type

type WorkloadIdentityPoolKeyInput added in v0.29.0 

type WorkloadIdentityPoolKeyInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolKeyOutput() WorkloadIdentityPoolKeyOutput
	ToWorkloadIdentityPoolKeyOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyOutput
}

type WorkloadIdentityPoolKeyOutput added in v0.29.0 

type WorkloadIdentityPoolKeyOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolKeyOutput) ElementType added in v0.29.0 

func (WorkloadIdentityPoolKeyOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolKeyOutput) ExpireTime added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) ExpireTime() pulumi.StringOutput

Time after which the key will be permanently purged and cannot be recovered. Note that the key may get purged before this timestamp if the total limit of keys per provider is crossed.

func (WorkloadIdentityPoolKeyOutput) KeyData added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) KeyData() KeyDataResponseOutput

Immutable. Public half of the asymmetric key.

func (WorkloadIdentityPoolKeyOutput) Location added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) Location() pulumi.StringOutput

func (WorkloadIdentityPoolKeyOutput) Name added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) Name() pulumi.StringOutput

The resource name of the key.

func (WorkloadIdentityPoolKeyOutput) Project added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) Project() pulumi.StringOutput

func (WorkloadIdentityPoolKeyOutput) ProviderId added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) ProviderId() pulumi.StringOutput

func (WorkloadIdentityPoolKeyOutput) State added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) State() pulumi.StringOutput

The state of the key.

func (WorkloadIdentityPoolKeyOutput) ToWorkloadIdentityPoolKeyOutput added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) ToWorkloadIdentityPoolKeyOutput() WorkloadIdentityPoolKeyOutput

func (WorkloadIdentityPoolKeyOutput) ToWorkloadIdentityPoolKeyOutputWithContext added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) ToWorkloadIdentityPoolKeyOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyOutput

func (WorkloadIdentityPoolKeyOutput) Use added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) Use() pulumi.StringOutput

The purpose of the key.

func (WorkloadIdentityPoolKeyOutput) WorkloadIdentityPoolId added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) WorkloadIdentityPoolId() pulumi.StringOutput

func (WorkloadIdentityPoolKeyOutput) WorkloadIdentityPoolProviderKeyId added in v0.29.0 

func (o WorkloadIdentityPoolKeyOutput) WorkloadIdentityPoolProviderKeyId() pulumi.StringOutput

Required. The ID to use for the key, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-].

type WorkloadIdentityPoolKeyState added in v0.29.0 

type WorkloadIdentityPoolKeyState struct {
}

func (WorkloadIdentityPoolKeyState) ElementType added in v0.29.0 

func (WorkloadIdentityPoolKeyState) ElementType() reflect.Type

type WorkloadIdentityPoolKeyUse added in v0.29.0 

type WorkloadIdentityPoolKeyUse string

Required. The purpose of the key.

func (WorkloadIdentityPoolKeyUse) ElementType added in v0.29.0 

func (WorkloadIdentityPoolKeyUse) ElementType() reflect.Type

func (WorkloadIdentityPoolKeyUse) ToStringOutput added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToStringOutput() pulumi.StringOutput

func (WorkloadIdentityPoolKeyUse) ToStringOutputWithContext added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (WorkloadIdentityPoolKeyUse) ToStringPtrOutput added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToStringPtrOutput() pulumi.StringPtrOutput

func (WorkloadIdentityPoolKeyUse) ToStringPtrOutputWithContext added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUseOutput added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUseOutput() WorkloadIdentityPoolKeyUseOutput

func (WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUseOutputWithContext added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUseOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyUseOutput

func (WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUsePtrOutput added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUsePtrOutput() WorkloadIdentityPoolKeyUsePtrOutput

func (WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUsePtrOutputWithContext added in v0.29.0 

func (e WorkloadIdentityPoolKeyUse) ToWorkloadIdentityPoolKeyUsePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyUsePtrOutput

type WorkloadIdentityPoolKeyUseInput added in v0.29.0 

type WorkloadIdentityPoolKeyUseInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolKeyUseOutput() WorkloadIdentityPoolKeyUseOutput
	ToWorkloadIdentityPoolKeyUseOutputWithContext(context.Context) WorkloadIdentityPoolKeyUseOutput
}

WorkloadIdentityPoolKeyUseInput is an input type that accepts WorkloadIdentityPoolKeyUseArgs and WorkloadIdentityPoolKeyUseOutput values. You can construct a concrete instance of `WorkloadIdentityPoolKeyUseInput` via: 

WorkloadIdentityPoolKeyUseArgs{...}

type WorkloadIdentityPoolKeyUseOutput added in v0.29.0 

type WorkloadIdentityPoolKeyUseOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolKeyUseOutput) ElementType added in v0.29.0 

func (WorkloadIdentityPoolKeyUseOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolKeyUseOutput) ToStringOutput added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToStringOutput() pulumi.StringOutput

func (WorkloadIdentityPoolKeyUseOutput) ToStringOutputWithContext added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (WorkloadIdentityPoolKeyUseOutput) ToStringPtrOutput added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (WorkloadIdentityPoolKeyUseOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUseOutput added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUseOutput() WorkloadIdentityPoolKeyUseOutput

func (WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUseOutputWithContext added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUseOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyUseOutput

func (WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUsePtrOutput added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUsePtrOutput() WorkloadIdentityPoolKeyUsePtrOutput

func (WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUsePtrOutputWithContext added in v0.29.0 

func (o WorkloadIdentityPoolKeyUseOutput) ToWorkloadIdentityPoolKeyUsePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyUsePtrOutput

type WorkloadIdentityPoolKeyUsePtrInput added in v0.29.0 

type WorkloadIdentityPoolKeyUsePtrInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolKeyUsePtrOutput() WorkloadIdentityPoolKeyUsePtrOutput
	ToWorkloadIdentityPoolKeyUsePtrOutputWithContext(context.Context) WorkloadIdentityPoolKeyUsePtrOutput
}

func WorkloadIdentityPoolKeyUsePtr added in v0.29.0 

func WorkloadIdentityPoolKeyUsePtr(v string) WorkloadIdentityPoolKeyUsePtrInput

type WorkloadIdentityPoolKeyUsePtrOutput added in v0.29.0 

type WorkloadIdentityPoolKeyUsePtrOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolKeyUsePtrOutput) Elem added in v0.29.0 

func (o WorkloadIdentityPoolKeyUsePtrOutput) Elem() WorkloadIdentityPoolKeyUseOutput

func (WorkloadIdentityPoolKeyUsePtrOutput) ElementType added in v0.29.0 

func (WorkloadIdentityPoolKeyUsePtrOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolKeyUsePtrOutput) ToStringPtrOutput added in v0.29.0 

func (o WorkloadIdentityPoolKeyUsePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (WorkloadIdentityPoolKeyUsePtrOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o WorkloadIdentityPoolKeyUsePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (WorkloadIdentityPoolKeyUsePtrOutput) ToWorkloadIdentityPoolKeyUsePtrOutput added in v0.29.0 

func (o WorkloadIdentityPoolKeyUsePtrOutput) ToWorkloadIdentityPoolKeyUsePtrOutput() WorkloadIdentityPoolKeyUsePtrOutput

func (WorkloadIdentityPoolKeyUsePtrOutput) ToWorkloadIdentityPoolKeyUsePtrOutputWithContext added in v0.29.0 

func (o WorkloadIdentityPoolKeyUsePtrOutput) ToWorkloadIdentityPoolKeyUsePtrOutputWithContext(ctx context.Context) WorkloadIdentityPoolKeyUsePtrOutput

type WorkloadIdentityPoolOutput 

type WorkloadIdentityPoolOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolOutput) Description added in v0.19.0 

func (o WorkloadIdentityPoolOutput) Description() pulumi.StringOutput

A description of the pool. Cannot exceed 256 characters.

func (WorkloadIdentityPoolOutput) Disabled added in v0.19.0 

func (o WorkloadIdentityPoolOutput) Disabled() pulumi.BoolOutput

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) DisplayName added in v0.19.0 

func (o WorkloadIdentityPoolOutput) DisplayName() pulumi.StringOutput

A display name for the pool. Cannot exceed 32 characters.

func (WorkloadIdentityPoolOutput) ElementType 

func (WorkloadIdentityPoolOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolOutput) ExpireTime added in v0.32.0 

func (o WorkloadIdentityPoolOutput) ExpireTime() pulumi.StringOutput

Time after which the workload identity pool will be permanently purged and cannot be recovered.

func (WorkloadIdentityPoolOutput) Location added in v0.21.0 

func (o WorkloadIdentityPoolOutput) Location() pulumi.StringOutput

func (WorkloadIdentityPoolOutput) Name added in v0.19.0 

func (o WorkloadIdentityPoolOutput) Name() pulumi.StringOutput

The resource name of the pool.

func (WorkloadIdentityPoolOutput) Project added in v0.21.0 

func (o WorkloadIdentityPoolOutput) Project() pulumi.StringOutput

func (WorkloadIdentityPoolOutput) State added in v0.19.0 

func (o WorkloadIdentityPoolOutput) State() pulumi.StringOutput

The state of the pool.

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput 

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext 

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) WorkloadIdentityPoolId added in v0.21.0 

func (o WorkloadIdentityPoolOutput) WorkloadIdentityPoolId() pulumi.StringOutput

Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkloadIdentityPoolState 

type WorkloadIdentityPoolState struct {
}

func (WorkloadIdentityPoolState) ElementType 

func (WorkloadIdentityPoolState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.