All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.iam.kotlin.WorkforcePoolProvider.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.iam.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderExtraAttributesOauth2Client
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderOidc
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderSaml
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderExtraAttributesOauth2Client.Companion.toKotlin as workforcePoolProviderExtraAttributesOauth2ClientToKotlin
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderOidc.Companion.toKotlin as workforcePoolProviderOidcToKotlin
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderSaml.Companion.toKotlin as workforcePoolProviderSamlToKotlin

/**
 * Builder for [WorkforcePoolProvider].
 */
@PulumiTagMarker
public class WorkforcePoolProviderResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: WorkforcePoolProviderArgs = WorkforcePoolProviderArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend WorkforcePoolProviderArgsBuilder.() -> Unit) {
        val builder = WorkforcePoolProviderArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): WorkforcePoolProvider {
        val builtJavaResource = com.pulumi.gcp.iam.WorkforcePoolProvider(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return WorkforcePoolProvider(builtJavaResource)
    }
}

/**
 * A configuration for an external identity provider.
 * To get more information about WorkforcePoolProvider, see:
 * * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers)
 * * How-to Guides
 *     * [Configure a provider within the workforce pool](https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#configure_a_provider_within_the_workforce_pool)
 * > **Note:** Ask your Google Cloud account team to request access to workforce identity federation for your
 * billing/quota project. The account team notifies you when the project is granted access.
 * ## Example Usage
 * ### Iam Workforce Pool Provider Saml Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const pool = new gcp.iam.WorkforcePool("pool", {
 *     workforcePoolId: "example-pool",
 *     parent: "organizations/123456789",
 *     location: "global",
 * });
 * const example = new gcp.iam.WorkforcePoolProvider("example", {
 *     workforcePoolId: pool.workforcePoolId,
 *     location: pool.location,
 *     providerId: "example-prvdr",
 *     attributeMapping: {
 *         "google.subject": "assertion.sub",
 *     },
 *     saml: {
 *         idpMetadataXml: " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * pool = gcp.iam.WorkforcePool("pool",
 *     workforce_pool_id="example-pool",
 *     parent="organizations/123456789",
 *     location="global")
 * example = gcp.iam.WorkforcePoolProvider("example",
 *     workforce_pool_id=pool.workforce_pool_id,
 *     location=pool.location,
 *     provider_id="example-prvdr",
 *     attribute_mapping={
 *         "google.subject": "assertion.sub",
 *     },
 *     saml=gcp.iam.WorkforcePoolProviderSamlArgs(
 *         idp_metadata_xml=" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var pool = new Gcp.Iam.WorkforcePool("pool", new()
 *     {
 *         WorkforcePoolId = "example-pool",
 *         Parent = "organizations/123456789",
 *         Location = "global",
 *     });
 *     var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
 *     {
 *         WorkforcePoolId = pool.WorkforcePoolId,
 *         Location = pool.Location,
 *         ProviderId = "example-prvdr",
 *         AttributeMapping =
 *         {
 *             { "google.subject", "assertion.sub" },
 *         },
 *         Saml = new Gcp.Iam.Inputs.WorkforcePoolProviderSamlArgs
 *         {
 *             IdpMetadataXml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
 * 			WorkforcePoolId: pulumi.String("example-pool"),
 * 			Parent:          pulumi.String("organizations/123456789"),
 * 			Location:        pulumi.String("global"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
 * 			WorkforcePoolId: pool.WorkforcePoolId,
 * 			Location:        pool.Location,
 * 			ProviderId:      pulumi.String("example-prvdr"),
 * 			AttributeMapping: pulumi.StringMap{
 * 				"google.subject": pulumi.String("assertion.sub"),
 * 			},
 * 			Saml: &iam.WorkforcePoolProviderSamlArgs{
 * 				IdpMetadataXml: pulumi.String(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.iam.WorkforcePool;
 * import com.pulumi.gcp.iam.WorkforcePoolArgs;
 * import com.pulumi.gcp.iam.WorkforcePoolProvider;
 * import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderSamlArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
 *             .workforcePoolId("example-pool")
 *             .parent("organizations/123456789")
 *             .location("global")
 *             .build());
 *         var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
 *             .workforcePoolId(pool.workforcePoolId())
 *             .location(pool.location())
 *             .providerId("example-prvdr")
 *             .attributeMapping(Map.of("google.subject", "assertion.sub"))
 *             .saml(WorkforcePoolProviderSamlArgs.builder()
 *                 .idpMetadataXml(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   pool:
 *     type: gcp:iam:WorkforcePool
 *     properties:
 *       workforcePoolId: example-pool
 *       parent: organizations/123456789
 *       location: global
 *   example:
 *     type: gcp:iam:WorkforcePoolProvider
 *     properties:
 *       workforcePoolId: ${pool.workforcePoolId}
 *       location: ${pool.location}
 *       providerId: example-prvdr
 *       attributeMapping:
 *         google.subject: assertion.sub
 *       saml:
 *         idpMetadataXml:  MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv
 * ```
 * 
 * ### Iam Workforce Pool Provider Saml Full
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const pool = new gcp.iam.WorkforcePool("pool", {
 *     workforcePoolId: "example-pool",
 *     parent: "organizations/123456789",
 *     location: "global",
 * });
 * const example = new gcp.iam.WorkforcePoolProvider("example", {
 *     workforcePoolId: pool.workforcePoolId,
 *     location: pool.location,
 *     providerId: "example-prvdr",
 *     attributeMapping: {
 *         "google.subject": "assertion.sub",
 *     },
 *     saml: {
 *         idpMetadataXml: " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv",
 *     },
 *     displayName: "Display name",
 *     description: "A sample SAML workforce pool provider.",
 *     disabled: false,
 *     attributeCondition: "true",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * pool = gcp.iam.WorkforcePool("pool",
 *     workforce_pool_id="example-pool",
 *     parent="organizations/123456789",
 *     location="global")
 * example = gcp.iam.WorkforcePoolProvider("example",
 *     workforce_pool_id=pool.workforce_pool_id,
 *     location=pool.location,
 *     provider_id="example-prvdr",
 *     attribute_mapping={
 *         "google.subject": "assertion.sub",
 *     },
 *     saml=gcp.iam.WorkforcePoolProviderSamlArgs(
 *         idp_metadata_xml=" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv",
 *     ),
 *     display_name="Display name",
 *     description="A sample SAML workforce pool provider.",
 *     disabled=False,
 *     attribute_condition="true")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var pool = new Gcp.Iam.WorkforcePool("pool", new()
 *     {
 *         WorkforcePoolId = "example-pool",
 *         Parent = "organizations/123456789",
 *         Location = "global",
 *     });
 *     var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
 *     {
 *         WorkforcePoolId = pool.WorkforcePoolId,
 *         Location = pool.Location,
 *         ProviderId = "example-prvdr",
 *         AttributeMapping =
 *         {
 *             { "google.subject", "assertion.sub" },
 *         },
 *         Saml = new Gcp.Iam.Inputs.WorkforcePoolProviderSamlArgs
 *         {
 *             IdpMetadataXml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv",
 *         },
 *         DisplayName = "Display name",
 *         Description = "A sample SAML workforce pool provider.",
 *         Disabled = false,
 *         AttributeCondition = "true",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
 * 			WorkforcePoolId: pulumi.String("example-pool"),
 * 			Parent:          pulumi.String("organizations/123456789"),
 * 			Location:        pulumi.String("global"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
 * 			WorkforcePoolId: pool.WorkforcePoolId,
 * 			Location:        pool.Location,
 * 			ProviderId:      pulumi.String("example-prvdr"),
 * 			AttributeMapping: pulumi.StringMap{
 * 				"google.subject": pulumi.String("assertion.sub"),
 * 			},
 * 			Saml: &iam.WorkforcePoolProviderSamlArgs{
 * 				IdpMetadataXml: pulumi.String(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv"),
 * 			},
 * 			DisplayName:        pulumi.String("Display name"),
 * 			Description:        pulumi.String("A sample SAML workforce pool provider."),
 * 			Disabled:           pulumi.Bool(false),
 * 			AttributeCondition: pulumi.String("true"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.iam.WorkforcePool;
 * import com.pulumi.gcp.iam.WorkforcePoolArgs;
 * import com.pulumi.gcp.iam.WorkforcePoolProvider;
 * import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderSamlArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
 *             .workforcePoolId("example-pool")
 *             .parent("organizations/123456789")
 *             .location("global")
 *             .build());
 *         var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
 *             .workforcePoolId(pool.workforcePoolId())
 *             .location(pool.location())
 *             .providerId("example-prvdr")
 *             .attributeMapping(Map.of("google.subject", "assertion.sub"))
 *             .saml(WorkforcePoolProviderSamlArgs.builder()
 *                 .idpMetadataXml(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv")
 *                 .build())
 *             .displayName("Display name")
 *             .description("A sample SAML workforce pool provider.")
 *             .disabled(false)
 *             .attributeCondition("true")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   pool:
 *     type: gcp:iam:WorkforcePool
 *     properties:
 *       workforcePoolId: example-pool
 *       parent: organizations/123456789
 *       location: global
 *   example:
 *     type: gcp:iam:WorkforcePoolProvider
 *     properties:
 *       workforcePoolId: ${pool.workforcePoolId}
 *       location: ${pool.location}
 *       providerId: example-prvdr
 *       attributeMapping:
 *         google.subject: assertion.sub
 *       saml:
 *         idpMetadataXml:  MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv
 *       displayName: Display name
 *       description: A sample SAML workforce pool provider.
 *       disabled: false
 *       attributeCondition: 'true'
 * ```
 * 
 * ### Iam Workforce Pool Provider Oidc Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const pool = new gcp.iam.WorkforcePool("pool", {
 *     workforcePoolId: "example-pool",
 *     parent: "organizations/123456789",
 *     location: "global",
 * });
 * const example = new gcp.iam.WorkforcePoolProvider("example", {
 *     workforcePoolId: pool.workforcePoolId,
 *     location: pool.location,
 *     providerId: "example-prvdr",
 *     attributeMapping: {
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc: {
 *         issuerUri: "https://accounts.thirdparty.com",
 *         clientId: "client-id",
 *         clientSecret: {
 *             value: {
 *                 plainText: "client-secret",
 *             },
 *         },
 *         webSsoConfig: {
 *             responseType: "CODE",
 *             assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *         },
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * pool = gcp.iam.WorkforcePool("pool",
 *     workforce_pool_id="example-pool",
 *     parent="organizations/123456789",
 *     location="global")
 * example = gcp.iam.WorkforcePoolProvider("example",
 *     workforce_pool_id=pool.workforce_pool_id,
 *     location=pool.location,
 *     provider_id="example-prvdr",
 *     attribute_mapping={
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
 *         issuer_uri="https://accounts.thirdparty.com",
 *         client_id="client-id",
 *         client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
 *             value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
 *                 plain_text="client-secret",
 *             ),
 *         ),
 *         web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
 *             response_type="CODE",
 *             assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *         ),
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var pool = new Gcp.Iam.WorkforcePool("pool", new()
 *     {
 *         WorkforcePoolId = "example-pool",
 *         Parent = "organizations/123456789",
 *         Location = "global",
 *     });
 *     var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
 *     {
 *         WorkforcePoolId = pool.WorkforcePoolId,
 *         Location = pool.Location,
 *         ProviderId = "example-prvdr",
 *         AttributeMapping =
 *         {
 *             { "google.subject", "assertion.sub" },
 *         },
 *         Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
 *         {
 *             IssuerUri = "https://accounts.thirdparty.com",
 *             ClientId = "client-id",
 *             ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
 *             {
 *                 Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
 *                 {
 *                     PlainText = "client-secret",
 *                 },
 *             },
 *             WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
 *             {
 *                 ResponseType = "CODE",
 *                 AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
 * 			WorkforcePoolId: pulumi.String("example-pool"),
 * 			Parent:          pulumi.String("organizations/123456789"),
 * 			Location:        pulumi.String("global"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
 * 			WorkforcePoolId: pool.WorkforcePoolId,
 * 			Location:        pool.Location,
 * 			ProviderId:      pulumi.String("example-prvdr"),
 * 			AttributeMapping: pulumi.StringMap{
 * 				"google.subject": pulumi.String("assertion.sub"),
 * 			},
 * 			Oidc: &iam.WorkforcePoolProviderOidcArgs{
 * 				IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
 * 				ClientId:  pulumi.String("client-id"),
 * 				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
 * 					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
 * 						PlainText: pulumi.String("client-secret"),
 * 					},
 * 				},
 * 				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
 * 					ResponseType:            pulumi.String("CODE"),
 * 					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.iam.WorkforcePool;
 * import com.pulumi.gcp.iam.WorkforcePoolArgs;
 * import com.pulumi.gcp.iam.WorkforcePoolProvider;
 * import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
 *             .workforcePoolId("example-pool")
 *             .parent("organizations/123456789")
 *             .location("global")
 *             .build());
 *         var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
 *             .workforcePoolId(pool.workforcePoolId())
 *             .location(pool.location())
 *             .providerId("example-prvdr")
 *             .attributeMapping(Map.of("google.subject", "assertion.sub"))
 *             .oidc(WorkforcePoolProviderOidcArgs.builder()
 *                 .issuerUri("https://accounts.thirdparty.com")
 *                 .clientId("client-id")
 *                 .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
 *                     .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
 *                         .plainText("client-secret")
 *                         .build())
 *                     .build())
 *                 .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
 *                     .responseType("CODE")
 *                     .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   pool:
 *     type: gcp:iam:WorkforcePool
 *     properties:
 *       workforcePoolId: example-pool
 *       parent: organizations/123456789
 *       location: global
 *   example:
 *     type: gcp:iam:WorkforcePoolProvider
 *     properties:
 *       workforcePoolId: ${pool.workforcePoolId}
 *       location: ${pool.location}
 *       providerId: example-prvdr
 *       attributeMapping:
 *         google.subject: assertion.sub
 *       oidc:
 *         issuerUri: https://accounts.thirdparty.com
 *         clientId: client-id
 *         clientSecret:
 *           value:
 *             plainText: client-secret
 *         webSsoConfig:
 *           responseType: CODE
 *           assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
 * ```
 * 
 * ### Iam Workforce Pool Provider Oidc Full
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const pool = new gcp.iam.WorkforcePool("pool", {
 *     workforcePoolId: "example-pool",
 *     parent: "organizations/123456789",
 *     location: "global",
 * });
 * const example = new gcp.iam.WorkforcePoolProvider("example", {
 *     workforcePoolId: pool.workforcePoolId,
 *     location: pool.location,
 *     providerId: "example-prvdr",
 *     attributeMapping: {
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc: {
 *         issuerUri: "https://accounts.thirdparty.com",
 *         clientId: "client-id",
 *         clientSecret: {
 *             value: {
 *                 plainText: "client-secret",
 *             },
 *         },
 *         webSsoConfig: {
 *             responseType: "CODE",
 *             assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *             additionalScopes: [
 *                 "groups",
 *                 "roles",
 *             ],
 *         },
 *     },
 *     displayName: "Display name",
 *     description: "A sample OIDC workforce pool provider.",
 *     disabled: false,
 *     attributeCondition: "true",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * pool = gcp.iam.WorkforcePool("pool",
 *     workforce_pool_id="example-pool",
 *     parent="organizations/123456789",
 *     location="global")
 * example = gcp.iam.WorkforcePoolProvider("example",
 *     workforce_pool_id=pool.workforce_pool_id,
 *     location=pool.location,
 *     provider_id="example-prvdr",
 *     attribute_mapping={
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
 *         issuer_uri="https://accounts.thirdparty.com",
 *         client_id="client-id",
 *         client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
 *             value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
 *                 plain_text="client-secret",
 *             ),
 *         ),
 *         web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
 *             response_type="CODE",
 *             assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *             additional_scopes=[
 *                 "groups",
 *                 "roles",
 *             ],
 *         ),
 *     ),
 *     display_name="Display name",
 *     description="A sample OIDC workforce pool provider.",
 *     disabled=False,
 *     attribute_condition="true")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var pool = new Gcp.Iam.WorkforcePool("pool", new()
 *     {
 *         WorkforcePoolId = "example-pool",
 *         Parent = "organizations/123456789",
 *         Location = "global",
 *     });
 *     var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
 *     {
 *         WorkforcePoolId = pool.WorkforcePoolId,
 *         Location = pool.Location,
 *         ProviderId = "example-prvdr",
 *         AttributeMapping =
 *         {
 *             { "google.subject", "assertion.sub" },
 *         },
 *         Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
 *         {
 *             IssuerUri = "https://accounts.thirdparty.com",
 *             ClientId = "client-id",
 *             ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
 *             {
 *                 Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
 *                 {
 *                     PlainText = "client-secret",
 *                 },
 *             },
 *             WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
 *             {
 *                 ResponseType = "CODE",
 *                 AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *                 AdditionalScopes = new[]
 *                 {
 *                     "groups",
 *                     "roles",
 *                 },
 *             },
 *         },
 *         DisplayName = "Display name",
 *         Description = "A sample OIDC workforce pool provider.",
 *         Disabled = false,
 *         AttributeCondition = "true",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
 * 			WorkforcePoolId: pulumi.String("example-pool"),
 * 			Parent:          pulumi.String("organizations/123456789"),
 * 			Location:        pulumi.String("global"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
 * 			WorkforcePoolId: pool.WorkforcePoolId,
 * 			Location:        pool.Location,
 * 			ProviderId:      pulumi.String("example-prvdr"),
 * 			AttributeMapping: pulumi.StringMap{
 * 				"google.subject": pulumi.String("assertion.sub"),
 * 			},
 * 			Oidc: &iam.WorkforcePoolProviderOidcArgs{
 * 				IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
 * 				ClientId:  pulumi.String("client-id"),
 * 				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
 * 					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
 * 						PlainText: pulumi.String("client-secret"),
 * 					},
 * 				},
 * 				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
 * 					ResponseType:            pulumi.String("CODE"),
 * 					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
 * 					AdditionalScopes: pulumi.StringArray{
 * 						pulumi.String("groups"),
 * 						pulumi.String("roles"),
 * 					},
 * 				},
 * 			},
 * 			DisplayName:        pulumi.String("Display name"),
 * 			Description:        pulumi.String("A sample OIDC workforce pool provider."),
 * 			Disabled:           pulumi.Bool(false),
 * 			AttributeCondition: pulumi.String("true"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.iam.WorkforcePool;
 * import com.pulumi.gcp.iam.WorkforcePoolArgs;
 * import com.pulumi.gcp.iam.WorkforcePoolProvider;
 * import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
 *             .workforcePoolId("example-pool")
 *             .parent("organizations/123456789")
 *             .location("global")
 *             .build());
 *         var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
 *             .workforcePoolId(pool.workforcePoolId())
 *             .location(pool.location())
 *             .providerId("example-prvdr")
 *             .attributeMapping(Map.of("google.subject", "assertion.sub"))
 *             .oidc(WorkforcePoolProviderOidcArgs.builder()
 *                 .issuerUri("https://accounts.thirdparty.com")
 *                 .clientId("client-id")
 *                 .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
 *                     .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
 *                         .plainText("client-secret")
 *                         .build())
 *                     .build())
 *                 .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
 *                     .responseType("CODE")
 *                     .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
 *                     .additionalScopes(
 *                         "groups",
 *                         "roles")
 *                     .build())
 *                 .build())
 *             .displayName("Display name")
 *             .description("A sample OIDC workforce pool provider.")
 *             .disabled(false)
 *             .attributeCondition("true")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   pool:
 *     type: gcp:iam:WorkforcePool
 *     properties:
 *       workforcePoolId: example-pool
 *       parent: organizations/123456789
 *       location: global
 *   example:
 *     type: gcp:iam:WorkforcePoolProvider
 *     properties:
 *       workforcePoolId: ${pool.workforcePoolId}
 *       location: ${pool.location}
 *       providerId: example-prvdr
 *       attributeMapping:
 *         google.subject: assertion.sub
 *       oidc:
 *         issuerUri: https://accounts.thirdparty.com
 *         clientId: client-id
 *         clientSecret:
 *           value:
 *             plainText: client-secret
 *         webSsoConfig:
 *           responseType: CODE
 *           assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
 *           additionalScopes:
 *             - groups
 *             - roles
 *       displayName: Display name
 *       description: A sample OIDC workforce pool provider.
 *       disabled: false
 *       attributeCondition: 'true'
 * ```
 * 
 * ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const pool = new gcp.iam.WorkforcePool("pool", {
 *     workforcePoolId: "example-pool",
 *     parent: "organizations/123456789",
 *     location: "global",
 * });
 * const example = new gcp.iam.WorkforcePoolProvider("example", {
 *     workforcePoolId: pool.workforcePoolId,
 *     location: pool.location,
 *     providerId: "example-prvdr",
 *     attributeMapping: {
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc: {
 *         issuerUri: "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
 *         clientId: "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
 *         webSsoConfig: {
 *             responseType: "CODE",
 *             assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *         },
 *         clientSecret: {
 *             value: {
 *                 plainText: "client-secret",
 *             },
 *         },
 *     },
 *     extraAttributesOauth2Client: {
 *         issuerUri: "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
 *         clientId: "client-id",
 *         clientSecret: {
 *             value: {
 *                 plainText: "client-secret",
 *             },
 *         },
 *         attributesType: "AZURE_AD_GROUPS_MAIL",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * pool = gcp.iam.WorkforcePool("pool",
 *     workforce_pool_id="example-pool",
 *     parent="organizations/123456789",
 *     location="global")
 * example = gcp.iam.WorkforcePoolProvider("example",
 *     workforce_pool_id=pool.workforce_pool_id,
 *     location=pool.location,
 *     provider_id="example-prvdr",
 *     attribute_mapping={
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
 *         issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
 *         client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
 *         web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
 *             response_type="CODE",
 *             assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *         ),
 *         client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
 *             value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
 *                 plain_text="client-secret",
 *             ),
 *         ),
 *     ),
 *     extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
 *         issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
 *         client_id="client-id",
 *         client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
 *             value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
 *                 plain_text="client-secret",
 *             ),
 *         ),
 *         attributes_type="AZURE_AD_GROUPS_MAIL",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var pool = new Gcp.Iam.WorkforcePool("pool", new()
 *     {
 *         WorkforcePoolId = "example-pool",
 *         Parent = "organizations/123456789",
 *         Location = "global",
 *     });
 *     var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
 *     {
 *         WorkforcePoolId = pool.WorkforcePoolId,
 *         Location = pool.Location,
 *         ProviderId = "example-prvdr",
 *         AttributeMapping =
 *         {
 *             { "google.subject", "assertion.sub" },
 *         },
 *         Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
 *         {
 *             IssuerUri = "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
 *             ClientId = "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
 *             WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
 *             {
 *                 ResponseType = "CODE",
 *                 AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *             },
 *             ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
 *             {
 *                 Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
 *                 {
 *                     PlainText = "client-secret",
 *                 },
 *             },
 *         },
 *         ExtraAttributesOauth2Client = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs
 *         {
 *             IssuerUri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
 *             ClientId = "client-id",
 *             ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs
 *             {
 *                 Value = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs
 *                 {
 *                     PlainText = "client-secret",
 *                 },
 *             },
 *             AttributesType = "AZURE_AD_GROUPS_MAIL",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
 * 			WorkforcePoolId: pulumi.String("example-pool"),
 * 			Parent:          pulumi.String("organizations/123456789"),
 * 			Location:        pulumi.String("global"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
 * 			WorkforcePoolId: pool.WorkforcePoolId,
 * 			Location:        pool.Location,
 * 			ProviderId:      pulumi.String("example-prvdr"),
 * 			AttributeMapping: pulumi.StringMap{
 * 				"google.subject": pulumi.String("assertion.sub"),
 * 			},
 * 			Oidc: &iam.WorkforcePoolProviderOidcArgs{
 * 				IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
 * 				ClientId:  pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
 * 				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
 * 					ResponseType:            pulumi.String("CODE"),
 * 					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
 * 				},
 * 				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
 * 					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
 * 						PlainText: pulumi.String("client-secret"),
 * 					},
 * 				},
 * 			},
 * 			ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
 * 				IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
 * 				ClientId:  pulumi.String("client-id"),
 * 				ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
 * 					Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
 * 						PlainText: pulumi.String("client-secret"),
 * 					},
 * 				},
 * 				AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.iam.WorkforcePool;
 * import com.pulumi.gcp.iam.WorkforcePoolArgs;
 * import com.pulumi.gcp.iam.WorkforcePoolProvider;
 * import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
 *             .workforcePoolId("example-pool")
 *             .parent("organizations/123456789")
 *             .location("global")
 *             .build());
 *         var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
 *             .workforcePoolId(pool.workforcePoolId())
 *             .location(pool.location())
 *             .providerId("example-prvdr")
 *             .attributeMapping(Map.of("google.subject", "assertion.sub"))
 *             .oidc(WorkforcePoolProviderOidcArgs.builder()
 *                 .issuerUri("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/")
 *                 .clientId("https://analysis.windows.net/powerbi/connector/GoogleBigQuery")
 *                 .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
 *                     .responseType("CODE")
 *                     .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
 *                     .build())
 *                 .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
 *                     .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
 *                         .plainText("client-secret")
 *                         .build())
 *                     .build())
 *                 .build())
 *             .extraAttributesOauth2Client(WorkforcePoolProviderExtraAttributesOauth2ClientArgs.builder()
 *                 .issuerUri("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0")
 *                 .clientId("client-id")
 *                 .clientSecret(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs.builder()
 *                     .value(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs.builder()
 *                         .plainText("client-secret")
 *                         .build())
 *                     .build())
 *                 .attributesType("AZURE_AD_GROUPS_MAIL")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   pool:
 *     type: gcp:iam:WorkforcePool
 *     properties:
 *       workforcePoolId: example-pool
 *       parent: organizations/123456789
 *       location: global
 *   example:
 *     type: gcp:iam:WorkforcePoolProvider
 *     properties:
 *       workforcePoolId: ${pool.workforcePoolId}
 *       location: ${pool.location}
 *       providerId: example-prvdr
 *       attributeMapping:
 *         google.subject: assertion.sub
 *       oidc:
 *         issuerUri: https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/
 *         clientId: https://analysis.windows.net/powerbi/connector/GoogleBigQuery
 *         webSsoConfig:
 *           responseType: CODE
 *           assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
 *         clientSecret:
 *           value:
 *             plainText: client-secret
 *       extraAttributesOauth2Client:
 *         issuerUri: https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0
 *         clientId: client-id
 *         clientSecret:
 *           value:
 *             plainText: client-secret
 *         attributesType: AZURE_AD_GROUPS_MAIL
 * ```
 * 
 * ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Full
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const pool = new gcp.iam.WorkforcePool("pool", {
 *     workforcePoolId: "example-pool",
 *     parent: "organizations/123456789",
 *     location: "global",
 * });
 * const example = new gcp.iam.WorkforcePoolProvider("example", {
 *     workforcePoolId: pool.workforcePoolId,
 *     location: pool.location,
 *     providerId: "example-prvdr",
 *     attributeMapping: {
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc: {
 *         issuerUri: "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
 *         clientId: "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
 *         clientSecret: {
 *             value: {
 *                 plainText: "client-secret",
 *             },
 *         },
 *         webSsoConfig: {
 *             responseType: "CODE",
 *             assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *         },
 *     },
 *     extraAttributesOauth2Client: {
 *         issuerUri: "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
 *         clientId: "client-id",
 *         clientSecret: {
 *             value: {
 *                 plainText: "client-secret",
 *             },
 *         },
 *         attributesType: "AZURE_AD_GROUPS_MAIL",
 *         queryParameters: {
 *             filter: "mail:gcp",
 *         },
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * pool = gcp.iam.WorkforcePool("pool",
 *     workforce_pool_id="example-pool",
 *     parent="organizations/123456789",
 *     location="global")
 * example = gcp.iam.WorkforcePoolProvider("example",
 *     workforce_pool_id=pool.workforce_pool_id,
 *     location=pool.location,
 *     provider_id="example-prvdr",
 *     attribute_mapping={
 *         "google.subject": "assertion.sub",
 *     },
 *     oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
 *         issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
 *         client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
 *         client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
 *             value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
 *                 plain_text="client-secret",
 *             ),
 *         ),
 *         web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
 *             response_type="CODE",
 *             assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *         ),
 *     ),
 *     extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
 *         issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
 *         client_id="client-id",
 *         client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
 *             value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
 *                 plain_text="client-secret",
 *             ),
 *         ),
 *         attributes_type="AZURE_AD_GROUPS_MAIL",
 *         query_parameters=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs(
 *             filter="mail:gcp",
 *         ),
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var pool = new Gcp.Iam.WorkforcePool("pool", new()
 *     {
 *         WorkforcePoolId = "example-pool",
 *         Parent = "organizations/123456789",
 *         Location = "global",
 *     });
 *     var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
 *     {
 *         WorkforcePoolId = pool.WorkforcePoolId,
 *         Location = pool.Location,
 *         ProviderId = "example-prvdr",
 *         AttributeMapping =
 *         {
 *             { "google.subject", "assertion.sub" },
 *         },
 *         Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
 *         {
 *             IssuerUri = "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
 *             ClientId = "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
 *             ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
 *             {
 *                 Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
 *                 {
 *                     PlainText = "client-secret",
 *                 },
 *             },
 *             WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
 *             {
 *                 ResponseType = "CODE",
 *                 AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
 *             },
 *         },
 *         ExtraAttributesOauth2Client = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs
 *         {
 *             IssuerUri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
 *             ClientId = "client-id",
 *             ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs
 *             {
 *                 Value = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs
 *                 {
 *                     PlainText = "client-secret",
 *                 },
 *             },
 *             AttributesType = "AZURE_AD_GROUPS_MAIL",
 *             QueryParameters = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs
 *             {
 *                 Filter = "mail:gcp",
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
 * 			WorkforcePoolId: pulumi.String("example-pool"),
 * 			Parent:          pulumi.String("organizations/123456789"),
 * 			Location:        pulumi.String("global"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
 * 			WorkforcePoolId: pool.WorkforcePoolId,
 * 			Location:        pool.Location,
 * 			ProviderId:      pulumi.String("example-prvdr"),
 * 			AttributeMapping: pulumi.StringMap{
 * 				"google.subject": pulumi.String("assertion.sub"),
 * 			},
 * 			Oidc: &iam.WorkforcePoolProviderOidcArgs{
 * 				IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
 * 				ClientId:  pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
 * 				ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
 * 					Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
 * 						PlainText: pulumi.String("client-secret"),
 * 					},
 * 				},
 * 				WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
 * 					ResponseType:            pulumi.String("CODE"),
 * 					AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
 * 				},
 * 			},
 * 			ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
 * 				IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
 * 				ClientId:  pulumi.String("client-id"),
 * 				ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
 * 					Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
 * 						PlainText: pulumi.String("client-secret"),
 * 					},
 * 				},
 * 				AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
 * 				QueryParameters: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{
 * 					Filter: pulumi.String("mail:gcp"),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.iam.WorkforcePool;
 * import com.pulumi.gcp.iam.WorkforcePoolArgs;
 * import com.pulumi.gcp.iam.WorkforcePoolProvider;
 * import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs;
 * import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
 *             .workforcePoolId("example-pool")
 *             .parent("organizations/123456789")
 *             .location("global")
 *             .build());
 *         var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
 *             .workforcePoolId(pool.workforcePoolId())
 *             .location(pool.location())
 *             .providerId("example-prvdr")
 *             .attributeMapping(Map.of("google.subject", "assertion.sub"))
 *             .oidc(WorkforcePoolProviderOidcArgs.builder()
 *                 .issuerUri("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/")
 *                 .clientId("https://analysis.windows.net/powerbi/connector/GoogleBigQuery")
 *                 .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
 *                     .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
 *                         .plainText("client-secret")
 *                         .build())
 *                     .build())
 *                 .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
 *                     .responseType("CODE")
 *                     .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
 *                     .build())
 *                 .build())
 *             .extraAttributesOauth2Client(WorkforcePoolProviderExtraAttributesOauth2ClientArgs.builder()
 *                 .issuerUri("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0")
 *                 .clientId("client-id")
 *                 .clientSecret(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs.builder()
 *                     .value(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs.builder()
 *                         .plainText("client-secret")
 *                         .build())
 *                     .build())
 *                 .attributesType("AZURE_AD_GROUPS_MAIL")
 *                 .queryParameters(WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs.builder()
 *                     .filter("mail:gcp")
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   pool:
 *     type: gcp:iam:WorkforcePool
 *     properties:
 *       workforcePoolId: example-pool
 *       parent: organizations/123456789
 *       location: global
 *   example:
 *     type: gcp:iam:WorkforcePoolProvider
 *     properties:
 *       workforcePoolId: ${pool.workforcePoolId}
 *       location: ${pool.location}
 *       providerId: example-prvdr
 *       attributeMapping:
 *         google.subject: assertion.sub
 *       oidc:
 *         issuerUri: https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/
 *         clientId: https://analysis.windows.net/powerbi/connector/GoogleBigQuery
 *         clientSecret:
 *           value:
 *             plainText: client-secret
 *         webSsoConfig:
 *           responseType: CODE
 *           assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
 *       extraAttributesOauth2Client:
 *         issuerUri: https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0
 *         clientId: client-id
 *         clientSecret:
 *           value:
 *             plainText: client-secret
 *         attributesType: AZURE_AD_GROUPS_MAIL
 *         queryParameters:
 *           filter: mail:gcp
 * ```
 * 
 * ## Import
 * WorkforcePoolProvider can be imported using any of these accepted formats:
 * * `locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}`
 * * `{{location}}/{{workforce_pool_id}}/{{provider_id}}`
 * When using the `pulumi import` command, WorkforcePoolProvider can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default {{location}}/{{workforce_pool_id}}/{{provider_id}}
 * ```
 */
public class WorkforcePoolProvider internal constructor(
    override val javaResource: com.pulumi.gcp.iam.WorkforcePoolProvider,
) : KotlinCustomResource(javaResource, WorkforcePoolProviderMapper) {
    /**
     * A [Common Expression Language](https://opensource.google/projects/cel) expression, in
     * plain text, to restrict what otherwise valid authentication credentials issued by the
     * provider should not be accepted.
     * The expression must output a boolean representing whether to allow the federation.
     * The following keywords may be referenced in the expressions:
     */
    public val attributeCondition: Output?
        get() = javaResource.attributeCondition().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * Maps attributes from the authentication credentials issued by an external identity provider
     * to Google Cloud attributes, such as `subject` and `segment`.
     * Each key must be a string specifying the Google Cloud IAM attribute to map to.
     * The following keys are supported:
     * * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
     * This is also the subject that appears in Cloud Logging logs. This is a required field and
     * the mapped subject cannot exceed 127 bytes.
     * * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
     * resources using an IAM `principalSet` binding; access applies to all members of the group.
     * * `google.display_name`: The name of the authenticated user. This is an optional field and
     * the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
     * This attribute cannot be referenced in IAM bindings.
     * * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
     * This is an optional field. When set, the image will be visible as the user's profile picture.
     * If not set, a generic user icon will be displayed instead.
     * This attribute cannot be referenced in IAM bindings.
     * You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
     * is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
     * The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
     * You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
     * to Google Cloud resources. For example:
     * * `google.subject`:
     * `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
     * * `google.groups`:
     * `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
     * * `attribute.{custom_attribute}`:
     * `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
     * Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
     * function that maps an identity provider credential to the normalized attribute specified
     * by the corresponding map key.
     * You can use the `assertion` keyword in the expression to access a JSON representation of
     * the authentication credential issued by the provider.
     * The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
     * the total size of all mapped attributes must not exceed 8KB.
     * For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
     * For example, the following maps the sub claim of the incoming credential to the `subject` attribute
     * on a Google token:
     * ```
     * {"google.subject": "assertion.sub"}
     * ```
     * An object containing a list of `"key": value` pairs.
     * Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
     */
    public val attributeMapping: Output>?
        get() = javaResource.attributeMapping().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 -> args0.key.to(args0.value) }).toMap()
            }).orElse(null)
        })

    /**
     * A user-specified description of the provider. Cannot exceed 256 characters.
     */
    public val description: Output?
        get() = javaResource.description().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
     * However, existing tokens still grant access.
     */
    public val disabled: Output?
        get() = javaResource.disabled().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })

    /**
     * A user-specified display name for the provider. Cannot exceed 32 characters.
     */
    public val displayName: Output?
        get() = javaResource.displayName().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The configuration for OAuth 2.0 client used to get the additional user
     * attributes. This should be used when users can't get the desired claims
     * in authentication credentials. Currently this configuration is only
     * supported with OIDC protocol.
     * Structure is documented below.
     */
    public val extraAttributesOauth2Client: Output?
        get() = javaResource.extraAttributesOauth2Client().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    workforcePoolProviderExtraAttributesOauth2ClientToKotlin(args0)
                })
            }).orElse(null)
        })

    /**
     * The location for the resource.
     */
    public val location: Output
        get() = javaResource.location().applyValue({ args0 -> args0 })

    /**
     * Output only. The resource name of the provider.
     * Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * Represents an OpenId Connect 1.0 identity provider.
     * Structure is documented below.
     */
    public val oidc: Output?
        get() = javaResource.oidc().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    workforcePoolProviderOidcToKotlin(args0)
                })
            }).orElse(null)
        })

    /**
     * The ID for the provider, which becomes the final component of the resource name.
     * This value must be 4-32 characters, and may contain the characters [a-z0-9-].
     * The prefix `gcp-` is reserved for use by Google, and may not be specified.
     * - - -
     */
    public val providerId: Output
        get() = javaResource.providerId().applyValue({ args0 -> args0 })

    /**
     * Represents a SAML identity provider.
     * Structure is documented below.
     */
    public val saml: Output?
        get() = javaResource.saml().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    workforcePoolProviderSamlToKotlin(args0)
                })
            }).orElse(null)
        })

    /**
     * The current state of the provider.
     * * STATE_UNSPECIFIED: State unspecified.
     * * ACTIVE: The provider is active and may be used to validate authentication credentials.
     * * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently
     * deleted after approximately 30 days. You can restore a soft-deleted provider using
     * [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).
     */
    public val state: Output
        get() = javaResource.state().applyValue({ args0 -> args0 })

    /**
     * The ID to use for the pool, which becomes the final component of the resource name.
     * The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.
     * It must start with a letter, and cannot have a trailing hyphen.
     * The prefix `gcp-` is reserved for use by Google, and may not be specified.
     */
    public val workforcePoolId: Output
        get() = javaResource.workforcePoolId().applyValue({ args0 -> args0 })
}

public object WorkforcePoolProviderMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.iam.WorkforcePoolProvider::class == javaResource::class

    override fun map(javaResource: Resource): WorkforcePoolProvider =
        WorkforcePoolProvider(javaResource as com.pulumi.gcp.iam.WorkforcePoolProvider)
}

/**
 * @see [WorkforcePoolProvider].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [WorkforcePoolProvider].
 */
public suspend fun workforcePoolProvider(
    name: String,
    block: suspend WorkforcePoolProviderResourceBuilder.() -> Unit,
): WorkforcePoolProvider {
    val builder = WorkforcePoolProviderResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [WorkforcePoolProvider].
 * @param name The _unique_ name of the resulting resource.
 */
public fun workforcePoolProvider(name: String): WorkforcePoolProvider {
    val builder = WorkforcePoolProviderResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy