com.pulumi.gcp.iam.kotlin.WorkforcePoolProvider.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.iam.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderExtraAttributesOauth2Client
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderOidc
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderSaml
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderExtraAttributesOauth2Client.Companion.toKotlin as workforcePoolProviderExtraAttributesOauth2ClientToKotlin
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderOidc.Companion.toKotlin as workforcePoolProviderOidcToKotlin
import com.pulumi.gcp.iam.kotlin.outputs.WorkforcePoolProviderSaml.Companion.toKotlin as workforcePoolProviderSamlToKotlin
/**
* Builder for [WorkforcePoolProvider].
*/
@PulumiTagMarker
public class WorkforcePoolProviderResourceBuilder internal constructor() {
public var name: String? = null
public var args: WorkforcePoolProviderArgs = WorkforcePoolProviderArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend WorkforcePoolProviderArgsBuilder.() -> Unit) {
val builder = WorkforcePoolProviderArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): WorkforcePoolProvider {
val builtJavaResource = com.pulumi.gcp.iam.WorkforcePoolProvider(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return WorkforcePoolProvider(builtJavaResource)
}
}
/**
* A configuration for an external identity provider.
* To get more information about WorkforcePoolProvider, see:
* * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers)
* * How-to Guides
* * [Configure a provider within the workforce pool](https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#configure_a_provider_within_the_workforce_pool)
* > **Note:** Ask your Google Cloud account team to request access to workforce identity federation for your
* billing/quota project. The account team notifies you when the project is granted access.
* ## Example Usage
* ### Iam Workforce Pool Provider Saml Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.iam.WorkforcePool("pool", {
* workforcePoolId: "example-pool",
* parent: "organizations/123456789",
* location: "global",
* });
* const example = new gcp.iam.WorkforcePoolProvider("example", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: "example-prvdr",
* attributeMapping: {
* "google.subject": "assertion.sub",
* },
* saml: {
* idpMetadataXml: " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.iam.WorkforcePool("pool",
* workforce_pool_id="example-pool",
* parent="organizations/123456789",
* location="global")
* example = gcp.iam.WorkforcePoolProvider("example",
* workforce_pool_id=pool.workforce_pool_id,
* location=pool.location,
* provider_id="example-prvdr",
* attribute_mapping={
* "google.subject": "assertion.sub",
* },
* saml=gcp.iam.WorkforcePoolProviderSamlArgs(
* idp_metadata_xml=" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.Iam.WorkforcePool("pool", new()
* {
* WorkforcePoolId = "example-pool",
* Parent = "organizations/123456789",
* Location = "global",
* });
* var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
* {
* WorkforcePoolId = pool.WorkforcePoolId,
* Location = pool.Location,
* ProviderId = "example-prvdr",
* AttributeMapping =
* {
* { "google.subject", "assertion.sub" },
* },
* Saml = new Gcp.Iam.Inputs.WorkforcePoolProviderSamlArgs
* {
* IdpMetadataXml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
* WorkforcePoolId: pulumi.String("example-pool"),
* Parent: pulumi.String("organizations/123456789"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
* WorkforcePoolId: pool.WorkforcePoolId,
* Location: pool.Location,
* ProviderId: pulumi.String("example-prvdr"),
* AttributeMapping: pulumi.StringMap{
* "google.subject": pulumi.String("assertion.sub"),
* },
* Saml: &iam.WorkforcePoolProviderSamlArgs{
* IdpMetadataXml: pulumi.String(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv "),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iam.WorkforcePool;
* import com.pulumi.gcp.iam.WorkforcePoolArgs;
* import com.pulumi.gcp.iam.WorkforcePoolProvider;
* import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderSamlArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
* .workforcePoolId("example-pool")
* .parent("organizations/123456789")
* .location("global")
* .build());
* var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
* .workforcePoolId(pool.workforcePoolId())
* .location(pool.location())
* .providerId("example-prvdr")
* .attributeMapping(Map.of("google.subject", "assertion.sub"))
* .saml(WorkforcePoolProviderSamlArgs.builder()
* .idpMetadataXml(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pool:
* type: gcp:iam:WorkforcePool
* properties:
* workforcePoolId: example-pool
* parent: organizations/123456789
* location: global
* example:
* type: gcp:iam:WorkforcePoolProvider
* properties:
* workforcePoolId: ${pool.workforcePoolId}
* location: ${pool.location}
* providerId: example-prvdr
* attributeMapping:
* google.subject: assertion.sub
* saml:
* idpMetadataXml: MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv
* ```
*
* ### Iam Workforce Pool Provider Saml Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.iam.WorkforcePool("pool", {
* workforcePoolId: "example-pool",
* parent: "organizations/123456789",
* location: "global",
* });
* const example = new gcp.iam.WorkforcePoolProvider("example", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: "example-prvdr",
* attributeMapping: {
* "google.subject": "assertion.sub",
* },
* saml: {
* idpMetadataXml: " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ",
* },
* displayName: "Display name",
* description: "A sample SAML workforce pool provider.",
* disabled: false,
* attributeCondition: "true",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.iam.WorkforcePool("pool",
* workforce_pool_id="example-pool",
* parent="organizations/123456789",
* location="global")
* example = gcp.iam.WorkforcePoolProvider("example",
* workforce_pool_id=pool.workforce_pool_id,
* location=pool.location,
* provider_id="example-prvdr",
* attribute_mapping={
* "google.subject": "assertion.sub",
* },
* saml=gcp.iam.WorkforcePoolProviderSamlArgs(
* idp_metadata_xml=" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ",
* ),
* display_name="Display name",
* description="A sample SAML workforce pool provider.",
* disabled=False,
* attribute_condition="true")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.Iam.WorkforcePool("pool", new()
* {
* WorkforcePoolId = "example-pool",
* Parent = "organizations/123456789",
* Location = "global",
* });
* var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
* {
* WorkforcePoolId = pool.WorkforcePoolId,
* Location = pool.Location,
* ProviderId = "example-prvdr",
* AttributeMapping =
* {
* { "google.subject", "assertion.sub" },
* },
* Saml = new Gcp.Iam.Inputs.WorkforcePoolProviderSamlArgs
* {
* IdpMetadataXml = " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ",
* },
* DisplayName = "Display name",
* Description = "A sample SAML workforce pool provider.",
* Disabled = false,
* AttributeCondition = "true",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
* WorkforcePoolId: pulumi.String("example-pool"),
* Parent: pulumi.String("organizations/123456789"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
* WorkforcePoolId: pool.WorkforcePoolId,
* Location: pool.Location,
* ProviderId: pulumi.String("example-prvdr"),
* AttributeMapping: pulumi.StringMap{
* "google.subject": pulumi.String("assertion.sub"),
* },
* Saml: &iam.WorkforcePoolProviderSamlArgs{
* IdpMetadataXml: pulumi.String(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv "),
* },
* DisplayName: pulumi.String("Display name"),
* Description: pulumi.String("A sample SAML workforce pool provider."),
* Disabled: pulumi.Bool(false),
* AttributeCondition: pulumi.String("true"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iam.WorkforcePool;
* import com.pulumi.gcp.iam.WorkforcePoolArgs;
* import com.pulumi.gcp.iam.WorkforcePoolProvider;
* import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderSamlArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
* .workforcePoolId("example-pool")
* .parent("organizations/123456789")
* .location("global")
* .build());
* var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
* .workforcePoolId(pool.workforcePoolId())
* .location(pool.location())
* .providerId("example-prvdr")
* .attributeMapping(Map.of("google.subject", "assertion.sub"))
* .saml(WorkforcePoolProviderSamlArgs.builder()
* .idpMetadataXml(" MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv ")
* .build())
* .displayName("Display name")
* .description("A sample SAML workforce pool provider.")
* .disabled(false)
* .attributeCondition("true")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pool:
* type: gcp:iam:WorkforcePool
* properties:
* workforcePoolId: example-pool
* parent: organizations/123456789
* location: global
* example:
* type: gcp:iam:WorkforcePoolProvider
* properties:
* workforcePoolId: ${pool.workforcePoolId}
* location: ${pool.location}
* providerId: example-prvdr
* attributeMapping:
* google.subject: assertion.sub
* saml:
* idpMetadataXml: MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv
* displayName: Display name
* description: A sample SAML workforce pool provider.
* disabled: false
* attributeCondition: 'true'
* ```
*
* ### Iam Workforce Pool Provider Oidc Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.iam.WorkforcePool("pool", {
* workforcePoolId: "example-pool",
* parent: "organizations/123456789",
* location: "global",
* });
* const example = new gcp.iam.WorkforcePoolProvider("example", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: "example-prvdr",
* attributeMapping: {
* "google.subject": "assertion.sub",
* },
* oidc: {
* issuerUri: "https://accounts.thirdparty.com",
* clientId: "client-id",
* clientSecret: {
* value: {
* plainText: "client-secret",
* },
* },
* webSsoConfig: {
* responseType: "CODE",
* assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.iam.WorkforcePool("pool",
* workforce_pool_id="example-pool",
* parent="organizations/123456789",
* location="global")
* example = gcp.iam.WorkforcePoolProvider("example",
* workforce_pool_id=pool.workforce_pool_id,
* location=pool.location,
* provider_id="example-prvdr",
* attribute_mapping={
* "google.subject": "assertion.sub",
* },
* oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
* issuer_uri="https://accounts.thirdparty.com",
* client_id="client-id",
* client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
* value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
* plain_text="client-secret",
* ),
* ),
* web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
* response_type="CODE",
* assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.Iam.WorkforcePool("pool", new()
* {
* WorkforcePoolId = "example-pool",
* Parent = "organizations/123456789",
* Location = "global",
* });
* var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
* {
* WorkforcePoolId = pool.WorkforcePoolId,
* Location = pool.Location,
* ProviderId = "example-prvdr",
* AttributeMapping =
* {
* { "google.subject", "assertion.sub" },
* },
* Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
* {
* IssuerUri = "https://accounts.thirdparty.com",
* ClientId = "client-id",
* ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
* {
* Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
* {
* PlainText = "client-secret",
* },
* },
* WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
* {
* ResponseType = "CODE",
* AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
* WorkforcePoolId: pulumi.String("example-pool"),
* Parent: pulumi.String("organizations/123456789"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
* WorkforcePoolId: pool.WorkforcePoolId,
* Location: pool.Location,
* ProviderId: pulumi.String("example-prvdr"),
* AttributeMapping: pulumi.StringMap{
* "google.subject": pulumi.String("assertion.sub"),
* },
* Oidc: &iam.WorkforcePoolProviderOidcArgs{
* IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
* ClientId: pulumi.String("client-id"),
* ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
* Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
* PlainText: pulumi.String("client-secret"),
* },
* },
* WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
* ResponseType: pulumi.String("CODE"),
* AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iam.WorkforcePool;
* import com.pulumi.gcp.iam.WorkforcePoolArgs;
* import com.pulumi.gcp.iam.WorkforcePoolProvider;
* import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
* .workforcePoolId("example-pool")
* .parent("organizations/123456789")
* .location("global")
* .build());
* var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
* .workforcePoolId(pool.workforcePoolId())
* .location(pool.location())
* .providerId("example-prvdr")
* .attributeMapping(Map.of("google.subject", "assertion.sub"))
* .oidc(WorkforcePoolProviderOidcArgs.builder()
* .issuerUri("https://accounts.thirdparty.com")
* .clientId("client-id")
* .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
* .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
* .plainText("client-secret")
* .build())
* .build())
* .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
* .responseType("CODE")
* .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pool:
* type: gcp:iam:WorkforcePool
* properties:
* workforcePoolId: example-pool
* parent: organizations/123456789
* location: global
* example:
* type: gcp:iam:WorkforcePoolProvider
* properties:
* workforcePoolId: ${pool.workforcePoolId}
* location: ${pool.location}
* providerId: example-prvdr
* attributeMapping:
* google.subject: assertion.sub
* oidc:
* issuerUri: https://accounts.thirdparty.com
* clientId: client-id
* clientSecret:
* value:
* plainText: client-secret
* webSsoConfig:
* responseType: CODE
* assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
* ```
*
* ### Iam Workforce Pool Provider Oidc Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.iam.WorkforcePool("pool", {
* workforcePoolId: "example-pool",
* parent: "organizations/123456789",
* location: "global",
* });
* const example = new gcp.iam.WorkforcePoolProvider("example", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: "example-prvdr",
* attributeMapping: {
* "google.subject": "assertion.sub",
* },
* oidc: {
* issuerUri: "https://accounts.thirdparty.com",
* clientId: "client-id",
* clientSecret: {
* value: {
* plainText: "client-secret",
* },
* },
* webSsoConfig: {
* responseType: "CODE",
* assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* additionalScopes: [
* "groups",
* "roles",
* ],
* },
* },
* displayName: "Display name",
* description: "A sample OIDC workforce pool provider.",
* disabled: false,
* attributeCondition: "true",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.iam.WorkforcePool("pool",
* workforce_pool_id="example-pool",
* parent="organizations/123456789",
* location="global")
* example = gcp.iam.WorkforcePoolProvider("example",
* workforce_pool_id=pool.workforce_pool_id,
* location=pool.location,
* provider_id="example-prvdr",
* attribute_mapping={
* "google.subject": "assertion.sub",
* },
* oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
* issuer_uri="https://accounts.thirdparty.com",
* client_id="client-id",
* client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
* value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
* plain_text="client-secret",
* ),
* ),
* web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
* response_type="CODE",
* assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* additional_scopes=[
* "groups",
* "roles",
* ],
* ),
* ),
* display_name="Display name",
* description="A sample OIDC workforce pool provider.",
* disabled=False,
* attribute_condition="true")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.Iam.WorkforcePool("pool", new()
* {
* WorkforcePoolId = "example-pool",
* Parent = "organizations/123456789",
* Location = "global",
* });
* var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
* {
* WorkforcePoolId = pool.WorkforcePoolId,
* Location = pool.Location,
* ProviderId = "example-prvdr",
* AttributeMapping =
* {
* { "google.subject", "assertion.sub" },
* },
* Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
* {
* IssuerUri = "https://accounts.thirdparty.com",
* ClientId = "client-id",
* ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
* {
* Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
* {
* PlainText = "client-secret",
* },
* },
* WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
* {
* ResponseType = "CODE",
* AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* AdditionalScopes = new[]
* {
* "groups",
* "roles",
* },
* },
* },
* DisplayName = "Display name",
* Description = "A sample OIDC workforce pool provider.",
* Disabled = false,
* AttributeCondition = "true",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
* WorkforcePoolId: pulumi.String("example-pool"),
* Parent: pulumi.String("organizations/123456789"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
* WorkforcePoolId: pool.WorkforcePoolId,
* Location: pool.Location,
* ProviderId: pulumi.String("example-prvdr"),
* AttributeMapping: pulumi.StringMap{
* "google.subject": pulumi.String("assertion.sub"),
* },
* Oidc: &iam.WorkforcePoolProviderOidcArgs{
* IssuerUri: pulumi.String("https://accounts.thirdparty.com"),
* ClientId: pulumi.String("client-id"),
* ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
* Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
* PlainText: pulumi.String("client-secret"),
* },
* },
* WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
* ResponseType: pulumi.String("CODE"),
* AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
* AdditionalScopes: pulumi.StringArray{
* pulumi.String("groups"),
* pulumi.String("roles"),
* },
* },
* },
* DisplayName: pulumi.String("Display name"),
* Description: pulumi.String("A sample OIDC workforce pool provider."),
* Disabled: pulumi.Bool(false),
* AttributeCondition: pulumi.String("true"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iam.WorkforcePool;
* import com.pulumi.gcp.iam.WorkforcePoolArgs;
* import com.pulumi.gcp.iam.WorkforcePoolProvider;
* import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
* .workforcePoolId("example-pool")
* .parent("organizations/123456789")
* .location("global")
* .build());
* var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
* .workforcePoolId(pool.workforcePoolId())
* .location(pool.location())
* .providerId("example-prvdr")
* .attributeMapping(Map.of("google.subject", "assertion.sub"))
* .oidc(WorkforcePoolProviderOidcArgs.builder()
* .issuerUri("https://accounts.thirdparty.com")
* .clientId("client-id")
* .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
* .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
* .plainText("client-secret")
* .build())
* .build())
* .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
* .responseType("CODE")
* .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
* .additionalScopes(
* "groups",
* "roles")
* .build())
* .build())
* .displayName("Display name")
* .description("A sample OIDC workforce pool provider.")
* .disabled(false)
* .attributeCondition("true")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pool:
* type: gcp:iam:WorkforcePool
* properties:
* workforcePoolId: example-pool
* parent: organizations/123456789
* location: global
* example:
* type: gcp:iam:WorkforcePoolProvider
* properties:
* workforcePoolId: ${pool.workforcePoolId}
* location: ${pool.location}
* providerId: example-prvdr
* attributeMapping:
* google.subject: assertion.sub
* oidc:
* issuerUri: https://accounts.thirdparty.com
* clientId: client-id
* clientSecret:
* value:
* plainText: client-secret
* webSsoConfig:
* responseType: CODE
* assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
* additionalScopes:
* - groups
* - roles
* displayName: Display name
* description: A sample OIDC workforce pool provider.
* disabled: false
* attributeCondition: 'true'
* ```
*
* ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.iam.WorkforcePool("pool", {
* workforcePoolId: "example-pool",
* parent: "organizations/123456789",
* location: "global",
* });
* const example = new gcp.iam.WorkforcePoolProvider("example", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: "example-prvdr",
* attributeMapping: {
* "google.subject": "assertion.sub",
* },
* oidc: {
* issuerUri: "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
* clientId: "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
* webSsoConfig: {
* responseType: "CODE",
* assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* },
* clientSecret: {
* value: {
* plainText: "client-secret",
* },
* },
* },
* extraAttributesOauth2Client: {
* issuerUri: "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
* clientId: "client-id",
* clientSecret: {
* value: {
* plainText: "client-secret",
* },
* },
* attributesType: "AZURE_AD_GROUPS_MAIL",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.iam.WorkforcePool("pool",
* workforce_pool_id="example-pool",
* parent="organizations/123456789",
* location="global")
* example = gcp.iam.WorkforcePoolProvider("example",
* workforce_pool_id=pool.workforce_pool_id,
* location=pool.location,
* provider_id="example-prvdr",
* attribute_mapping={
* "google.subject": "assertion.sub",
* },
* oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
* issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
* client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
* web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
* response_type="CODE",
* assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* ),
* client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
* value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
* plain_text="client-secret",
* ),
* ),
* ),
* extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
* issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
* client_id="client-id",
* client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
* value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
* plain_text="client-secret",
* ),
* ),
* attributes_type="AZURE_AD_GROUPS_MAIL",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.Iam.WorkforcePool("pool", new()
* {
* WorkforcePoolId = "example-pool",
* Parent = "organizations/123456789",
* Location = "global",
* });
* var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
* {
* WorkforcePoolId = pool.WorkforcePoolId,
* Location = pool.Location,
* ProviderId = "example-prvdr",
* AttributeMapping =
* {
* { "google.subject", "assertion.sub" },
* },
* Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
* {
* IssuerUri = "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
* ClientId = "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
* WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
* {
* ResponseType = "CODE",
* AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* },
* ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
* {
* Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
* {
* PlainText = "client-secret",
* },
* },
* },
* ExtraAttributesOauth2Client = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs
* {
* IssuerUri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
* ClientId = "client-id",
* ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs
* {
* Value = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs
* {
* PlainText = "client-secret",
* },
* },
* AttributesType = "AZURE_AD_GROUPS_MAIL",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
* WorkforcePoolId: pulumi.String("example-pool"),
* Parent: pulumi.String("organizations/123456789"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
* WorkforcePoolId: pool.WorkforcePoolId,
* Location: pool.Location,
* ProviderId: pulumi.String("example-prvdr"),
* AttributeMapping: pulumi.StringMap{
* "google.subject": pulumi.String("assertion.sub"),
* },
* Oidc: &iam.WorkforcePoolProviderOidcArgs{
* IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
* ClientId: pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
* WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
* ResponseType: pulumi.String("CODE"),
* AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
* },
* ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
* Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
* PlainText: pulumi.String("client-secret"),
* },
* },
* },
* ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
* IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
* ClientId: pulumi.String("client-id"),
* ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
* Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
* PlainText: pulumi.String("client-secret"),
* },
* },
* AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iam.WorkforcePool;
* import com.pulumi.gcp.iam.WorkforcePoolArgs;
* import com.pulumi.gcp.iam.WorkforcePoolProvider;
* import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
* .workforcePoolId("example-pool")
* .parent("organizations/123456789")
* .location("global")
* .build());
* var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
* .workforcePoolId(pool.workforcePoolId())
* .location(pool.location())
* .providerId("example-prvdr")
* .attributeMapping(Map.of("google.subject", "assertion.sub"))
* .oidc(WorkforcePoolProviderOidcArgs.builder()
* .issuerUri("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/")
* .clientId("https://analysis.windows.net/powerbi/connector/GoogleBigQuery")
* .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
* .responseType("CODE")
* .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
* .build())
* .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
* .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
* .plainText("client-secret")
* .build())
* .build())
* .build())
* .extraAttributesOauth2Client(WorkforcePoolProviderExtraAttributesOauth2ClientArgs.builder()
* .issuerUri("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0")
* .clientId("client-id")
* .clientSecret(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs.builder()
* .value(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs.builder()
* .plainText("client-secret")
* .build())
* .build())
* .attributesType("AZURE_AD_GROUPS_MAIL")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pool:
* type: gcp:iam:WorkforcePool
* properties:
* workforcePoolId: example-pool
* parent: organizations/123456789
* location: global
* example:
* type: gcp:iam:WorkforcePoolProvider
* properties:
* workforcePoolId: ${pool.workforcePoolId}
* location: ${pool.location}
* providerId: example-prvdr
* attributeMapping:
* google.subject: assertion.sub
* oidc:
* issuerUri: https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/
* clientId: https://analysis.windows.net/powerbi/connector/GoogleBigQuery
* webSsoConfig:
* responseType: CODE
* assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
* clientSecret:
* value:
* plainText: client-secret
* extraAttributesOauth2Client:
* issuerUri: https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0
* clientId: client-id
* clientSecret:
* value:
* plainText: client-secret
* attributesType: AZURE_AD_GROUPS_MAIL
* ```
*
* ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const pool = new gcp.iam.WorkforcePool("pool", {
* workforcePoolId: "example-pool",
* parent: "organizations/123456789",
* location: "global",
* });
* const example = new gcp.iam.WorkforcePoolProvider("example", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: "example-prvdr",
* attributeMapping: {
* "google.subject": "assertion.sub",
* },
* oidc: {
* issuerUri: "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
* clientId: "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
* clientSecret: {
* value: {
* plainText: "client-secret",
* },
* },
* webSsoConfig: {
* responseType: "CODE",
* assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* },
* },
* extraAttributesOauth2Client: {
* issuerUri: "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
* clientId: "client-id",
* clientSecret: {
* value: {
* plainText: "client-secret",
* },
* },
* attributesType: "AZURE_AD_GROUPS_MAIL",
* queryParameters: {
* filter: "mail:gcp",
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* pool = gcp.iam.WorkforcePool("pool",
* workforce_pool_id="example-pool",
* parent="organizations/123456789",
* location="global")
* example = gcp.iam.WorkforcePoolProvider("example",
* workforce_pool_id=pool.workforce_pool_id,
* location=pool.location,
* provider_id="example-prvdr",
* attribute_mapping={
* "google.subject": "assertion.sub",
* },
* oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
* issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
* client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
* client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
* value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
* plain_text="client-secret",
* ),
* ),
* web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
* response_type="CODE",
* assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* ),
* ),
* extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
* issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
* client_id="client-id",
* client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
* value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
* plain_text="client-secret",
* ),
* ),
* attributes_type="AZURE_AD_GROUPS_MAIL",
* query_parameters=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs(
* filter="mail:gcp",
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var pool = new Gcp.Iam.WorkforcePool("pool", new()
* {
* WorkforcePoolId = "example-pool",
* Parent = "organizations/123456789",
* Location = "global",
* });
* var example = new Gcp.Iam.WorkforcePoolProvider("example", new()
* {
* WorkforcePoolId = pool.WorkforcePoolId,
* Location = pool.Location,
* ProviderId = "example-prvdr",
* AttributeMapping =
* {
* { "google.subject", "assertion.sub" },
* },
* Oidc = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcArgs
* {
* IssuerUri = "https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
* ClientId = "https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
* ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretArgs
* {
* Value = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcClientSecretValueArgs
* {
* PlainText = "client-secret",
* },
* },
* WebSsoConfig = new Gcp.Iam.Inputs.WorkforcePoolProviderOidcWebSsoConfigArgs
* {
* ResponseType = "CODE",
* AssertionClaimsBehavior = "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
* },
* },
* ExtraAttributesOauth2Client = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs
* {
* IssuerUri = "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
* ClientId = "client-id",
* ClientSecret = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs
* {
* Value = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs
* {
* PlainText = "client-secret",
* },
* },
* AttributesType = "AZURE_AD_GROUPS_MAIL",
* QueryParameters = new Gcp.Iam.Inputs.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs
* {
* Filter = "mail:gcp",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
* WorkforcePoolId: pulumi.String("example-pool"),
* Parent: pulumi.String("organizations/123456789"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* _, err = iam.NewWorkforcePoolProvider(ctx, "example", &iam.WorkforcePoolProviderArgs{
* WorkforcePoolId: pool.WorkforcePoolId,
* Location: pool.Location,
* ProviderId: pulumi.String("example-prvdr"),
* AttributeMapping: pulumi.StringMap{
* "google.subject": pulumi.String("assertion.sub"),
* },
* Oidc: &iam.WorkforcePoolProviderOidcArgs{
* IssuerUri: pulumi.String("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/"),
* ClientId: pulumi.String("https://analysis.windows.net/powerbi/connector/GoogleBigQuery"),
* ClientSecret: &iam.WorkforcePoolProviderOidcClientSecretArgs{
* Value: &iam.WorkforcePoolProviderOidcClientSecretValueArgs{
* PlainText: pulumi.String("client-secret"),
* },
* },
* WebSsoConfig: &iam.WorkforcePoolProviderOidcWebSsoConfigArgs{
* ResponseType: pulumi.String("CODE"),
* AssertionClaimsBehavior: pulumi.String("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS"),
* },
* },
* ExtraAttributesOauth2Client: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs{
* IssuerUri: pulumi.String("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0"),
* ClientId: pulumi.String("client-id"),
* ClientSecret: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs{
* Value: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs{
* PlainText: pulumi.String("client-secret"),
* },
* },
* AttributesType: pulumi.String("AZURE_AD_GROUPS_MAIL"),
* QueryParameters: &iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs{
* Filter: pulumi.String("mail:gcp"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.iam.WorkforcePool;
* import com.pulumi.gcp.iam.WorkforcePoolArgs;
* import com.pulumi.gcp.iam.WorkforcePoolProvider;
* import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcClientSecretValueArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderOidcWebSsoConfigArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs;
* import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
* .workforcePoolId("example-pool")
* .parent("organizations/123456789")
* .location("global")
* .build());
* var example = new WorkforcePoolProvider("example", WorkforcePoolProviderArgs.builder()
* .workforcePoolId(pool.workforcePoolId())
* .location(pool.location())
* .providerId("example-prvdr")
* .attributeMapping(Map.of("google.subject", "assertion.sub"))
* .oidc(WorkforcePoolProviderOidcArgs.builder()
* .issuerUri("https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/")
* .clientId("https://analysis.windows.net/powerbi/connector/GoogleBigQuery")
* .clientSecret(WorkforcePoolProviderOidcClientSecretArgs.builder()
* .value(WorkforcePoolProviderOidcClientSecretValueArgs.builder()
* .plainText("client-secret")
* .build())
* .build())
* .webSsoConfig(WorkforcePoolProviderOidcWebSsoConfigArgs.builder()
* .responseType("CODE")
* .assertionClaimsBehavior("MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS")
* .build())
* .build())
* .extraAttributesOauth2Client(WorkforcePoolProviderExtraAttributesOauth2ClientArgs.builder()
* .issuerUri("https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0")
* .clientId("client-id")
* .clientSecret(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs.builder()
* .value(WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs.builder()
* .plainText("client-secret")
* .build())
* .build())
* .attributesType("AZURE_AD_GROUPS_MAIL")
* .queryParameters(WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs.builder()
* .filter("mail:gcp")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* pool:
* type: gcp:iam:WorkforcePool
* properties:
* workforcePoolId: example-pool
* parent: organizations/123456789
* location: global
* example:
* type: gcp:iam:WorkforcePoolProvider
* properties:
* workforcePoolId: ${pool.workforcePoolId}
* location: ${pool.location}
* providerId: example-prvdr
* attributeMapping:
* google.subject: assertion.sub
* oidc:
* issuerUri: https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/
* clientId: https://analysis.windows.net/powerbi/connector/GoogleBigQuery
* clientSecret:
* value:
* plainText: client-secret
* webSsoConfig:
* responseType: CODE
* assertionClaimsBehavior: MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS
* extraAttributesOauth2Client:
* issuerUri: https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0
* clientId: client-id
* clientSecret:
* value:
* plainText: client-secret
* attributesType: AZURE_AD_GROUPS_MAIL
* queryParameters:
* filter: mail:gcp
* ```
*
* ## Import
* WorkforcePoolProvider can be imported using any of these accepted formats:
* * `locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}`
* * `{{location}}/{{workforce_pool_id}}/{{provider_id}}`
* When using the `pulumi import` command, WorkforcePoolProvider can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}
* ```
* ```sh
* $ pulumi import gcp:iam/workforcePoolProvider:WorkforcePoolProvider default {{location}}/{{workforce_pool_id}}/{{provider_id}}
* ```
*/
public class WorkforcePoolProvider internal constructor(
override val javaResource: com.pulumi.gcp.iam.WorkforcePoolProvider,
) : KotlinCustomResource(javaResource, WorkforcePoolProviderMapper) {
/**
* A [Common Expression Language](https://opensource.google/projects/cel) expression, in
* plain text, to restrict what otherwise valid authentication credentials issued by the
* provider should not be accepted.
* The expression must output a boolean representing whether to allow the federation.
* The following keywords may be referenced in the expressions:
*/
public val attributeCondition: Output?
get() = javaResource.attributeCondition().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Maps attributes from the authentication credentials issued by an external identity provider
* to Google Cloud attributes, such as `subject` and `segment`.
* Each key must be a string specifying the Google Cloud IAM attribute to map to.
* The following keys are supported:
* * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings.
* This is also the subject that appears in Cloud Logging logs. This is a required field and
* the mapped subject cannot exceed 127 bytes.
* * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to
* resources using an IAM `principalSet` binding; access applies to all members of the group.
* * `google.display_name`: The name of the authenticated user. This is an optional field and
* the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead.
* This attribute cannot be referenced in IAM bindings.
* * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo.
* This is an optional field. When set, the image will be visible as the user's profile picture.
* If not set, a generic user icon will be displayed instead.
* This attribute cannot be referenced in IAM bindings.
* You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute}
* is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.
* The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].
* You can reference these attributes in IAM policies to define fine-grained access for a workforce pool
* to Google Cloud resources. For example:
* * `google.subject`:
* `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}`
* * `google.groups`:
* `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}`
* * `attribute.{custom_attribute}`:
* `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}`
* Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
* function that maps an identity provider credential to the normalized attribute specified
* by the corresponding map key.
* You can use the `assertion` keyword in the expression to access a JSON representation of
* the authentication credential issued by the provider.
* The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
* the total size of all mapped attributes must not exceed 8KB.
* For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
* For example, the following maps the sub claim of the incoming credential to the `subject` attribute
* on a Google token:
* ```
* {"google.subject": "assertion.sub"}
* ```
* An object containing a list of `"key": value` pairs.
* Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
*/
public val attributeMapping: Output
© 2015 - 2024 Weber Informatics LLC | Privacy Policy