@cdktf/provider-google
Version:
Prebuilt google Provider for Terraform CDK (cdktf)
598 lines (597 loc) • 33.5 kB
TypeScript
/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import { Construct } from 'constructs';
import * as cdktf from 'cdktf';
export interface IamWorkloadIdentityPoolProviderConfig extends cdktf.TerraformMetaArguments {
/**
* [A Common Expression Language](https://opensource.google/projects/cel) expression, in
* plain text, to restrict what otherwise valid authentication credentials issued by the
* provider should not be accepted.
*
* The expression must output a boolean representing whether to allow the federation.
*
* The following keywords may be referenced in the expressions:
* * 'assertion': JSON representing the authentication credential issued by the provider.
* * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.
* * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.
*
* The maximum length of the attribute condition expression is 4096 characters. If
* unspecified, all valid authentication credential are accepted.
*
* The following example shows how to only allow credentials with a mapped 'google.groups'
* value of 'admins':
* ```
* "'admins' in google.groups"
* ```
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#attribute_condition IamWorkloadIdentityPoolProvider#attribute_condition}
*/
readonly attributeCondition?: string;
/**
* Maps attributes from authentication credentials issued by an external identity provider
* to Google Cloud attributes, such as 'subject' and 'segment'.
*
* Each key must be a string specifying the Google Cloud IAM attribute to map to.
*
* The following keys are supported:
* * 'google.subject': The principal IAM is authenticating. You can reference this value
* in IAM bindings. This is also the subject that appears in Cloud Logging logs.
* Cannot exceed 127 characters.
* * 'google.groups': Groups the external identity belongs to. You can grant groups
* access to resources using an IAM 'principalSet' binding; access applies to all
* members of the group.
*
* You can also provide custom attributes by specifying 'attribute.{custom_attribute}',
* where '{custom_attribute}' is the name of the custom attribute to be mapped. You can
* define a maximum of 50 custom attributes. The maximum length of a mapped attribute key
* is 100 characters, and the key may only contain the characters [a-z0-9_].
*
* You can reference these attributes in IAM policies to define fine-grained access for a
* workload to Google Cloud resources. For example:
* * 'google.subject':
* 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'
* * 'google.groups':
* 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'
* * 'attribute.{custom_attribute}':
* 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'
*
* Each value must be a [Common Expression Language](https://opensource.google/projects/cel)
* function that maps an identity provider credential to the normalized attribute specified
* by the corresponding map key.
*
* You can use the 'assertion' keyword in the expression to access a JSON representation of
* the authentication credential issued by the provider.
*
* The maximum length of an attribute mapping expression is 2048 characters. When evaluated,
* the total size of all mapped attributes must not exceed 8KB.
*
* For AWS providers, the following rules apply:
* - If no attribute mapping is defined, the following default mapping applies:
* ```
* {
* "google.subject":"assertion.arn",
* "attribute.aws_role":
* "assertion.arn.contains('assumed-role')"
* " ? assertion.arn.extract('{account_arn}assumed-role/')"
* " + 'assumed-role/'"
* " + assertion.arn.extract('assumed-role/{role_name}/')"
* " : assertion.arn",
* }
* ```
* - If any custom attribute mappings are defined, they must include a mapping to the
* 'google.subject' attribute.
*
* For OIDC providers, the following rules apply:
* - Custom attribute mappings must be defined, and must include a mapping to the
* 'google.subject' attribute. For example, the following maps the 'sub' claim of the
* incoming credential to the 'subject' attribute on a Google token.
* ```
* {"google.subject": "assertion.sub"}
* ```
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#attribute_mapping IamWorkloadIdentityPoolProvider#attribute_mapping}
*/
readonly attributeMapping?: {
[key: string]: string;
};
/**
* A description for the provider. Cannot exceed 256 characters.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#description IamWorkloadIdentityPoolProvider#description}
*/
readonly description?: string;
/**
* Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
* However, existing tokens still grant access.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#disabled IamWorkloadIdentityPoolProvider#disabled}
*/
readonly disabled?: boolean | cdktf.IResolvable;
/**
* A display name for the provider. Cannot exceed 32 characters.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#display_name IamWorkloadIdentityPoolProvider#display_name}
*/
readonly displayName?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#id IamWorkloadIdentityPoolProvider#id}
*
* Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2.
* If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
*/
readonly id?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#project IamWorkloadIdentityPoolProvider#project}
*/
readonly project?: string;
/**
* The ID used for the pool, which is the final component of the pool resource name. This
* value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
* 'gcp-' is reserved for use by Google, and may not be specified.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#workload_identity_pool_id IamWorkloadIdentityPoolProvider#workload_identity_pool_id}
*/
readonly workloadIdentityPoolId: string;
/**
* The ID for the provider, which becomes the final component of the resource name. This
* value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
* 'gcp-' is reserved for use by Google, and may not be specified.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#workload_identity_pool_provider_id IamWorkloadIdentityPoolProvider#workload_identity_pool_provider_id}
*/
readonly workloadIdentityPoolProviderId: string;
/**
* aws block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#aws IamWorkloadIdentityPoolProvider#aws}
*/
readonly aws?: IamWorkloadIdentityPoolProviderAws;
/**
* oidc block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#oidc IamWorkloadIdentityPoolProvider#oidc}
*/
readonly oidc?: IamWorkloadIdentityPoolProviderOidc;
/**
* saml block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#saml IamWorkloadIdentityPoolProvider#saml}
*/
readonly saml?: IamWorkloadIdentityPoolProviderSaml;
/**
* timeouts block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#timeouts IamWorkloadIdentityPoolProvider#timeouts}
*/
readonly timeouts?: IamWorkloadIdentityPoolProviderTimeouts;
/**
* x509 block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#x509 IamWorkloadIdentityPoolProvider#x509}
*/
readonly x509?: IamWorkloadIdentityPoolProviderX509;
}
export interface IamWorkloadIdentityPoolProviderAws {
/**
* The AWS account ID.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#account_id IamWorkloadIdentityPoolProvider#account_id}
*/
readonly accountId: string;
}
export declare function iamWorkloadIdentityPoolProviderAwsToTerraform(struct?: IamWorkloadIdentityPoolProviderAwsOutputReference | IamWorkloadIdentityPoolProviderAws): any;
export declare function iamWorkloadIdentityPoolProviderAwsToHclTerraform(struct?: IamWorkloadIdentityPoolProviderAwsOutputReference | IamWorkloadIdentityPoolProviderAws): any;
export declare class IamWorkloadIdentityPoolProviderAwsOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamWorkloadIdentityPoolProviderAws | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderAws | undefined);
private _accountId?;
get accountId(): string;
set accountId(value: string);
get accountIdInput(): string | undefined;
}
export interface IamWorkloadIdentityPoolProviderOidc {
/**
* Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange
* requests are rejected if the token audience does not match one of the configured
* values. Each audience may be at most 256 characters. A maximum of 10 audiences may
* be configured.
*
* If this list is empty, the OIDC token audience must be equal to the full canonical
* resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
* For example:
* ```
* //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
* https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
* ```
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#allowed_audiences IamWorkloadIdentityPoolProvider#allowed_audiences}
*/
readonly allowedAudiences?: string[];
/**
* The OIDC issuer URL.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#issuer_uri IamWorkloadIdentityPoolProvider#issuer_uri}
*/
readonly issuerUri: string;
/**
* OIDC JWKs in JSON String format. For details on definition of a
* JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
* use the 'jwks_uri' from the discovery document fetched from the
* .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric
* keys are supported. The JWK must use following format and include only
* the following fields:
* ```
* {
* "keys": [
* {
* "kty": "RSA/EC",
* "alg": "<algorithm>",
* "use": "sig",
* "kid": "<key-id>",
* "n": "",
* "e": "",
* "x": "",
* "y": "",
* "crv": ""
* }
* ]
* }
* ```
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#jwks_json IamWorkloadIdentityPoolProvider#jwks_json}
*/
readonly jwksJson?: string;
}
export declare function iamWorkloadIdentityPoolProviderOidcToTerraform(struct?: IamWorkloadIdentityPoolProviderOidcOutputReference | IamWorkloadIdentityPoolProviderOidc): any;
export declare function iamWorkloadIdentityPoolProviderOidcToHclTerraform(struct?: IamWorkloadIdentityPoolProviderOidcOutputReference | IamWorkloadIdentityPoolProviderOidc): any;
export declare class IamWorkloadIdentityPoolProviderOidcOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamWorkloadIdentityPoolProviderOidc | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderOidc | undefined);
private _allowedAudiences?;
get allowedAudiences(): string[];
set allowedAudiences(value: string[]);
resetAllowedAudiences(): void;
get allowedAudiencesInput(): string[] | undefined;
private _issuerUri?;
get issuerUri(): string;
set issuerUri(value: string);
get issuerUriInput(): string | undefined;
private _jwksJson?;
get jwksJson(): string;
set jwksJson(value: string);
resetJwksJson(): void;
get jwksJsonInput(): string | undefined;
}
export interface IamWorkloadIdentityPoolProviderSaml {
/**
* SAML Identity provider configuration metadata xml doc.
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#idp_metadata_xml IamWorkloadIdentityPoolProvider#idp_metadata_xml}
*/
readonly idpMetadataXml: string;
}
export declare function iamWorkloadIdentityPoolProviderSamlToTerraform(struct?: IamWorkloadIdentityPoolProviderSamlOutputReference | IamWorkloadIdentityPoolProviderSaml): any;
export declare function iamWorkloadIdentityPoolProviderSamlToHclTerraform(struct?: IamWorkloadIdentityPoolProviderSamlOutputReference | IamWorkloadIdentityPoolProviderSaml): any;
export declare class IamWorkloadIdentityPoolProviderSamlOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamWorkloadIdentityPoolProviderSaml | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderSaml | undefined);
private _idpMetadataXml?;
get idpMetadataXml(): string;
set idpMetadataXml(value: string);
get idpMetadataXmlInput(): string | undefined;
}
export interface IamWorkloadIdentityPoolProviderTimeouts {
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#create IamWorkloadIdentityPoolProvider#create}
*/
readonly create?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#delete IamWorkloadIdentityPoolProvider#delete}
*/
readonly delete?: string;
/**
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#update IamWorkloadIdentityPoolProvider#update}
*/
readonly update?: string;
}
export declare function iamWorkloadIdentityPoolProviderTimeoutsToTerraform(struct?: IamWorkloadIdentityPoolProviderTimeouts | cdktf.IResolvable): any;
export declare function iamWorkloadIdentityPoolProviderTimeoutsToHclTerraform(struct?: IamWorkloadIdentityPoolProviderTimeouts | cdktf.IResolvable): any;
export declare class IamWorkloadIdentityPoolProviderTimeoutsOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamWorkloadIdentityPoolProviderTimeouts | cdktf.IResolvable | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderTimeouts | cdktf.IResolvable | undefined);
private _create?;
get create(): string;
set create(value: string);
resetCreate(): void;
get createInput(): string | undefined;
private _delete?;
get delete(): string;
set delete(value: string);
resetDelete(): void;
get deleteInput(): string | undefined;
private _update?;
get update(): string;
set update(value: string);
resetUpdate(): void;
get updateInput(): string | undefined;
}
export interface IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas {
/**
* PEM certificate of the PKI used for validation. Must only contain one
* ca certificate(either root or intermediate cert).
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#pem_certificate IamWorkloadIdentityPoolProvider#pem_certificate}
*/
readonly pemCertificate?: string;
}
export declare function iamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasToTerraform(struct?: IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas | cdktf.IResolvable): any;
export declare function iamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasToHclTerraform(struct?: IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas | cdktf.IResolvable): any;
export declare class IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas | cdktf.IResolvable | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas | cdktf.IResolvable | undefined);
private _pemCertificate?;
get pemCertificate(): string;
set pemCertificate(value: string);
resetPemCertificate(): void;
get pemCertificateInput(): string | undefined;
}
export declare class IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasOutputReference;
}
export interface IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors {
/**
* PEM certificate of the PKI used for validation. Must only contain one
* ca certificate(either root or intermediate cert).
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#pem_certificate IamWorkloadIdentityPoolProvider#pem_certificate}
*/
readonly pemCertificate?: string;
}
export declare function iamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsToTerraform(struct?: IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors | cdktf.IResolvable): any;
export declare function iamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsToHclTerraform(struct?: IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors | cdktf.IResolvable): any;
export declare class IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
private resolvableValue?;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param complexObjectIndex the index of this item in the list
* @param complexObjectIsFromSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, complexObjectIndex: number, complexObjectIsFromSet: boolean);
get internalValue(): IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors | cdktf.IResolvable | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors | cdktf.IResolvable | undefined);
private _pemCertificate?;
get pemCertificate(): string;
set pemCertificate(value: string);
resetPemCertificate(): void;
get pemCertificateInput(): string | undefined;
}
export declare class IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsList extends cdktf.ComplexList {
protected terraformResource: cdktf.IInterpolatingParent;
protected terraformAttribute: string;
protected wrapsSet: boolean;
internalValue?: IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors[] | cdktf.IResolvable;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
* @param wrapsSet whether the list is wrapping a set (will add tolist() to be able to access an item via an index)
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string, wrapsSet: boolean);
/**
* @param index the index of the item to return
*/
get(index: number): IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsOutputReference;
}
export interface IamWorkloadIdentityPoolProviderX509TrustStore {
/**
* intermediate_cas block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#intermediate_cas IamWorkloadIdentityPoolProvider#intermediate_cas}
*/
readonly intermediateCas?: IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas[] | cdktf.IResolvable;
/**
* trust_anchors block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#trust_anchors IamWorkloadIdentityPoolProvider#trust_anchors}
*/
readonly trustAnchors: IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors[] | cdktf.IResolvable;
}
export declare function iamWorkloadIdentityPoolProviderX509TrustStoreToTerraform(struct?: IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference | IamWorkloadIdentityPoolProviderX509TrustStore): any;
export declare function iamWorkloadIdentityPoolProviderX509TrustStoreToHclTerraform(struct?: IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference | IamWorkloadIdentityPoolProviderX509TrustStore): any;
export declare class IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamWorkloadIdentityPoolProviderX509TrustStore | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderX509TrustStore | undefined);
private _intermediateCas;
get intermediateCas(): IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasList;
putIntermediateCas(value: IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas[] | cdktf.IResolvable): void;
resetIntermediateCas(): void;
get intermediateCasInput(): cdktf.IResolvable | IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas[] | undefined;
private _trustAnchors;
get trustAnchors(): IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsList;
putTrustAnchors(value: IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors[] | cdktf.IResolvable): void;
get trustAnchorsInput(): cdktf.IResolvable | IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors[] | undefined;
}
export interface IamWorkloadIdentityPoolProviderX509 {
/**
* trust_store block
*
* Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#trust_store IamWorkloadIdentityPoolProvider#trust_store}
*/
readonly trustStore: IamWorkloadIdentityPoolProviderX509TrustStore;
}
export declare function iamWorkloadIdentityPoolProviderX509ToTerraform(struct?: IamWorkloadIdentityPoolProviderX509OutputReference | IamWorkloadIdentityPoolProviderX509): any;
export declare function iamWorkloadIdentityPoolProviderX509ToHclTerraform(struct?: IamWorkloadIdentityPoolProviderX509OutputReference | IamWorkloadIdentityPoolProviderX509): any;
export declare class IamWorkloadIdentityPoolProviderX509OutputReference extends cdktf.ComplexObject {
private isEmptyObject;
/**
* @param terraformResource The parent resource
* @param terraformAttribute The attribute on the parent resource this class is referencing
*/
constructor(terraformResource: cdktf.IInterpolatingParent, terraformAttribute: string);
get internalValue(): IamWorkloadIdentityPoolProviderX509 | undefined;
set internalValue(value: IamWorkloadIdentityPoolProviderX509 | undefined);
private _trustStore;
get trustStore(): IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference;
putTrustStore(value: IamWorkloadIdentityPoolProviderX509TrustStore): void;
get trustStoreInput(): IamWorkloadIdentityPoolProviderX509TrustStore | undefined;
}
/**
* Represents a {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider google_iam_workload_identity_pool_provider}
*/
export declare class IamWorkloadIdentityPoolProvider extends cdktf.TerraformResource {
static readonly tfResourceType = "google_iam_workload_identity_pool_provider";
/**
* Generates CDKTF code for importing a IamWorkloadIdentityPoolProvider resource upon running "cdktf plan <stack-name>"
* @param scope The scope in which to define this construct
* @param importToId The construct id used in the generated config for the IamWorkloadIdentityPoolProvider to import
* @param importFromId The id of the existing IamWorkloadIdentityPoolProvider that should be imported. Refer to the {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider#import import section} in the documentation of this resource for the id to use
* @param provider? Optional instance of the provider where the IamWorkloadIdentityPoolProvider to import is found
*/
static generateConfigForImport(scope: Construct, importToId: string, importFromId: string, provider?: cdktf.TerraformProvider): cdktf.ImportableResource;
/**
* Create a new {@link https://registry.terraform.io/providers/hashicorp/google/6.36.0/docs/resources/iam_workload_identity_pool_provider google_iam_workload_identity_pool_provider} Resource
*
* @param scope The scope in which to define this construct
* @param id The scoped construct ID. Must be unique amongst siblings in the same scope
* @param options IamWorkloadIdentityPoolProviderConfig
*/
constructor(scope: Construct, id: string, config: IamWorkloadIdentityPoolProviderConfig);
private _attributeCondition?;
get attributeCondition(): string;
set attributeCondition(value: string);
resetAttributeCondition(): void;
get attributeConditionInput(): string | undefined;
private _attributeMapping?;
get attributeMapping(): {
[key: string]: string;
};
set attributeMapping(value: {
[key: string]: string;
});
resetAttributeMapping(): void;
get attributeMappingInput(): {
[key: string]: string;
} | undefined;
private _description?;
get description(): string;
set description(value: string);
resetDescription(): void;
get descriptionInput(): string | undefined;
private _disabled?;
get disabled(): boolean | cdktf.IResolvable;
set disabled(value: boolean | cdktf.IResolvable);
resetDisabled(): void;
get disabledInput(): boolean | cdktf.IResolvable | undefined;
private _displayName?;
get displayName(): string;
set displayName(value: string);
resetDisplayName(): void;
get displayNameInput(): string | undefined;
private _id?;
get id(): string;
set id(value: string);
resetId(): void;
get idInput(): string | undefined;
get name(): string;
private _project?;
get project(): string;
set project(value: string);
resetProject(): void;
get projectInput(): string | undefined;
get state(): string;
private _workloadIdentityPoolId?;
get workloadIdentityPoolId(): string;
set workloadIdentityPoolId(value: string);
get workloadIdentityPoolIdInput(): string | undefined;
private _workloadIdentityPoolProviderId?;
get workloadIdentityPoolProviderId(): string;
set workloadIdentityPoolProviderId(value: string);
get workloadIdentityPoolProviderIdInput(): string | undefined;
private _aws;
get aws(): IamWorkloadIdentityPoolProviderAwsOutputReference;
putAws(value: IamWorkloadIdentityPoolProviderAws): void;
resetAws(): void;
get awsInput(): IamWorkloadIdentityPoolProviderAws | undefined;
private _oidc;
get oidc(): IamWorkloadIdentityPoolProviderOidcOutputReference;
putOidc(value: IamWorkloadIdentityPoolProviderOidc): void;
resetOidc(): void;
get oidcInput(): IamWorkloadIdentityPoolProviderOidc | undefined;
private _saml;
get saml(): IamWorkloadIdentityPoolProviderSamlOutputReference;
putSaml(value: IamWorkloadIdentityPoolProviderSaml): void;
resetSaml(): void;
get samlInput(): IamWorkloadIdentityPoolProviderSaml | undefined;
private _timeouts;
get timeouts(): IamWorkloadIdentityPoolProviderTimeoutsOutputReference;
putTimeouts(value: IamWorkloadIdentityPoolProviderTimeouts): void;
resetTimeouts(): void;
get timeoutsInput(): cdktf.IResolvable | IamWorkloadIdentityPoolProviderTimeouts | undefined;
private _x509;
get x509(): IamWorkloadIdentityPoolProviderX509OutputReference;
putX509(value: IamWorkloadIdentityPoolProviderX509): void;
resetX509(): void;
get x509Input(): IamWorkloadIdentityPoolProviderX509 | undefined;
protected synthesizeAttributes(): {
[name: string]: any;
};
protected synthesizeHclAttributes(): {
[name: string]: any;
};
}