@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Represents a namespace for a workload identity pool. Namespaces are used to segment identities * within the pool. * * To get more information about WorkloadIdentityPoolNamespace, see: * * * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.namespaces) * * How-to Guides * * [Configure managed workload identity authentication for Compute Engine](https://cloud.google.com/iam/docs/create-managed-workload-identities) * * [Configure managed workload identity authentication for GKE](https://cloud.google.com/iam/docs/create-managed-workload-identities-gke) * * ## Example Usage * * ### Iam Workload Identity Pool Namespace Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", { * workloadIdentityPoolId: "example-pool", * mode: "TRUST_DOMAIN", * }); * const example = new gcp.iam.WorkloadIdentityPoolNamespace("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolNamespaceId: "example-namespace", * }); * ``` * ### Iam Workload Identity Pool Namespace Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", { * workloadIdentityPoolId: "example-pool", * mode: "TRUST_DOMAIN", * }); * const example = new gcp.iam.WorkloadIdentityPoolNamespace("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolNamespaceId: "example-namespace", * description: "Example Namespace in a Workload Identity Pool", * disabled: true, * }); * ``` * * ## Import * * WorkloadIdentityPoolNamespace can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}` * * * `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}` * * * `{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}` * * When using the `pulumi import` command, WorkloadIdentityPoolNamespace can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/workloadIdentityPoolNamespace:WorkloadIdentityPoolNamespace default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}} * ``` * * ```sh * $ pulumi import gcp:iam/workloadIdentityPoolNamespace:WorkloadIdentityPoolNamespace default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}} * ``` * * ```sh * $ pulumi import gcp:iam/workloadIdentityPoolNamespace:WorkloadIdentityPoolNamespace default {{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}} * ``` */ export declare class WorkloadIdentityPoolNamespace extends pulumi.CustomResource { /** * Get an existing WorkloadIdentityPoolNamespace resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkloadIdentityPoolNamespaceState, opts?: pulumi.CustomResourceOptions): WorkloadIdentityPoolNamespace; /** * Returns true if the given object is an instance of WorkloadIdentityPoolNamespace. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is WorkloadIdentityPoolNamespace; /** * A description of the namespace. Cannot exceed 256 characters. */ readonly description: pulumi.Output<string | undefined>; /** * Whether the namespace is disabled. If disabled, credentials may no longer be issued for * identities within this namespace, however existing credentials will still be accepted until * they expire. */ readonly disabled: pulumi.Output<boolean | undefined>; /** * The resource name of the namespace as * `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/namespaces/{workload_identity_pool_namespace_id}`. */ readonly name: pulumi.Output<string>; /** * Defines the owner that is allowed to mutate this resource. If present, this resource can only * be mutated by the owner. * Structure is documented below. */ readonly ownerServices: pulumi.Output<outputs.iam.WorkloadIdentityPoolNamespaceOwnerService[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * The current state of the namespace. * * `ACTIVE`: The namespace is active. * * `DELETED`: The namespace is soft-deleted. Soft-deleted namespaces are permanently deleted * after approximately 30 days. You can restore a soft-deleted namespace using * UndeleteWorkloadIdentityPoolNamespace. You cannot reuse the ID of a soft-deleted namespace * until it is permanently deleted. */ readonly state: pulumi.Output<string>; /** * The ID to use for the pool, which becomes the final component of the resource name. This * value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix * `gcp-` is reserved for use by Google, and may not be specified. */ readonly workloadIdentityPoolId: pulumi.Output<string>; /** * The ID to use for the namespace. This value must: * * contain at most 63 characters * * contain only lowercase alphanumeric characters or `-` * * start with an alphanumeric character * * end with an alphanumeric character * * The prefix `gcp-` will be reserved for future uses. */ readonly workloadIdentityPoolNamespaceId: pulumi.Output<string>; /** * Create a WorkloadIdentityPoolNamespace resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkloadIdentityPoolNamespaceArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering WorkloadIdentityPoolNamespace resources. */ export interface WorkloadIdentityPoolNamespaceState { /** * A description of the namespace. Cannot exceed 256 characters. */ description?: pulumi.Input<string>; /** * Whether the namespace is disabled. If disabled, credentials may no longer be issued for * identities within this namespace, however existing credentials will still be accepted until * they expire. */ disabled?: pulumi.Input<boolean>; /** * The resource name of the namespace as * `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/namespaces/{workload_identity_pool_namespace_id}`. */ name?: pulumi.Input<string>; /** * Defines the owner that is allowed to mutate this resource. If present, this resource can only * be mutated by the owner. * Structure is documented below. */ ownerServices?: pulumi.Input<pulumi.Input<inputs.iam.WorkloadIdentityPoolNamespaceOwnerService>[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The current state of the namespace. * * `ACTIVE`: The namespace is active. * * `DELETED`: The namespace is soft-deleted. Soft-deleted namespaces are permanently deleted * after approximately 30 days. You can restore a soft-deleted namespace using * UndeleteWorkloadIdentityPoolNamespace. You cannot reuse the ID of a soft-deleted namespace * until it is permanently deleted. */ state?: pulumi.Input<string>; /** * The ID to use for the pool, which becomes the final component of the resource name. This * value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix * `gcp-` is reserved for use by Google, and may not be specified. */ workloadIdentityPoolId?: pulumi.Input<string>; /** * The ID to use for the namespace. This value must: * * contain at most 63 characters * * contain only lowercase alphanumeric characters or `-` * * start with an alphanumeric character * * end with an alphanumeric character * * The prefix `gcp-` will be reserved for future uses. */ workloadIdentityPoolNamespaceId?: pulumi.Input<string>; } /** * The set of arguments for constructing a WorkloadIdentityPoolNamespace resource. */ export interface WorkloadIdentityPoolNamespaceArgs { /** * A description of the namespace. Cannot exceed 256 characters. */ description?: pulumi.Input<string>; /** * Whether the namespace is disabled. If disabled, credentials may no longer be issued for * identities within this namespace, however existing credentials will still be accepted until * they expire. */ disabled?: pulumi.Input<boolean>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The ID to use for the pool, which becomes the final component of the resource name. This * value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix * `gcp-` is reserved for use by Google, and may not be specified. */ workloadIdentityPoolId: pulumi.Input<string>; /** * The ID to use for the namespace. This value must: * * contain at most 63 characters * * contain only lowercase alphanumeric characters or `-` * * start with an alphanumeric character * * end with an alphanumeric character * * The prefix `gcp-` will be reserved for future uses. */ workloadIdentityPoolNamespaceId: pulumi.Input<string>; }