UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi/pulumi-gcp

375 lines • 16.5 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.WorkloadIdentityPoolProvider = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * A configuration for an external identity provider. * * To get more information about WorkloadIdentityPoolProvider, see: * * * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers) * * How-to Guides * * [Managing workload identity providers](https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#managing_workload_identity_providers) * * ## Example Usage * * ### Iam Workload Identity Pool Provider Aws Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * aws: { * accountId: "999999999999", * }, * }); * ``` * ### Iam Workload Identity Pool Provider Aws Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * displayName: "Name of provider", * description: "AWS identity pool provider for automated test", * disabled: true, * attributeCondition: "attribute.aws_role==\"arn:aws:sts::999999999999:assumed-role/stack-eu-central-1-lambdaRole\"", * attributeMapping: { * "google.subject": "assertion.arn", * "attribute.aws_account": "assertion.account", * "attribute.environment": "assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"", * }, * aws: { * accountId: "999999999999", * }, * }); * ``` * ### Iam Workload Identity Pool Provider Github Actions * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * displayName: "Name of provider", * description: "GitHub Actions identity pool provider for automated test", * disabled: true, * attributeCondition: ` assertion.repository_owner_id == "123456789" && * attribute.repository == "gh-org/gh-repo" && * assertion.ref == "refs/heads/main" && * assertion.ref_type == "branch" * `, * attributeMapping: { * "google.subject": "assertion.sub", * "attribute.actor": "assertion.actor", * "attribute.aud": "assertion.aud", * "attribute.repository": "assertion.repository", * }, * oidc: { * issuerUri: "https://token.actions.githubusercontent.com", * }, * }); * ``` * ### Iam Workload Identity Pool Provider Oidc Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * attributeMapping: { * "google.subject": "assertion.sub", * }, * oidc: { * issuerUri: "https://sts.windows.net/azure-tenant-id", * }, * }); * ``` * ### Iam Workload Identity Pool Provider Oidc Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * displayName: "Name of provider", * description: "OIDC identity pool provider for automated test", * disabled: true, * attributeCondition: "\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups", * attributeMapping: { * "google.subject": "\"azure::\" + assertion.tid + \"::\" + assertion.sub", * "attribute.tid": "assertion.tid", * "attribute.managed_identity_name": ` { * "8bb39bdb-1cc5-4447-b7db-a19e920eb111":"workload1", * "55d36609-9bcf-48e0-a366-a3cf19027d2a":"workload2" * }[assertion.oid] * `, * }, * oidc: { * allowedAudiences: [ * "https://example.com/gcp-oidc-federation", * "example.com/gcp-oidc-federation", * ], * issuerUri: "https://sts.windows.net/azure-tenant-id", * }, * }); * ``` * ### Iam Workload Identity Pool Provider Saml Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * attributeMapping: { * "google.subject": "assertion.arn", * "attribute.aws_account": "assertion.account", * "attribute.environment": "assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"", * }, * saml: { * idpMetadataXml: std.file({ * input: "test-fixtures/metadata.xml", * }).then(invoke => invoke.result), * }, * }); * ``` * ### Iam Workload Identity Pool Provider Saml Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * displayName: "Name of provider", * description: "SAML 2.0 identity pool provider for automated test", * disabled: true, * attributeMapping: { * "google.subject": "assertion.arn", * "attribute.aws_account": "assertion.account", * "attribute.environment": "assertion.arn.contains(\":instance-profile/Production\") ? \"prod\" : \"test\"", * }, * saml: { * idpMetadataXml: std.file({ * input: "test-fixtures/metadata.xml", * }).then(invoke => invoke.result), * }, * }); * ``` * ### Iam Workload Identity Pool Provider Oidc Upload Key * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * displayName: "Name of provider", * description: "OIDC identity pool provider for automated test", * disabled: true, * attributeCondition: "\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups", * attributeMapping: { * "google.subject": "\"azure::\" + assertion.tid + \"::\" + assertion.sub", * "attribute.tid": "assertion.tid", * "attribute.managed_identity_name": ` { * "8bb39bdb-1cc5-4447-b7db-a19e920eb111":"workload1", * "55d36609-9bcf-48e0-a366-a3cf19027d2a":"workload2" * }[assertion.oid] * `, * }, * oidc: { * allowedAudiences: [ * "https://example.com/gcp-oidc-federation", * "example.com/gcp-oidc-federation", * ], * issuerUri: "https://sts.windows.net/azure-tenant-id", * jwksJson: "{\"keys\":[{\"kty\":\"RSA\",\"alg\":\"RS256\",\"kid\":\"sif0AR-F6MuvksAyAOv-Pds08Bcf2eUMlxE30NofddA\",\"use\":\"sig\",\"e\":\"AQAB\",\"n\":\"ylH1Chl1tpfti3lh51E1g5dPogzXDaQseqjsefGLknaNl5W6Wd4frBhHyE2t41Q5zgz_Ll0-NvWm0FlaG6brhrN9QZu6sJP1bM8WPfJVPgXOanxi7d7TXCkeNubGeiLTf5R3UXtS9Lm_guemU7MxDjDTelxnlgGCihOVTcL526suNJUdfXtpwUsvdU6_ZnAp9IpsuYjCtwPm9hPumlcZGMbxstdh07O4y4O90cVQClJOKSGQjAUCKJWXIQ0cqffGS_HuS_725CPzQ85SzYZzaNpgfhAER7kx_9P16ARM3BJz0PI5fe2hECE61J4GYU_BY43sxDfs7HyJpEXKLU9eWw\"}]}", * }, * }); * ``` * ### Iam Workload Identity Pool Provider X509 Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * attributeMapping: { * "google.subject": "assertion.subject.dn.cn", * }, * x509: { * trustStore: { * trustAnchors: [{ * pemCertificate: std.file({ * input: "test-fixtures/trust_anchor.pem", * }).then(invoke => invoke.result), * }], * }, * }, * }); * ``` * ### Iam Workload Identity Pool Provider X509 Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const pool = new gcp.iam.WorkloadIdentityPool("pool", {workloadIdentityPoolId: "example-pool"}); * const example = new gcp.iam.WorkloadIdentityPoolProvider("example", { * workloadIdentityPoolId: pool.workloadIdentityPoolId, * workloadIdentityPoolProviderId: "example-prvdr", * displayName: "Name of provider", * description: "X.509 identity pool provider for automated test", * disabled: true, * attributeMapping: { * "google.subject": "assertion.subject.dn.cn", * }, * x509: { * trustStore: { * trustAnchors: [{ * pemCertificate: std.file({ * input: "test-fixtures/trust_anchor.pem", * }).then(invoke => invoke.result), * }], * intermediateCas: [{ * pemCertificate: std.file({ * input: "test-fixtures/intermediate_ca.pem", * }).then(invoke => invoke.result), * }], * }, * }, * }); * ``` * * ## Import * * WorkloadIdentityPoolProvider can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}` * * * `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}` * * * `{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}}` * * When using the `pulumi import` command, WorkloadIdentityPoolProvider can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}} * ``` * * ```sh * $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}} * ``` * * ```sh * $ pulumi import gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider default {{workload_identity_pool_id}}/{{workload_identity_pool_provider_id}} * ``` */ class WorkloadIdentityPoolProvider extends pulumi.CustomResource { /** * Get an existing WorkloadIdentityPoolProvider resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new WorkloadIdentityPoolProvider(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of WorkloadIdentityPoolProvider. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === WorkloadIdentityPoolProvider.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["attributeCondition"] = state?.attributeCondition; resourceInputs["attributeMapping"] = state?.attributeMapping; resourceInputs["aws"] = state?.aws; resourceInputs["description"] = state?.description; resourceInputs["disabled"] = state?.disabled; resourceInputs["displayName"] = state?.displayName; resourceInputs["name"] = state?.name; resourceInputs["oidc"] = state?.oidc; resourceInputs["project"] = state?.project; resourceInputs["saml"] = state?.saml; resourceInputs["state"] = state?.state; resourceInputs["workloadIdentityPoolId"] = state?.workloadIdentityPoolId; resourceInputs["workloadIdentityPoolProviderId"] = state?.workloadIdentityPoolProviderId; resourceInputs["x509"] = state?.x509; } else { const args = argsOrState; if (args?.workloadIdentityPoolId === undefined && !opts.urn) { throw new Error("Missing required property 'workloadIdentityPoolId'"); } if (args?.workloadIdentityPoolProviderId === undefined && !opts.urn) { throw new Error("Missing required property 'workloadIdentityPoolProviderId'"); } resourceInputs["attributeCondition"] = args?.attributeCondition; resourceInputs["attributeMapping"] = args?.attributeMapping; resourceInputs["aws"] = args?.aws; resourceInputs["description"] = args?.description; resourceInputs["disabled"] = args?.disabled; resourceInputs["displayName"] = args?.displayName; resourceInputs["oidc"] = args?.oidc; resourceInputs["project"] = args?.project; resourceInputs["saml"] = args?.saml; resourceInputs["workloadIdentityPoolId"] = args?.workloadIdentityPoolId; resourceInputs["workloadIdentityPoolProviderId"] = args?.workloadIdentityPoolProviderId; resourceInputs["x509"] = args?.x509; resourceInputs["name"] = undefined /*out*/; resourceInputs["state"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(WorkloadIdentityPoolProvider.__pulumiType, name, resourceInputs, opts); } } exports.WorkloadIdentityPoolProvider = WorkloadIdentityPoolProvider; /** @internal */ WorkloadIdentityPoolProvider.__pulumiType = 'gcp:iam/workloadIdentityPoolProvider:WorkloadIdentityPoolProvider'; //# sourceMappingURL=workloadIdentityPoolProvider.js.map