1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. iam
  5. getWorkloadIdentityPoolProvider
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.iam.getWorkloadIdentityPoolProvider

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    Get a IAM workload identity provider from Google Cloud by its id.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const foo = gcp.iam.getWorkloadIdentityPoolProvider({
        workloadIdentityPoolId: "foo-pool",
        workloadIdentityPoolProviderId: "bar-provider",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    foo = gcp.iam.get_workload_identity_pool_provider(workload_identity_pool_id="foo-pool",
        workload_identity_pool_provider_id="bar-provider")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := iam.LookupWorkloadIdentityPoolProvider(ctx, &iam.LookupWorkloadIdentityPoolProviderArgs{
    			WorkloadIdentityPoolId:         "foo-pool",
    			WorkloadIdentityPoolProviderId: "bar-provider",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var foo = Gcp.Iam.GetWorkloadIdentityPoolProvider.Invoke(new()
        {
            WorkloadIdentityPoolId = "foo-pool",
            WorkloadIdentityPoolProviderId = "bar-provider",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.iam.IamFunctions;
    import com.pulumi.gcp.iam.inputs.GetWorkloadIdentityPoolProviderArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var foo = IamFunctions.getWorkloadIdentityPoolProvider(GetWorkloadIdentityPoolProviderArgs.builder()
                .workloadIdentityPoolId("foo-pool")
                .workloadIdentityPoolProviderId("bar-provider")
                .build());
    
        }
    }
    
    variables:
      foo:
        fn::invoke:
          Function: gcp:iam:getWorkloadIdentityPoolProvider
          Arguments:
            workloadIdentityPoolId: foo-pool
            workloadIdentityPoolProviderId: bar-provider
    

    Using getWorkloadIdentityPoolProvider

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getWorkloadIdentityPoolProvider(args: GetWorkloadIdentityPoolProviderArgs, opts?: InvokeOptions): Promise<GetWorkloadIdentityPoolProviderResult>
    function getWorkloadIdentityPoolProviderOutput(args: GetWorkloadIdentityPoolProviderOutputArgs, opts?: InvokeOptions): Output<GetWorkloadIdentityPoolProviderResult>
    def get_workload_identity_pool_provider(project: Optional[str] = None,
                                            workload_identity_pool_id: Optional[str] = None,
                                            workload_identity_pool_provider_id: Optional[str] = None,
                                            opts: Optional[InvokeOptions] = None) -> GetWorkloadIdentityPoolProviderResult
    def get_workload_identity_pool_provider_output(project: Optional[pulumi.Input[str]] = None,
                                            workload_identity_pool_id: Optional[pulumi.Input[str]] = None,
                                            workload_identity_pool_provider_id: Optional[pulumi.Input[str]] = None,
                                            opts: Optional[InvokeOptions] = None) -> Output[GetWorkloadIdentityPoolProviderResult]
    func LookupWorkloadIdentityPoolProvider(ctx *Context, args *LookupWorkloadIdentityPoolProviderArgs, opts ...InvokeOption) (*LookupWorkloadIdentityPoolProviderResult, error)
    func LookupWorkloadIdentityPoolProviderOutput(ctx *Context, args *LookupWorkloadIdentityPoolProviderOutputArgs, opts ...InvokeOption) LookupWorkloadIdentityPoolProviderResultOutput

    > Note: This function is named LookupWorkloadIdentityPoolProvider in the Go SDK.

    public static class GetWorkloadIdentityPoolProvider 
    {
        public static Task<GetWorkloadIdentityPoolProviderResult> InvokeAsync(GetWorkloadIdentityPoolProviderArgs args, InvokeOptions? opts = null)
        public static Output<GetWorkloadIdentityPoolProviderResult> Invoke(GetWorkloadIdentityPoolProviderInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetWorkloadIdentityPoolProviderResult> getWorkloadIdentityPoolProvider(GetWorkloadIdentityPoolProviderArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:iam/getWorkloadIdentityPoolProvider:getWorkloadIdentityPoolProvider
      arguments:
        # arguments dictionary

    The following arguments are supported:

    WorkloadIdentityPoolId string
    The id of the pool which is the final component of the pool resource name.
    WorkloadIdentityPoolProviderId string
    The id of the provider which is the final component of the resource name.


    Project string
    The project in which the resource belongs. If it is not provided, the provider project is used.
    WorkloadIdentityPoolId string
    The id of the pool which is the final component of the pool resource name.
    WorkloadIdentityPoolProviderId string
    The id of the provider which is the final component of the resource name.


    Project string
    The project in which the resource belongs. If it is not provided, the provider project is used.
    workloadIdentityPoolId String
    The id of the pool which is the final component of the pool resource name.
    workloadIdentityPoolProviderId String
    The id of the provider which is the final component of the resource name.


    project String
    The project in which the resource belongs. If it is not provided, the provider project is used.
    workloadIdentityPoolId string
    The id of the pool which is the final component of the pool resource name.
    workloadIdentityPoolProviderId string
    The id of the provider which is the final component of the resource name.


    project string
    The project in which the resource belongs. If it is not provided, the provider project is used.
    workload_identity_pool_id str
    The id of the pool which is the final component of the pool resource name.
    workload_identity_pool_provider_id str
    The id of the provider which is the final component of the resource name.


    project str
    The project in which the resource belongs. If it is not provided, the provider project is used.
    workloadIdentityPoolId String
    The id of the pool which is the final component of the pool resource name.
    workloadIdentityPoolProviderId String
    The id of the provider which is the final component of the resource name.


    project String
    The project in which the resource belongs. If it is not provided, the provider project is used.

    getWorkloadIdentityPoolProvider Result

    The following output properties are available:

    Supporting Types

    GetWorkloadIdentityPoolProviderAw

    AccountId string
    The AWS account ID.
    AccountId string
    The AWS account ID.
    accountId String
    The AWS account ID.
    accountId string
    The AWS account ID.
    account_id str
    The AWS account ID.
    accountId String
    The AWS account ID.

    GetWorkloadIdentityPoolProviderOidc

    AllowedAudiences List<string>

    Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

    If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''

    IssuerUri string
    The OIDC issuer URL.
    JwksJson string
    OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
    AllowedAudiences []string

    Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

    If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''

    IssuerUri string
    The OIDC issuer URL.
    JwksJson string
    OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
    allowedAudiences List<String>

    Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

    If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''

    issuerUri String
    The OIDC issuer URL.
    jwksJson String
    OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
    allowedAudiences string[]

    Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

    If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''

    issuerUri string
    The OIDC issuer URL.
    jwksJson string
    OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
    allowed_audiences Sequence[str]

    Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

    If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''

    issuer_uri str
    The OIDC issuer URL.
    jwks_json str
    OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
    allowedAudiences List<String>

    Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

    If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''

    issuerUri String
    The OIDC issuer URL.
    jwksJson String
    OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''

    GetWorkloadIdentityPoolProviderSaml

    IdpMetadataXml string
    SAML Identity provider configuration metadata xml doc.
    IdpMetadataXml string
    SAML Identity provider configuration metadata xml doc.
    idpMetadataXml String
    SAML Identity provider configuration metadata xml doc.
    idpMetadataXml string
    SAML Identity provider configuration metadata xml doc.
    idp_metadata_xml str
    SAML Identity provider configuration metadata xml doc.
    idpMetadataXml String
    SAML Identity provider configuration metadata xml doc.

    GetWorkloadIdentityPoolProviderX509

    TrustStores List<GetWorkloadIdentityPoolProviderX509TrustStore>
    A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.
    TrustStores []GetWorkloadIdentityPoolProviderX509TrustStore
    A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.
    trustStores List<GetWorkloadIdentityPoolProviderX509TrustStore>
    A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.
    trustStores GetWorkloadIdentityPoolProviderX509TrustStore[]
    A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.
    trust_stores Sequence[GetWorkloadIdentityPoolProviderX509TrustStore]
    A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.
    trustStores List<Property Map>
    A Trust store, use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the x509 guidelines to define those PEM encoded certs. Only 1 trust store is currently supported.

    GetWorkloadIdentityPoolProviderX509TrustStore

    IntermediateCas List<GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa>
    Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
    TrustAnchors List<GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor>
    List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.
    IntermediateCas []GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa
    Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
    TrustAnchors []GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor
    List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.
    intermediateCas List<GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa>
    Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
    trustAnchors List<GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor>
    List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.
    intermediateCas GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa[]
    Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
    trustAnchors GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor[]
    List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.
    intermediate_cas Sequence[GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa]
    Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
    trust_anchors Sequence[GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor]
    List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.
    intermediateCas List<Property Map>
    Set of intermediate CA certificates used for building the trust chain to trust anchor. IMPORTANT: Intermediate CAs are only supported when configuring x509 federation.
    trustAnchors List<Property Map>
    List of Trust Anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be chained up to one of the trust anchors here.

    GetWorkloadIdentityPoolProviderX509TrustStoreIntermediateCa

    PemCertificate string
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    PemCertificate string
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pemCertificate String
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pemCertificate string
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pem_certificate str
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pemCertificate String
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

    GetWorkloadIdentityPoolProviderX509TrustStoreTrustAnchor

    PemCertificate string
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    PemCertificate string
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pemCertificate String
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pemCertificate string
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pem_certificate str
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
    pemCertificate String
    PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi