Docs Home
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi
gcp.iap.Settings
Explore with Pulumi AI
IAP settings - manage IAP settings
To get more information about Settings, see:
- API documentation
- How-to Guides
Example Usage
Iap Settings Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "iap-bs-health-check",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const _default = new gcp.compute.RegionBackendService("default", {
name: "iap-settings-tf",
region: "us-central1",
healthChecks: defaultHealthCheck.id,
connectionDrainingTimeoutSec: 10,
sessionAffinity: "CLIENT_IP",
});
const iapSettings = new gcp.iap.Settings("iap_settings", {
name: pulumi.all([project, _default.name]).apply(([project, name]) => `projects/${project.number}/iap_web/compute-us-central1/services/${name}`),
accessSettings: {
identitySources: ["WORKFORCE_IDENTITY_FEDERATION"],
allowedDomainsSettings: {
domains: ["test.abc.com"],
enable: true,
},
corsSettings: {
allowHttpOptions: true,
},
reauthSettings: {
method: "SECURE_KEY",
maxAge: "305s",
policyType: "MINIMUM",
},
gcipSettings: {
loginPageUri: "https://test.com/?apiKey=abc",
},
oauthSettings: {
loginHint: "test",
},
workforceIdentitySettings: {
workforcePools: "wif-pool",
oauth2: {
clientId: "test-client-id",
clientSecret: "test-client-secret",
},
},
},
applicationSettings: {
cookieDomain: "test.abc.com",
csmSettings: {
rctokenAud: "test-aud-set",
},
accessDeniedPageSettings: {
accessDeniedPageUri: "test-uri",
generateTroubleshootingUri: true,
remediationTokenGenerationEnabled: false,
},
attributePropagationSettings: {
outputCredentials: ["HEADER"],
expression: "attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])",
enable: false,
},
},
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
default_health_check = gcp.compute.HealthCheck("default",
name="iap-bs-health-check",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check={
"port": 80,
})
default = gcp.compute.RegionBackendService("default",
name="iap-settings-tf",
region="us-central1",
health_checks=default_health_check.id,
connection_draining_timeout_sec=10,
session_affinity="CLIENT_IP")
iap_settings = gcp.iap.Settings("iap_settings",
name=default.name.apply(lambda name: f"projects/{project.number}/iap_web/compute-us-central1/services/{name}"),
access_settings={
"identity_sources": ["WORKFORCE_IDENTITY_FEDERATION"],
"allowed_domains_settings": {
"domains": ["test.abc.com"],
"enable": True,
},
"cors_settings": {
"allow_http_options": True,
},
"reauth_settings": {
"method": "SECURE_KEY",
"max_age": "305s",
"policy_type": "MINIMUM",
},
"gcip_settings": {
"login_page_uri": "https://test.com/?apiKey=abc",
},
"oauth_settings": {
"login_hint": "test",
},
"workforce_identity_settings": {
"workforce_pools": "wif-pool",
"oauth2": {
"client_id": "test-client-id",
"client_secret": "test-client-secret",
},
},
},
application_settings={
"cookie_domain": "test.abc.com",
"csm_settings": {
"rctoken_aud": "test-aud-set",
},
"access_denied_page_settings": {
"access_denied_page_uri": "test-uri",
"generate_troubleshooting_uri": True,
"remediation_token_generation_enabled": False,
},
"attribute_propagation_settings": {
"output_credentials": ["HEADER"],
"expression": "attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])",
"enable": False,
},
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("iap-bs-health-check"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
_, err = compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
Name: pulumi.String("iap-settings-tf"),
Region: pulumi.String("us-central1"),
HealthChecks: defaultHealthCheck.ID(),
ConnectionDrainingTimeoutSec: pulumi.Int(10),
SessionAffinity: pulumi.String("CLIENT_IP"),
})
if err != nil {
return err
}
_, err = iap.NewSettings(ctx, "iap_settings", &iap.SettingsArgs{
Name: _default.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("projects/%v/iap_web/compute-us-central1/services/%v", project.Number, name), nil
}).(pulumi.StringOutput),
AccessSettings: &iap.SettingsAccessSettingsArgs{
IdentitySources: pulumi.StringArray{
pulumi.String("WORKFORCE_IDENTITY_FEDERATION"),
},
AllowedDomainsSettings: &iap.SettingsAccessSettingsAllowedDomainsSettingsArgs{
Domains: pulumi.StringArray{
pulumi.String("test.abc.com"),
},
Enable: pulumi.Bool(true),
},
CorsSettings: &iap.SettingsAccessSettingsCorsSettingsArgs{
AllowHttpOptions: pulumi.Bool(true),
},
ReauthSettings: &iap.SettingsAccessSettingsReauthSettingsArgs{
Method: pulumi.String("SECURE_KEY"),
MaxAge: pulumi.String("305s"),
PolicyType: pulumi.String("MINIMUM"),
},
GcipSettings: &iap.SettingsAccessSettingsGcipSettingsArgs{
LoginPageUri: pulumi.String("https://test.com/?apiKey=abc"),
},
OauthSettings: &iap.SettingsAccessSettingsOauthSettingsArgs{
LoginHint: pulumi.String("test"),
},
WorkforceIdentitySettings: &iap.SettingsAccessSettingsWorkforceIdentitySettingsArgs{
WorkforcePools: pulumi.String("wif-pool"),
Oauth2: &iap.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args{
ClientId: pulumi.String("test-client-id"),
ClientSecret: pulumi.String("test-client-secret"),
},
},
},
ApplicationSettings: &iap.SettingsApplicationSettingsArgs{
CookieDomain: pulumi.String("test.abc.com"),
CsmSettings: &iap.SettingsApplicationSettingsCsmSettingsArgs{
RctokenAud: pulumi.String("test-aud-set"),
},
AccessDeniedPageSettings: &iap.SettingsApplicationSettingsAccessDeniedPageSettingsArgs{
AccessDeniedPageUri: pulumi.String("test-uri"),
GenerateTroubleshootingUri: pulumi.Bool(true),
RemediationTokenGenerationEnabled: pulumi.Bool(false),
},
AttributePropagationSettings: &iap.SettingsApplicationSettingsAttributePropagationSettingsArgs{
OutputCredentials: pulumi.StringArray{
pulumi.String("HEADER"),
},
Expression: pulumi.String("attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])"),
Enable: pulumi.Bool(false),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "iap-bs-health-check",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var @default = new Gcp.Compute.RegionBackendService("default", new()
{
Name = "iap-settings-tf",
Region = "us-central1",
HealthChecks = defaultHealthCheck.Id,
ConnectionDrainingTimeoutSec = 10,
SessionAffinity = "CLIENT_IP",
});
var iapSettings = new Gcp.Iap.Settings("iap_settings", new()
{
Name = Output.Tuple(project, @default.Name).Apply(values =>
{
var project = values.Item1;
var name = values.Item2;
return $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/iap_web/compute-us-central1/services/{name}";
}),
AccessSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsArgs
{
IdentitySources = new[]
{
"WORKFORCE_IDENTITY_FEDERATION",
},
AllowedDomainsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsAllowedDomainsSettingsArgs
{
Domains = new[]
{
"test.abc.com",
},
Enable = true,
},
CorsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsCorsSettingsArgs
{
AllowHttpOptions = true,
},
ReauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsReauthSettingsArgs
{
Method = "SECURE_KEY",
MaxAge = "305s",
PolicyType = "MINIMUM",
},
GcipSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsGcipSettingsArgs
{
LoginPageUri = "https://test.com/?apiKey=abc",
},
OauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsOauthSettingsArgs
{
LoginHint = "test",
},
WorkforceIdentitySettings = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsArgs
{
WorkforcePools = "wif-pool",
Oauth2 = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args
{
ClientId = "test-client-id",
ClientSecret = "test-client-secret",
},
},
},
ApplicationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsArgs
{
CookieDomain = "test.abc.com",
CsmSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsCsmSettingsArgs
{
RctokenAud = "test-aud-set",
},
AccessDeniedPageSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAccessDeniedPageSettingsArgs
{
AccessDeniedPageUri = "test-uri",
GenerateTroubleshootingUri = true,
RemediationTokenGenerationEnabled = false,
},
AttributePropagationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAttributePropagationSettingsArgs
{
OutputCredentials = new[]
{
"HEADER",
},
Expression = "attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])",
Enable = false,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.iap.Settings;
import com.pulumi.gcp.iap.SettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsAllowedDomainsSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsCorsSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsReauthSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsGcipSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsOauthSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsWorkforceIdentitySettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args;
import com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsCsmSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsAccessDeniedPageSettingsArgs;
import com.pulumi.gcp.iap.inputs.SettingsApplicationSettingsAttributePropagationSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject();
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("iap-bs-health-check")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var default_ = new RegionBackendService("default", RegionBackendServiceArgs.builder()
.name("iap-settings-tf")
.region("us-central1")
.healthChecks(defaultHealthCheck.id())
.connectionDrainingTimeoutSec(10)
.sessionAffinity("CLIENT_IP")
.build());
var iapSettings = new Settings("iapSettings", SettingsArgs.builder()
.name(default_.name().applyValue(name -> String.format("projects/%s/iap_web/compute-us-central1/services/%s", project.applyValue(getProjectResult -> getProjectResult.number()),name)))
.accessSettings(SettingsAccessSettingsArgs.builder()
.identitySources("WORKFORCE_IDENTITY_FEDERATION")
.allowedDomainsSettings(SettingsAccessSettingsAllowedDomainsSettingsArgs.builder()
.domains("test.abc.com")
.enable(true)
.build())
.corsSettings(SettingsAccessSettingsCorsSettingsArgs.builder()
.allowHttpOptions(true)
.build())
.reauthSettings(SettingsAccessSettingsReauthSettingsArgs.builder()
.method("SECURE_KEY")
.maxAge("305s")
.policyType("MINIMUM")
.build())
.gcipSettings(SettingsAccessSettingsGcipSettingsArgs.builder()
.loginPageUri("https://test.com/?apiKey=abc")
.build())
.oauthSettings(SettingsAccessSettingsOauthSettingsArgs.builder()
.loginHint("test")
.build())
.workforceIdentitySettings(SettingsAccessSettingsWorkforceIdentitySettingsArgs.builder()
.workforcePools("wif-pool")
.oauth2(SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args.builder()
.clientId("test-client-id")
.clientSecret("test-client-secret")
.build())
.build())
.build())
.applicationSettings(SettingsApplicationSettingsArgs.builder()
.cookieDomain("test.abc.com")
.csmSettings(SettingsApplicationSettingsCsmSettingsArgs.builder()
.rctokenAud("test-aud-set")
.build())
.accessDeniedPageSettings(SettingsApplicationSettingsAccessDeniedPageSettingsArgs.builder()
.accessDeniedPageUri("test-uri")
.generateTroubleshootingUri(true)
.remediationTokenGenerationEnabled(false)
.build())
.attributePropagationSettings(SettingsApplicationSettingsAttributePropagationSettingsArgs.builder()
.outputCredentials("HEADER")
.expression("attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])")
.enable(false)
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:RegionBackendService
properties:
name: iap-settings-tf
region: us-central1
healthChecks: ${defaultHealthCheck.id}
connectionDrainingTimeoutSec: 10
sessionAffinity: CLIENT_IP
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: iap-bs-health-check
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
iapSettings:
type: gcp:iap:Settings
name: iap_settings
properties:
name: projects/${project.number}/iap_web/compute-us-central1/services/${default.name}
accessSettings:
identitySources:
- WORKFORCE_IDENTITY_FEDERATION
allowedDomainsSettings:
domains:
- test.abc.com
enable: true
corsSettings:
allowHttpOptions: true
reauthSettings:
method: SECURE_KEY
maxAge: 305s
policyType: MINIMUM
gcipSettings:
loginPageUri: https://test.com/?apiKey=abc
oauthSettings:
loginHint: test
workforceIdentitySettings:
workforcePools: wif-pool
oauth2:
clientId: test-client-id
clientSecret: test-client-secret
applicationSettings:
cookieDomain: test.abc.com
csmSettings:
rctokenAud: test-aud-set
accessDeniedPageSettings:
accessDeniedPageUri: test-uri
generateTroubleshootingUri: true
remediationTokenGenerationEnabled: false
attributePropagationSettings:
outputCredentials:
- HEADER
expression: attributes.saml_attributes.filter(attribute, attribute.name in ["test1", "test2"])
enable: false
variables:
project:
fn::invoke:
Function: gcp:organizations:getProject
Arguments: {}
Create Settings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Settings(name: string, args?: SettingsArgs, opts?: CustomResourceOptions);@overload
def Settings(resource_name: str,
args: Optional[SettingsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Settings(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_settings: Optional[SettingsAccessSettingsArgs] = None,
application_settings: Optional[SettingsApplicationSettingsArgs] = None,
name: Optional[str] = None)func NewSettings(ctx *Context, name string, args *SettingsArgs, opts ...ResourceOption) (*Settings, error)public Settings(string name, SettingsArgs? args = null, CustomResourceOptions? opts = null)
public Settings(String name, SettingsArgs args)
public Settings(String name, SettingsArgs args, CustomResourceOptions options)
type: gcp:iap:Settings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var settingsResource = new Gcp.Iap.Settings("settingsResource", new()
{
AccessSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsArgs
{
AllowedDomainsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsAllowedDomainsSettingsArgs
{
Domains = new[]
{
"string",
},
Enable = false,
},
CorsSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsCorsSettingsArgs
{
AllowHttpOptions = false,
},
GcipSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsGcipSettingsArgs
{
LoginPageUri = "string",
TenantIds = new[]
{
"string",
},
},
IdentitySources = new[]
{
"string",
},
OauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsOauthSettingsArgs
{
LoginHint = "string",
ProgrammaticClients = new[]
{
"string",
},
},
ReauthSettings = new Gcp.Iap.Inputs.SettingsAccessSettingsReauthSettingsArgs
{
MaxAge = "string",
Method = "string",
PolicyType = "string",
},
WorkforceIdentitySettings = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsArgs
{
Oauth2 = new Gcp.Iap.Inputs.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args
{
ClientId = "string",
ClientSecret = "string",
ClientSecretSha256 = "string",
},
WorkforcePools = "string",
},
},
ApplicationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsArgs
{
AccessDeniedPageSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAccessDeniedPageSettingsArgs
{
AccessDeniedPageUri = "string",
GenerateTroubleshootingUri = false,
RemediationTokenGenerationEnabled = false,
},
AttributePropagationSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsAttributePropagationSettingsArgs
{
Enable = false,
Expression = "string",
OutputCredentials = new[]
{
"string",
},
},
CookieDomain = "string",
CsmSettings = new Gcp.Iap.Inputs.SettingsApplicationSettingsCsmSettingsArgs
{
RctokenAud = "string",
},
},
Name = "string",
});
example, err := iap.NewSettings(ctx, "settingsResource", &iap.SettingsArgs{
AccessSettings: &iap.SettingsAccessSettingsArgs{
AllowedDomainsSettings: &iap.SettingsAccessSettingsAllowedDomainsSettingsArgs{
Domains: pulumi.StringArray{
pulumi.String("string"),
},
Enable: pulumi.Bool(false),
},
CorsSettings: &iap.SettingsAccessSettingsCorsSettingsArgs{
AllowHttpOptions: pulumi.Bool(false),
},
GcipSettings: &iap.SettingsAccessSettingsGcipSettingsArgs{
LoginPageUri: pulumi.String("string"),
TenantIds: pulumi.StringArray{
pulumi.String("string"),
},
},
IdentitySources: pulumi.StringArray{
pulumi.String("string"),
},
OauthSettings: &iap.SettingsAccessSettingsOauthSettingsArgs{
LoginHint: pulumi.String("string"),
ProgrammaticClients: pulumi.StringArray{
pulumi.String("string"),
},
},
ReauthSettings: &iap.SettingsAccessSettingsReauthSettingsArgs{
MaxAge: pulumi.String("string"),
Method: pulumi.String("string"),
PolicyType: pulumi.String("string"),
},
WorkforceIdentitySettings: &iap.SettingsAccessSettingsWorkforceIdentitySettingsArgs{
Oauth2: &iap.SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args{
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ClientSecretSha256: pulumi.String("string"),
},
WorkforcePools: pulumi.String("string"),
},
},
ApplicationSettings: &iap.SettingsApplicationSettingsArgs{
AccessDeniedPageSettings: &iap.SettingsApplicationSettingsAccessDeniedPageSettingsArgs{
AccessDeniedPageUri: pulumi.String("string"),
GenerateTroubleshootingUri: pulumi.Bool(false),
RemediationTokenGenerationEnabled: pulumi.Bool(false),
},
AttributePropagationSettings: &iap.SettingsApplicationSettingsAttributePropagationSettingsArgs{
Enable: pulumi.Bool(false),
Expression: pulumi.String("string"),
OutputCredentials: pulumi.StringArray{
pulumi.String("string"),
},
},
CookieDomain: pulumi.String("string"),
CsmSettings: &iap.SettingsApplicationSettingsCsmSettingsArgs{
RctokenAud: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
})
var settingsResource = new Settings("settingsResource", SettingsArgs.builder()
.accessSettings(SettingsAccessSettingsArgs.builder()
.allowedDomainsSettings(SettingsAccessSettingsAllowedDomainsSettingsArgs.builder()
.domains("string")
.enable(false)
.build())
.corsSettings(SettingsAccessSettingsCorsSettingsArgs.builder()
.allowHttpOptions(false)
.build())
.gcipSettings(SettingsAccessSettingsGcipSettingsArgs.builder()
.loginPageUri("string")
.tenantIds("string")
.build())
.identitySources("string")
.oauthSettings(SettingsAccessSettingsOauthSettingsArgs.builder()
.loginHint("string")
.programmaticClients("string")
.build())
.reauthSettings(SettingsAccessSettingsReauthSettingsArgs.builder()
.maxAge("string")
.method("string")
.policyType("string")
.build())
.workforceIdentitySettings(SettingsAccessSettingsWorkforceIdentitySettingsArgs.builder()
.oauth2(SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args.builder()
.clientId("string")
.clientSecret("string")
.clientSecretSha256("string")
.build())
.workforcePools("string")
.build())
.build())
.applicationSettings(SettingsApplicationSettingsArgs.builder()
.accessDeniedPageSettings(SettingsApplicationSettingsAccessDeniedPageSettingsArgs.builder()
.accessDeniedPageUri("string")
.generateTroubleshootingUri(false)
.remediationTokenGenerationEnabled(false)
.build())
.attributePropagationSettings(SettingsApplicationSettingsAttributePropagationSettingsArgs.builder()
.enable(false)
.expression("string")
.outputCredentials("string")
.build())
.cookieDomain("string")
.csmSettings(SettingsApplicationSettingsCsmSettingsArgs.builder()
.rctokenAud("string")
.build())
.build())
.name("string")
.build());
settings_resource = gcp.iap.Settings("settingsResource",
access_settings={
"allowed_domains_settings": {
"domains": ["string"],
"enable": False,
},
"cors_settings": {
"allow_http_options": False,
},
"gcip_settings": {
"login_page_uri": "string",
"tenant_ids": ["string"],
},
"identity_sources": ["string"],
"oauth_settings": {
"login_hint": "string",
"programmatic_clients": ["string"],
},
"reauth_settings": {
"max_age": "string",
"method": "string",
"policy_type": "string",
},
"workforce_identity_settings": {
"oauth2": {
"client_id": "string",
"client_secret": "string",
"client_secret_sha256": "string",
},
"workforce_pools": "string",
},
},
application_settings={
"access_denied_page_settings": {
"access_denied_page_uri": "string",
"generate_troubleshooting_uri": False,
"remediation_token_generation_enabled": False,
},
"attribute_propagation_settings": {
"enable": False,
"expression": "string",
"output_credentials": ["string"],
},
"cookie_domain": "string",
"csm_settings": {
"rctoken_aud": "string",
},
},
name="string")
const settingsResource = new gcp.iap.Settings("settingsResource", {
accessSettings: {
allowedDomainsSettings: {
domains: ["string"],
enable: false,
},
corsSettings: {
allowHttpOptions: false,
},
gcipSettings: {
loginPageUri: "string",
tenantIds: ["string"],
},
identitySources: ["string"],
oauthSettings: {
loginHint: "string",
programmaticClients: ["string"],
},
reauthSettings: {
maxAge: "string",
method: "string",
policyType: "string",
},
workforceIdentitySettings: {
oauth2: {
clientId: "string",
clientSecret: "string",
clientSecretSha256: "string",
},
workforcePools: "string",
},
},
applicationSettings: {
accessDeniedPageSettings: {
accessDeniedPageUri: "string",
generateTroubleshootingUri: false,
remediationTokenGenerationEnabled: false,
},
attributePropagationSettings: {
enable: false,
expression: "string",
outputCredentials: ["string"],
},
cookieDomain: "string",
csmSettings: {
rctokenAud: "string",
},
},
name: "string",
});
type: gcp:iap:Settings
properties:
accessSettings:
allowedDomainsSettings:
domains:
- string
enable: false
corsSettings:
allowHttpOptions: false
gcipSettings:
loginPageUri: string
tenantIds:
- string
identitySources:
- string
oauthSettings:
loginHint: string
programmaticClients:
- string
reauthSettings:
maxAge: string
method: string
policyType: string
workforceIdentitySettings:
oauth2:
clientId: string
clientSecret: string
clientSecretSha256: string
workforcePools: string
applicationSettings:
accessDeniedPageSettings:
accessDeniedPageUri: string
generateTroubleshootingUri: false
remediationTokenGenerationEnabled: false
attributePropagationSettings:
enable: false
expression: string
outputCredentials:
- string
cookieDomain: string
csmSettings:
rctokenAud: string
name: string
Settings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Settings resource accepts the following input properties:
- Access
Settings SettingsAccess Settings - Top level wrapper for all access related setting in IAP. Structure is documented below.
- Application
Settings SettingsApplication Settings - Top level wrapper for all application related settings in IAP. Structure is documented below.
- Name string
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- Access
Settings SettingsAccess Settings Args - Top level wrapper for all access related setting in IAP. Structure is documented below.
- Application
Settings SettingsApplication Settings Args - Top level wrapper for all application related settings in IAP. Structure is documented below.
- Name string
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access
Settings SettingsAccess Settings - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application
Settings SettingsApplication Settings - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name String
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access
Settings SettingsAccess Settings - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application
Settings SettingsApplication Settings - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name string
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access_
settings SettingsAccess Settings Args - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application_
settings SettingsApplication Settings Args - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name str
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access
Settings Property Map - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application
Settings Property Map - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name String
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
Outputs
All input properties are implicitly available as output properties. Additionally, the Settings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Settings Resource
Get an existing Settings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SettingsState, opts?: CustomResourceOptions): Settings@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_settings: Optional[SettingsAccessSettingsArgs] = None,
application_settings: Optional[SettingsApplicationSettingsArgs] = None,
name: Optional[str] = None) -> Settingsfunc GetSettings(ctx *Context, name string, id IDInput, state *SettingsState, opts ...ResourceOption) (*Settings, error)public static Settings Get(string name, Input<string> id, SettingsState? state, CustomResourceOptions? opts = null)public static Settings get(String name, Output<String> id, SettingsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Settings SettingsAccess Settings - Top level wrapper for all access related setting in IAP. Structure is documented below.
- Application
Settings SettingsApplication Settings - Top level wrapper for all application related settings in IAP. Structure is documented below.
- Name string
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- Access
Settings SettingsAccess Settings Args - Top level wrapper for all access related setting in IAP. Structure is documented below.
- Application
Settings SettingsApplication Settings Args - Top level wrapper for all application related settings in IAP. Structure is documented below.
- Name string
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access
Settings SettingsAccess Settings - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application
Settings SettingsApplication Settings - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name String
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access
Settings SettingsAccess Settings - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application
Settings SettingsApplication Settings - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name string
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access_
settings SettingsAccess Settings Args - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application_
settings SettingsApplication Settings Args - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name str
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
- access
Settings Property Map - Top level wrapper for all access related setting in IAP. Structure is documented below.
- application
Settings Property Map - Top level wrapper for all application related settings in IAP. Structure is documented below.
- name String
- The resource name of the IAP protected resource. Name can have below resources:
- organizations/{organization_id}
- folders/{folder_id}
- projects/{projects_id}
- projects/{projects_id}/iap_web
- projects/{projects_id}/iap_web/compute
- projects/{projects_id}/iap_web/compute-{region}
- projects/{projects_id}/iap_web/compute/service/{service_id}
- projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
- projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
Supporting Types
SettingsAccessSettings, SettingsAccessSettingsArgs
- Allowed
Domains SettingsSettings Access Settings Allowed Domains Settings - Settings to configure and enable allowed domains. Structure is documented below.
- Cors
Settings SettingsAccess Settings Cors Settings - Configuration to allow cross-origin requests via IAP. Structure is documented below.
- Gcip
Settings SettingsAccess Settings Gcip Settings - GCIP claims and endpoint configurations for 3p identity providers. Structure is documented below.
- Identity
Sources List<string> - Identity sources that IAP can use to authenticate the end user. Only one identity source
can be configured. The possible values are:
WORKFORCE_IDENTITY_FEDERATION: Use external identities set up on Google Cloud Workforce Identity Federation. Each value may be one of:WORKFORCE_IDENTITY_FEDERATION.
- Oauth
Settings SettingsAccess Settings Oauth Settings - Settings to configure IAP's OAuth behavior. Structure is documented below.
- Reauth
Settings SettingsAccess Settings Reauth Settings - Settings to configure reauthentication policies in IAP. Structure is documented below.
- Workforce
Identity SettingsSettings Access Settings Workforce Identity Settings - Settings to configure the workforce identity federation, including workforce pools and OAuth 2.0 settings. Structure is documented below.
- Allowed
Domains SettingsSettings Access Settings Allowed Domains Settings - Settings to configure and enable allowed domains. Structure is documented below.
- Cors
Settings SettingsAccess Settings Cors Settings - Configuration to allow cross-origin requests via IAP. Structure is documented below.
- Gcip
Settings SettingsAccess Settings Gcip Settings - GCIP claims and endpoint configurations for 3p identity providers. Structure is documented below.
- Identity
Sources []string - Identity sources that IAP can use to authenticate the end user. Only one identity source
can be configured. The possible values are:
WORKFORCE_IDENTITY_FEDERATION: Use external identities set up on Google Cloud Workforce Identity Federation. Each value may be one of:WORKFORCE_IDENTITY_FEDERATION.
- Oauth
Settings SettingsAccess Settings Oauth Settings - Settings to configure IAP's OAuth behavior. Structure is documented below.
- Reauth
Settings SettingsAccess Settings Reauth Settings - Settings to configure reauthentication policies in IAP. Structure is documented below.
- Workforce
Identity SettingsSettings Access Settings Workforce Identity Settings - Settings to configure the workforce identity federation, including workforce pools and OAuth 2.0 settings. Structure is documented below.
- allowed
Domains SettingsSettings Access Settings Allowed Domains Settings - Settings to configure and enable allowed domains. Structure is documented below.
- cors
Settings SettingsAccess Settings Cors Settings - Configuration to allow cross-origin requests via IAP. Structure is documented below.
- gcip
Settings SettingsAccess Settings Gcip Settings - GCIP claims and endpoint configurations for 3p identity providers. Structure is documented below.
- identity
Sources List<String> - Identity sources that IAP can use to authenticate the end user. Only one identity source
can be configured. The possible values are:
WORKFORCE_IDENTITY_FEDERATION: Use external identities set up on Google Cloud Workforce Identity Federation. Each value may be one of:WORKFORCE_IDENTITY_FEDERATION.
- oauth
Settings SettingsAccess Settings Oauth Settings - Settings to configure IAP's OAuth behavior. Structure is documented below.
- reauth
Settings SettingsAccess Settings Reauth Settings - Settings to configure reauthentication policies in IAP. Structure is documented below.
- workforce
Identity SettingsSettings Access Settings Workforce Identity Settings - Settings to configure the workforce identity federation, including workforce pools and OAuth 2.0 settings. Structure is documented below.
- allowed
Domains SettingsSettings Access Settings Allowed Domains Settings - Settings to configure and enable allowed domains. Structure is documented below.
- cors
Settings SettingsAccess Settings Cors Settings - Configuration to allow cross-origin requests via IAP. Structure is documented below.
- gcip
Settings SettingsAccess Settings Gcip Settings - GCIP claims and endpoint configurations for 3p identity providers. Structure is documented below.
- identity
Sources string[] - Identity sources that IAP can use to authenticate the end user. Only one identity source
can be configured. The possible values are:
WORKFORCE_IDENTITY_FEDERATION: Use external identities set up on Google Cloud Workforce Identity Federation. Each value may be one of:WORKFORCE_IDENTITY_FEDERATION.
- oauth
Settings SettingsAccess Settings Oauth Settings - Settings to configure IAP's OAuth behavior. Structure is documented below.
- reauth
Settings SettingsAccess Settings Reauth Settings - Settings to configure reauthentication policies in IAP. Structure is documented below.
- workforce
Identity SettingsSettings Access Settings Workforce Identity Settings - Settings to configure the workforce identity federation, including workforce pools and OAuth 2.0 settings. Structure is documented below.
- allowed_
domains_ Settingssettings Access Settings Allowed Domains Settings - Settings to configure and enable allowed domains. Structure is documented below.
- cors_
settings SettingsAccess Settings Cors Settings - Configuration to allow cross-origin requests via IAP. Structure is documented below.
- gcip_
settings SettingsAccess Settings Gcip Settings - GCIP claims and endpoint configurations for 3p identity providers. Structure is documented below.
- identity_
sources Sequence[str] - Identity sources that IAP can use to authenticate the end user. Only one identity source
can be configured. The possible values are:
WORKFORCE_IDENTITY_FEDERATION: Use external identities set up on Google Cloud Workforce Identity Federation. Each value may be one of:WORKFORCE_IDENTITY_FEDERATION.
- oauth_
settings SettingsAccess Settings Oauth Settings - Settings to configure IAP's OAuth behavior. Structure is documented below.
- reauth_
settings SettingsAccess Settings Reauth Settings - Settings to configure reauthentication policies in IAP. Structure is documented below.
- workforce_
identity_ Settingssettings Access Settings Workforce Identity Settings - Settings to configure the workforce identity federation, including workforce pools and OAuth 2.0 settings. Structure is documented below.
- allowed
Domains Property MapSettings - Settings to configure and enable allowed domains. Structure is documented below.
- cors
Settings Property Map - Configuration to allow cross-origin requests via IAP. Structure is documented below.
- gcip
Settings Property Map - GCIP claims and endpoint configurations for 3p identity providers. Structure is documented below.
- identity
Sources List<String> - Identity sources that IAP can use to authenticate the end user. Only one identity source
can be configured. The possible values are:
WORKFORCE_IDENTITY_FEDERATION: Use external identities set up on Google Cloud Workforce Identity Federation. Each value may be one of:WORKFORCE_IDENTITY_FEDERATION.
- oauth
Settings Property Map - Settings to configure IAP's OAuth behavior. Structure is documented below.
- reauth
Settings Property Map - Settings to configure reauthentication policies in IAP. Structure is documented below.
- workforce
Identity Property MapSettings - Settings to configure the workforce identity federation, including workforce pools and OAuth 2.0 settings. Structure is documented below.
SettingsAccessSettingsAllowedDomainsSettings, SettingsAccessSettingsAllowedDomainsSettingsArgs
SettingsAccessSettingsCorsSettings, SettingsAccessSettingsCorsSettingsArgs
- Allow
Http boolOptions - Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.
- Allow
Http boolOptions - Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.
- allow
Http BooleanOptions - Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.
- allow
Http booleanOptions - Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.
- allow_
http_ booloptions - Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.
- allow
Http BooleanOptions - Configuration to allow HTTP OPTIONS calls to skip authorization. If undefined, IAP will not apply any special logic to OPTIONS requests.
SettingsAccessSettingsGcipSettings, SettingsAccessSettingsGcipSettingsArgs
- Login
Page stringUri - Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.
- Tenant
Ids List<string> - GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.
- Login
Page stringUri - Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.
- Tenant
Ids []string - GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.
- login
Page StringUri - Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.
- tenant
Ids List<String> - GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.
- login
Page stringUri - Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.
- tenant
Ids string[] - GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.
- login_
page_ struri - Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.
- tenant_
ids Sequence[str] - GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.
- login
Page StringUri - Login page URI associated with the GCIP tenants. Typically, all resources within the same project share the same login page, though it could be overridden at the sub resource level.
- tenant
Ids List<String> - GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string beginning with a number character to indicate authenticating with GCIP tenant flow, or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow is used, tenantIds should only contain one single element, while for tenant flow, tenantIds can contain multiple elements.
SettingsAccessSettingsOauthSettings, SettingsAccessSettingsOauthSettingsArgs
- Login
Hint string - Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param) Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.
- Programmatic
Clients List<string> - List of client ids allowed to use IAP programmatically.
- Login
Hint string - Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param) Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.
- Programmatic
Clients []string - List of client ids allowed to use IAP programmatically.
- login
Hint String - Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param) Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.
- programmatic
Clients List<String> - List of client ids allowed to use IAP programmatically.
- login
Hint string - Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param) Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.
- programmatic
Clients string[] - List of client ids allowed to use IAP programmatically.
- login_
hint str - Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param) Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.
- programmatic_
clients Sequence[str] - List of client ids allowed to use IAP programmatically.
- login
Hint String - Domain hint to send as hd=? parameter in OAuth request flow. Enables redirect to primary IDP by skipping Google's login screen. (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param) Note: IAP does not verify that the id token's hd claim matches this value since access behavior is managed by IAM policies.
- programmatic
Clients List<String> - List of client ids allowed to use IAP programmatically.
SettingsAccessSettingsReauthSettings, SettingsAccessSettingsReauthSettingsArgs
- Max
Age string - Reauth session lifetime, how long before a user has to reauthenticate again. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- Method string
- Reauth method requested. The possible values are:
LOGIN: Prompts the user to log in again.SECURE_KEY: User must use their secure key 2nd factor device.ENROLLED_SECOND_FACTORS: User can use any enabled 2nd factor. Possible values are:LOGIN,SECURE_KEY,ENROLLED_SECOND_FACTORS.
- Policy
Type string - How IAP determines the effective policy in cases of hierarchical policies.
Policies are merged from higher in the hierarchy to lower in the hierarchy.
The possible values are:
MINIMUM: This policy acts as a minimum to other policies, lower in the hierarchy. Effective policy may only be the same or stricter.DEFAULT: This policy acts as a default if no other reauth policy is set. Possible values are:MINIMUM,DEFAULT.
- Max
Age string - Reauth session lifetime, how long before a user has to reauthenticate again. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- Method string
- Reauth method requested. The possible values are:
LOGIN: Prompts the user to log in again.SECURE_KEY: User must use their secure key 2nd factor device.ENROLLED_SECOND_FACTORS: User can use any enabled 2nd factor. Possible values are:LOGIN,SECURE_KEY,ENROLLED_SECOND_FACTORS.
- Policy
Type string - How IAP determines the effective policy in cases of hierarchical policies.
Policies are merged from higher in the hierarchy to lower in the hierarchy.
The possible values are:
MINIMUM: This policy acts as a minimum to other policies, lower in the hierarchy. Effective policy may only be the same or stricter.DEFAULT: This policy acts as a default if no other reauth policy is set. Possible values are:MINIMUM,DEFAULT.
- max
Age String - Reauth session lifetime, how long before a user has to reauthenticate again. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- method String
- Reauth method requested. The possible values are:
LOGIN: Prompts the user to log in again.SECURE_KEY: User must use their secure key 2nd factor device.ENROLLED_SECOND_FACTORS: User can use any enabled 2nd factor. Possible values are:LOGIN,SECURE_KEY,ENROLLED_SECOND_FACTORS.
- policy
Type String - How IAP determines the effective policy in cases of hierarchical policies.
Policies are merged from higher in the hierarchy to lower in the hierarchy.
The possible values are:
MINIMUM: This policy acts as a minimum to other policies, lower in the hierarchy. Effective policy may only be the same or stricter.DEFAULT: This policy acts as a default if no other reauth policy is set. Possible values are:MINIMUM,DEFAULT.
- max
Age string - Reauth session lifetime, how long before a user has to reauthenticate again. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- method string
- Reauth method requested. The possible values are:
LOGIN: Prompts the user to log in again.SECURE_KEY: User must use their secure key 2nd factor device.ENROLLED_SECOND_FACTORS: User can use any enabled 2nd factor. Possible values are:LOGIN,SECURE_KEY,ENROLLED_SECOND_FACTORS.
- policy
Type string - How IAP determines the effective policy in cases of hierarchical policies.
Policies are merged from higher in the hierarchy to lower in the hierarchy.
The possible values are:
MINIMUM: This policy acts as a minimum to other policies, lower in the hierarchy. Effective policy may only be the same or stricter.DEFAULT: This policy acts as a default if no other reauth policy is set. Possible values are:MINIMUM,DEFAULT.
- max_
age str - Reauth session lifetime, how long before a user has to reauthenticate again. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- method str
- Reauth method requested. The possible values are:
LOGIN: Prompts the user to log in again.SECURE_KEY: User must use their secure key 2nd factor device.ENROLLED_SECOND_FACTORS: User can use any enabled 2nd factor. Possible values are:LOGIN,SECURE_KEY,ENROLLED_SECOND_FACTORS.
- policy_
type str - How IAP determines the effective policy in cases of hierarchical policies.
Policies are merged from higher in the hierarchy to lower in the hierarchy.
The possible values are:
MINIMUM: This policy acts as a minimum to other policies, lower in the hierarchy. Effective policy may only be the same or stricter.DEFAULT: This policy acts as a default if no other reauth policy is set. Possible values are:MINIMUM,DEFAULT.
- max
Age String - Reauth session lifetime, how long before a user has to reauthenticate again. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
- method String
- Reauth method requested. The possible values are:
LOGIN: Prompts the user to log in again.SECURE_KEY: User must use their secure key 2nd factor device.ENROLLED_SECOND_FACTORS: User can use any enabled 2nd factor. Possible values are:LOGIN,SECURE_KEY,ENROLLED_SECOND_FACTORS.
- policy
Type String - How IAP determines the effective policy in cases of hierarchical policies.
Policies are merged from higher in the hierarchy to lower in the hierarchy.
The possible values are:
MINIMUM: This policy acts as a minimum to other policies, lower in the hierarchy. Effective policy may only be the same or stricter.DEFAULT: This policy acts as a default if no other reauth policy is set. Possible values are:MINIMUM,DEFAULT.
SettingsAccessSettingsWorkforceIdentitySettings, SettingsAccessSettingsWorkforceIdentitySettingsArgs
- Oauth2
Settings
Access Settings Workforce Identity Settings Oauth2 OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity federation services. Structure is documented below.
The
oauth2block supports:- Workforce
Pools string - The workforce pool resources. Only one workforce pool is accepted.
- Oauth2
Settings
Access Settings Workforce Identity Settings Oauth2 OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity federation services. Structure is documented below.
The
oauth2block supports:- Workforce
Pools string - The workforce pool resources. Only one workforce pool is accepted.
- oauth2
Settings
Access Settings Workforce Identity Settings Oauth2 OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity federation services. Structure is documented below.
The
oauth2block supports:- workforce
Pools String - The workforce pool resources. Only one workforce pool is accepted.
- oauth2
Settings
Access Settings Workforce Identity Settings Oauth2 OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity federation services. Structure is documented below.
The
oauth2block supports:- workforce
Pools string - The workforce pool resources. Only one workforce pool is accepted.
- oauth2
Settings
Access Settings Workforce Identity Settings Oauth2 OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity federation services. Structure is documented below.
The
oauth2block supports:- workforce_
pools str - The workforce pool resources. Only one workforce pool is accepted.
- oauth2 Property Map
OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity federation services. Structure is documented below.
The
oauth2block supports:- workforce
Pools String - The workforce pool resources. Only one workforce pool is accepted.
SettingsAccessSettingsWorkforceIdentitySettingsOauth2, SettingsAccessSettingsWorkforceIdentitySettingsOauth2Args
- Client
Id string - The OAuth 2.0 client ID registered in the workforce identity federation OAuth 2.0 Server.
- Client
Secret string - Input only. The OAuth 2.0 client secret created while registering the client ID.
- Client
Secret stringSha256 - Output only. SHA256 hash value for the client secret. This field is returned by IAP when the settings are retrieved.
- Client
Id string - The OAuth 2.0 client ID registered in the workforce identity federation OAuth 2.0 Server.
- Client
Secret string - Input only. The OAuth 2.0 client secret created while registering the client ID.
- Client
Secret stringSha256 - Output only. SHA256 hash value for the client secret. This field is returned by IAP when the settings are retrieved.
- client
Id String - The OAuth 2.0 client ID registered in the workforce identity federation OAuth 2.0 Server.
- client
Secret String - Input only. The OAuth 2.0 client secret created while registering the client ID.
- client
Secret StringSha256 - Output only. SHA256 hash value for the client secret. This field is returned by IAP when the settings are retrieved.
- client
Id string - The OAuth 2.0 client ID registered in the workforce identity federation OAuth 2.0 Server.
- client
Secret string - Input only. The OAuth 2.0 client secret created while registering the client ID.
- client
Secret stringSha256 - Output only. SHA256 hash value for the client secret. This field is returned by IAP when the settings are retrieved.
- client_
id str - The OAuth 2.0 client ID registered in the workforce identity federation OAuth 2.0 Server.
- client_
secret str - Input only. The OAuth 2.0 client secret created while registering the client ID.
- client_
secret_ strsha256 - Output only. SHA256 hash value for the client secret. This field is returned by IAP when the settings are retrieved.
- client
Id String - The OAuth 2.0 client ID registered in the workforce identity federation OAuth 2.0 Server.
- client
Secret String - Input only. The OAuth 2.0 client secret created while registering the client ID.
- client
Secret StringSha256 - Output only. SHA256 hash value for the client secret. This field is returned by IAP when the settings are retrieved.
SettingsApplicationSettings, SettingsApplicationSettingsArgs
- Access
Denied SettingsPage Settings Application Settings Access Denied Page Settings - Customization for Access Denied page. IAP allows customers to define a custom URI to use as the error page when access is denied to users. If IAP prevents access to this page, the default IAP error page will be displayed instead. Structure is documented below.
- Attribute
Propagation SettingsSettings Application Settings Attribute Propagation Settings - Settings to configure attribute propagation. Structure is documented below.
- string
- The Domain value to set for cookies generated by IAP. This value is not validated by the API, but will be ignored at runtime if invalid.
- Csm
Settings SettingsApplication Settings Csm Settings - Settings to configure IAP's behavior for a service mesh. Structure is documented below.
- Access
Denied SettingsPage Settings Application Settings Access Denied Page Settings - Customization for Access Denied page. IAP allows customers to define a custom URI to use as the error page when access is denied to users. If IAP prevents access to this page, the default IAP error page will be displayed instead. Structure is documented below.
- Attribute
Propagation SettingsSettings Application Settings Attribute Propagation Settings - Settings to configure attribute propagation. Structure is documented below.
- string
- The Domain value to set for cookies generated by IAP. This value is not validated by the API, but will be ignored at runtime if invalid.
- Csm
Settings SettingsApplication Settings Csm Settings - Settings to configure IAP's behavior for a service mesh. Structure is documented below.
- access
Denied SettingsPage Settings Application Settings Access Denied Page Settings - Customization for Access Denied page. IAP allows customers to define a custom URI to use as the error page when access is denied to users. If IAP prevents access to this page, the default IAP error page will be displayed instead. Structure is documented below.
- attribute
Propagation SettingsSettings Application Settings Attribute Propagation Settings - Settings to configure attribute propagation. Structure is documented below.
- String
- The Domain value to set for cookies generated by IAP. This value is not validated by the API, but will be ignored at runtime if invalid.
- csm
Settings SettingsApplication Settings Csm Settings - Settings to configure IAP's behavior for a service mesh. Structure is documented below.
- access
Denied SettingsPage Settings Application Settings Access Denied Page Settings - Customization for Access Denied page. IAP allows customers to define a custom URI to use as the error page when access is denied to users. If IAP prevents access to this page, the default IAP error page will be displayed instead. Structure is documented below.
- attribute
Propagation SettingsSettings Application Settings Attribute Propagation Settings - Settings to configure attribute propagation. Structure is documented below.
- string
- The Domain value to set for cookies generated by IAP. This value is not validated by the API, but will be ignored at runtime if invalid.
- csm
Settings SettingsApplication Settings Csm Settings - Settings to configure IAP's behavior for a service mesh. Structure is documented below.
- access_
denied_ Settingspage_ settings Application Settings Access Denied Page Settings - Customization for Access Denied page. IAP allows customers to define a custom URI to use as the error page when access is denied to users. If IAP prevents access to this page, the default IAP error page will be displayed instead. Structure is documented below.
- attribute_
propagation_ Settingssettings Application Settings Attribute Propagation Settings - Settings to configure attribute propagation. Structure is documented below.
- str
- The Domain value to set for cookies generated by IAP. This value is not validated by the API, but will be ignored at runtime if invalid.
- csm_
settings SettingsApplication Settings Csm Settings - Settings to configure IAP's behavior for a service mesh. Structure is documented below.
- access
Denied Property MapPage Settings - Customization for Access Denied page. IAP allows customers to define a custom URI to use as the error page when access is denied to users. If IAP prevents access to this page, the default IAP error page will be displayed instead. Structure is documented below.
- attribute
Propagation Property MapSettings - Settings to configure attribute propagation. Structure is documented below.
- String
- The Domain value to set for cookies generated by IAP. This value is not validated by the API, but will be ignored at runtime if invalid.
- csm
Settings Property Map - Settings to configure IAP's behavior for a service mesh. Structure is documented below.
SettingsApplicationSettingsAccessDeniedPageSettings, SettingsApplicationSettingsAccessDeniedPageSettingsArgs
- Access
Denied stringPage Uri - The URI to be redirected to when access is denied.
- Generate
Troubleshooting boolUri - Whether to generate a troubleshooting URL on access denied events to this application.
- Remediation
Token boolGeneration Enabled - Whether to generate remediation token on access denied events to this application.
- Access
Denied stringPage Uri - The URI to be redirected to when access is denied.
- Generate
Troubleshooting boolUri - Whether to generate a troubleshooting URL on access denied events to this application.
- Remediation
Token boolGeneration Enabled - Whether to generate remediation token on access denied events to this application.
- access
Denied StringPage Uri - The URI to be redirected to when access is denied.
- generate
Troubleshooting BooleanUri - Whether to generate a troubleshooting URL on access denied events to this application.
- remediation
Token BooleanGeneration Enabled - Whether to generate remediation token on access denied events to this application.
- access
Denied stringPage Uri - The URI to be redirected to when access is denied.
- generate
Troubleshooting booleanUri - Whether to generate a troubleshooting URL on access denied events to this application.
- remediation
Token booleanGeneration Enabled - Whether to generate remediation token on access denied events to this application.
- access_
denied_ strpage_ uri - The URI to be redirected to when access is denied.
- generate_
troubleshooting_ booluri - Whether to generate a troubleshooting URL on access denied events to this application.
- remediation_
token_ boolgeneration_ enabled - Whether to generate remediation token on access denied events to this application.
- access
Denied StringPage Uri - The URI to be redirected to when access is denied.
- generate
Troubleshooting BooleanUri - Whether to generate a troubleshooting URL on access denied events to this application.
- remediation
Token BooleanGeneration Enabled - Whether to generate remediation token on access denied events to this application.
SettingsApplicationSettingsAttributePropagationSettings, SettingsApplicationSettingsAttributePropagationSettingsArgs
- Enable bool
- Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.
- Expression string
- Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes.
- Output
Credentials List<string> - Which output credentials attributes selected by the CEL expression should be propagated in.
All attributes will be fully duplicated in each selected output credential.
Possible values are:
HEADER: Propagate attributes in the headers with "x-goog-iap-attr-" prefix.JWT: Propagate attributes in the JWT of the form: "additional_claims": { "my_attribute": ["value1", "value2"] }RCTOKEN: Propagate attributes in the RCToken of the form: " additional_claims": { "my_attribute": ["value1", "value2"] } Each value may be one of:HEADER,JWT,RCTOKEN.
- Enable bool
- Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.
- Expression string
- Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes.
- Output
Credentials []string - Which output credentials attributes selected by the CEL expression should be propagated in.
All attributes will be fully duplicated in each selected output credential.
Possible values are:
HEADER: Propagate attributes in the headers with "x-goog-iap-attr-" prefix.JWT: Propagate attributes in the JWT of the form: "additional_claims": { "my_attribute": ["value1", "value2"] }RCTOKEN: Propagate attributes in the RCToken of the form: " additional_claims": { "my_attribute": ["value1", "value2"] } Each value may be one of:HEADER,JWT,RCTOKEN.
- enable Boolean
- Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.
- expression String
- Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes.
- output
Credentials List<String> - Which output credentials attributes selected by the CEL expression should be propagated in.
All attributes will be fully duplicated in each selected output credential.
Possible values are:
HEADER: Propagate attributes in the headers with "x-goog-iap-attr-" prefix.JWT: Propagate attributes in the JWT of the form: "additional_claims": { "my_attribute": ["value1", "value2"] }RCTOKEN: Propagate attributes in the RCToken of the form: " additional_claims": { "my_attribute": ["value1", "value2"] } Each value may be one of:HEADER,JWT,RCTOKEN.
- enable boolean
- Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.
- expression string
- Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes.
- output
Credentials string[] - Which output credentials attributes selected by the CEL expression should be propagated in.
All attributes will be fully duplicated in each selected output credential.
Possible values are:
HEADER: Propagate attributes in the headers with "x-goog-iap-attr-" prefix.JWT: Propagate attributes in the JWT of the form: "additional_claims": { "my_attribute": ["value1", "value2"] }RCTOKEN: Propagate attributes in the RCToken of the form: " additional_claims": { "my_attribute": ["value1", "value2"] } Each value may be one of:HEADER,JWT,RCTOKEN.
- enable bool
- Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.
- expression str
- Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes.
- output_
credentials Sequence[str] - Which output credentials attributes selected by the CEL expression should be propagated in.
All attributes will be fully duplicated in each selected output credential.
Possible values are:
HEADER: Propagate attributes in the headers with "x-goog-iap-attr-" prefix.JWT: Propagate attributes in the JWT of the form: "additional_claims": { "my_attribute": ["value1", "value2"] }RCTOKEN: Propagate attributes in the RCToken of the form: " additional_claims": { "my_attribute": ["value1", "value2"] } Each value may be one of:HEADER,JWT,RCTOKEN.
- enable Boolean
- Whether the provided attribute propagation settings should be evaluated on user requests. If set to true, attributes returned from the expression will be propagated in the set output credentials.
- expression String
- Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can be selected. Expressions can select different attribute types from attributes: attributes.saml_attributes, attributes.iap_attributes.
- output
Credentials List<String> - Which output credentials attributes selected by the CEL expression should be propagated in.
All attributes will be fully duplicated in each selected output credential.
Possible values are:
HEADER: Propagate attributes in the headers with "x-goog-iap-attr-" prefix.JWT: Propagate attributes in the JWT of the form: "additional_claims": { "my_attribute": ["value1", "value2"] }RCTOKEN: Propagate attributes in the RCToken of the form: " additional_claims": { "my_attribute": ["value1", "value2"] } Each value may be one of:HEADER,JWT,RCTOKEN.
SettingsApplicationSettingsCsmSettings, SettingsApplicationSettingsCsmSettingsArgs
- Rctoken
Aud string - Audience claim set in the generated RCToken. This value is not validated by IAP.
- Rctoken
Aud string - Audience claim set in the generated RCToken. This value is not validated by IAP.
- rctoken
Aud String - Audience claim set in the generated RCToken. This value is not validated by IAP.
- rctoken
Aud string - Audience claim set in the generated RCToken. This value is not validated by IAP.
- rctoken_
aud str - Audience claim set in the generated RCToken. This value is not validated by IAP.
- rctoken
Aud String - Audience claim set in the generated RCToken. This value is not validated by IAP.
Import
Settings can be imported using any of these accepted formats:
{{name}}/iapSettings{{name}}
When using the pulumi import command, Settings can be imported using one of the formats above. For example:
$ pulumi import gcp:iap/settings:Settings default {{name}}/iapSettings
$ pulumi import gcp:iap/settings:Settings default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.