Docs
Packagesgcp.iam.getWorkloadIdentityPoolProvider
Explore with Pulumi AI
Get a IAM workload identity provider from Google Cloud by its id.
Example Usage
data "google_iam_workload_identity_pool_provider" "foo" {
workload_identity_pool_id = "foo-pool"
workload_identity_pool_provider_id = "bar-provider"
}
Using getWorkloadIdentityPoolProvider
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getWorkloadIdentityPoolProvider(args: GetWorkloadIdentityPoolProviderArgs, opts?: InvokeOptions): Promise<GetWorkloadIdentityPoolProviderResult>
function getWorkloadIdentityPoolProviderOutput(args: GetWorkloadIdentityPoolProviderOutputArgs, opts?: InvokeOptions): Output<GetWorkloadIdentityPoolProviderResult>def get_workload_identity_pool_provider(project: Optional[str] = None,
workload_identity_pool_id: Optional[str] = None,
workload_identity_pool_provider_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetWorkloadIdentityPoolProviderResult
def get_workload_identity_pool_provider_output(project: Optional[pulumi.Input[str]] = None,
workload_identity_pool_id: Optional[pulumi.Input[str]] = None,
workload_identity_pool_provider_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetWorkloadIdentityPoolProviderResult]func LookupWorkloadIdentityPoolProvider(ctx *Context, args *LookupWorkloadIdentityPoolProviderArgs, opts ...InvokeOption) (*LookupWorkloadIdentityPoolProviderResult, error)
func LookupWorkloadIdentityPoolProviderOutput(ctx *Context, args *LookupWorkloadIdentityPoolProviderOutputArgs, opts ...InvokeOption) LookupWorkloadIdentityPoolProviderResultOutput> Note: This function is named LookupWorkloadIdentityPoolProvider in the Go SDK.
public static class GetWorkloadIdentityPoolProvider
{
public static Task<GetWorkloadIdentityPoolProviderResult> InvokeAsync(GetWorkloadIdentityPoolProviderArgs args, InvokeOptions? opts = null)
public static Output<GetWorkloadIdentityPoolProviderResult> Invoke(GetWorkloadIdentityPoolProviderInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetWorkloadIdentityPoolProviderResult> getWorkloadIdentityPoolProvider(GetWorkloadIdentityPoolProviderArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:iam/getWorkloadIdentityPoolProvider:getWorkloadIdentityPoolProvider
arguments:
# arguments dictionaryThe following arguments are supported:
- Workload
Identity stringPool Id - The id of the pool which is the final component of the pool resource name.
- Workload
Identity stringPool Provider Id - The id of the provider which is the
final component of the resource name.
- Project string
- The project in which the resource belongs. If it is not provided, the provider project is used.
- Workload
Identity stringPool Id - The id of the pool which is the final component of the pool resource name.
- Workload
Identity stringPool Provider Id - The id of the provider which is the
final component of the resource name.
- Project string
- The project in which the resource belongs. If it is not provided, the provider project is used.
- workload
Identity StringPool Id - The id of the pool which is the final component of the pool resource name.
- workload
Identity StringPool Provider Id - The id of the provider which is the
final component of the resource name.
- project String
- The project in which the resource belongs. If it is not provided, the provider project is used.
- workload
Identity stringPool Id - The id of the pool which is the final component of the pool resource name.
- workload
Identity stringPool Provider Id - The id of the provider which is the
final component of the resource name.
- project string
- The project in which the resource belongs. If it is not provided, the provider project is used.
- workload_
identity_ strpool_ id - The id of the pool which is the final component of the pool resource name.
- workload_
identity_ strpool_ provider_ id - The id of the provider which is the
final component of the resource name.
- project str
- The project in which the resource belongs. If it is not provided, the provider project is used.
- workload
Identity StringPool Id - The id of the pool which is the final component of the pool resource name.
- workload
Identity StringPool Provider Id - The id of the provider which is the
final component of the resource name.
- project String
- The project in which the resource belongs. If it is not provided, the provider project is used.
getWorkloadIdentityPoolProvider Result
The following output properties are available:
- Attribute
Condition string - Attribute
Mapping Dictionary<string, string> - Aws
List<Get
Workload Identity Pool Provider Aw> - Description string
- Disabled bool
- Display
Name string - Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Oidcs
List<Get
Workload Identity Pool Provider Oidc> - Samls
List<Get
Workload Identity Pool Provider Saml> - State string
- Workload
Identity stringPool Id - Workload
Identity stringPool Provider Id - Project string
- Attribute
Condition string - Attribute
Mapping map[string]string - Aws
[]Get
Workload Identity Pool Provider Aw - Description string
- Disabled bool
- Display
Name string - Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Oidcs
[]Get
Workload Identity Pool Provider Oidc - Samls
[]Get
Workload Identity Pool Provider Saml - State string
- Workload
Identity stringPool Id - Workload
Identity stringPool Provider Id - Project string
- attribute
Condition String - attribute
Mapping Map<String,String> - aws
List<Get
Workload Identity Pool Provider Aw> - description String
- disabled Boolean
- display
Name String - id String
- The provider-assigned unique ID for this managed resource.
- name String
- oidcs
List<Get
Workload Identity Pool Provider Oidc> - samls
List<Get
Workload Identity Pool Provider Saml> - state String
- workload
Identity StringPool Id - workload
Identity StringPool Provider Id - project String
- attribute
Condition string - attribute
Mapping {[key: string]: string} - aws
Get
Workload Identity Pool Provider Aw[] - description string
- disabled boolean
- display
Name string - id string
- The provider-assigned unique ID for this managed resource.
- name string
- oidcs
Get
Workload Identity Pool Provider Oidc[] - samls
Get
Workload Identity Pool Provider Saml[] - state string
- workload
Identity stringPool Id - workload
Identity stringPool Provider Id - project string
- attribute_
condition str - attribute_
mapping Mapping[str, str] - aws
Sequence[Get
Workload Identity Pool Provider Aw] - description str
- disabled bool
- display_
name str - id str
- The provider-assigned unique ID for this managed resource.
- name str
- oidcs
Sequence[Get
Workload Identity Pool Provider Oidc] - samls
Sequence[Get
Workload Identity Pool Provider Saml] - state str
- workload_
identity_ strpool_ id - workload_
identity_ strpool_ provider_ id - project str
- attribute
Condition String - attribute
Mapping Map<String> - aws List<Property Map>
- description String
- disabled Boolean
- display
Name String - id String
- The provider-assigned unique ID for this managed resource.
- name String
- oidcs List<Property Map>
- samls List<Property Map>
- state String
- workload
Identity StringPool Id - workload
Identity StringPool Provider Id - project String
Supporting Types
GetWorkloadIdentityPoolProviderAw
- Account
Id string - The AWS account ID.
- Account
Id string - The AWS account ID.
- account
Id String - The AWS account ID.
- account
Id string - The AWS account ID.
- account_
id str - The AWS account ID.
- account
Id String - The AWS account ID.
GetWorkloadIdentityPoolProviderOidc
- Allowed
Audiences List<string> Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.
If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''
- Issuer
Uri string - The OIDC issuer URL.
- Jwks
Json string - OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
- Allowed
Audiences []string Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.
If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''
- Issuer
Uri string - The OIDC issuer URL.
- Jwks
Json string - OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
- allowed
Audiences List<String> Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.
If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''
- issuer
Uri String - The OIDC issuer URL.
- jwks
Json String - OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
- allowed
Audiences string[] Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.
If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''
- issuer
Uri string - The OIDC issuer URL.
- jwks
Json string - OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
- allowed_
audiences Sequence[str] Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.
If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''
- issuer_
uri str - The OIDC issuer URL.
- jwks_
json str - OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
- allowed
Audiences List<String> Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.
If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ''' //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ '''
- issuer
Uri String - The OIDC issuer URL.
- jwks
Json String - OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ''' { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } '''
GetWorkloadIdentityPoolProviderSaml
- Idp
Metadata stringXml - SAML Identity provider configuration metadata xml doc.
- Idp
Metadata stringXml - SAML Identity provider configuration metadata xml doc.
- idp
Metadata StringXml - SAML Identity provider configuration metadata xml doc.
- idp
Metadata stringXml - SAML Identity provider configuration metadata xml doc.
- idp_
metadata_ strxml - SAML Identity provider configuration metadata xml doc.
- idp
Metadata StringXml - SAML Identity provider configuration metadata xml doc.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.