Skip to content

Files

Latest commit

 

History

History
5384 lines (3463 loc) · 269 KB
·

iamWorkloadIdentityPoolProvider.python.md

File metadata and controls

5384 lines (3463 loc) · 269 KB
·

iamWorkloadIdentityPoolProvider Submodule

Constructs

IamWorkloadIdentityPoolProvider

Represents a {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider google_iam_workload_identity_pool_provider}.

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProvider(
  scope: Construct,
  id: str,
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  workload_identity_pool_id: str,
  workload_identity_pool_provider_id: str,
  attribute_condition: str = None,
  attribute_mapping: typing.Mapping[str] = None,
  aws: IamWorkloadIdentityPoolProviderAws = None,
  description: str = None,
  disabled: typing.Union[bool, IResolvable] = None,
  display_name: str = None,
  id: str = None,
  oidc: IamWorkloadIdentityPoolProviderOidc = None,
  project: str = None,
  saml: IamWorkloadIdentityPoolProviderSaml = None,
  timeouts: IamWorkloadIdentityPoolProviderTimeouts = None,
  x509: IamWorkloadIdentityPoolProviderX509 = None
)
Name Type Description
scope constructs.Construct The scope in which to define this construct.
id str The scoped construct ID.
connection typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] No description.
count typing.Union[typing.Union[int, float], cdktf.TerraformCount] No description.
depends_on typing.List[cdktf.ITerraformDependable] No description.
for_each cdktf.ITerraformIterator No description.
lifecycle cdktf.TerraformResourceLifecycle No description.
provider cdktf.TerraformProvider No description.
provisioners typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] No description.
workload_identity_pool_id str The ID used for the pool, which is the final component of the pool resource name.
workload_identity_pool_provider_id str The ID for the provider, which becomes the final component of the resource name.
attribute_condition str A Common Expression Language expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted.
attribute_mapping typing.Mapping[str] Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as 'subject' and 'segment'.
aws IamWorkloadIdentityPoolProviderAws aws block.
description str A description for the provider. Cannot exceed 256 characters.
disabled typing.Union[bool, cdktf.IResolvable] Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
display_name str A display name for the provider. Cannot exceed 32 characters.
id str Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#id IamWorkloadIdentityPoolProvider#id}.
oidc IamWorkloadIdentityPoolProviderOidc oidc block.
project str Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#project IamWorkloadIdentityPoolProvider#project}.
saml IamWorkloadIdentityPoolProviderSaml saml block.
timeouts IamWorkloadIdentityPoolProviderTimeouts timeouts block.
x509 IamWorkloadIdentityPoolProviderX509 x509 block.
scopeRequired
  • Type: constructs.Construct

The scope in which to define this construct.

idRequired
  • Type: str

The scoped construct ID.

Must be unique amongst siblings in the same scope

connectionOptional
  • Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
countOptional
  • Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_onOptional
  • Type: typing.List[cdktf.ITerraformDependable]
for_eachOptional
  • Type: cdktf.ITerraformIterator
lifecycleOptional
  • Type: cdktf.TerraformResourceLifecycle
providerOptional
  • Type: cdktf.TerraformProvider
provisionersOptional
  • Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
workload_identity_pool_idRequired
  • Type: str

The ID used for the pool, which is the final component of the pool resource name.

This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix 'gcp-' is reserved for use by Google, and may not be specified.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#workload_identity_pool_id IamWorkloadIdentityPoolProvider#workload_identity_pool_id}

workload_identity_pool_provider_idRequired
  • Type: str

The ID for the provider, which becomes the final component of the resource name.

This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix 'gcp-' is reserved for use by Google, and may not be specified.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#workload_identity_pool_provider_id IamWorkloadIdentityPoolProvider#workload_identity_pool_provider_id}

attribute_conditionOptional
  • Type: str

A Common Expression Language expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted.

The expression must output a boolean representing whether to allow the federation.

The following keywords may be referenced in the expressions:

  • 'assertion': JSON representing the authentication credential issued by the provider.
  • 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.
  • 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.

The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted.

The following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':

"'admins' in google.groups"

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#attribute_condition IamWorkloadIdentityPoolProvider#attribute_condition}

attribute_mappingOptional
  • Type: typing.Mapping[str]

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as 'subject' and 'segment'.

Each key must be a string specifying the Google Cloud IAM attribute to map to.

The following keys are supported:

  • 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters.
  • 'google.groups': Groups the external identity belongs to. You can grant groups access to resources using an IAM 'principalSet' binding; access applies to all members of the group.

You can also provide custom attributes by specifying 'attribute.{custom_attribute}', where '{custom_attribute}' is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].

You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example:

  • 'google.subject': 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'
  • 'google.groups': 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'
  • 'attribute.{custom_attribute}': 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'

Each value must be a Common Expression Language function that maps an identity provider credential to the normalized attribute specified by the corresponding map key.

You can use the 'assertion' keyword in the expression to access a JSON representation of the authentication credential issued by the provider.

The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB.

For AWS providers, the following rules apply:

  • If no attribute mapping is defined, the following default mapping applies:

    {
  "google.subject":"assertion.arn",
  "attribute.aws_role":
    "assertion.arn.contains('assumed-role')"
    " ? assertion.arn.extract('{account_arn}assumed-role/')"
    "   + 'assumed-role/'"
    "   + assertion.arn.extract('assumed-role/{role_name}/')"
    " : assertion.arn",
}

  • If any custom attribute mappings are defined, they must include a mapping to the 'google.subject' attribute.

For OIDC providers, the following rules apply:

  • Custom attribute mappings must be defined, and must include a mapping to the 'google.subject' attribute. For example, the following maps the 'sub' claim of the incoming credential to the 'subject' attribute on a Google token.

    {"google.subject": "assertion.sub"}

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#attribute_mapping IamWorkloadIdentityPoolProvider#attribute_mapping}

awsOptional

aws block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#aws IamWorkloadIdentityPoolProvider#aws}

descriptionOptional
  • Type: str

A description for the provider. Cannot exceed 256 characters.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#description IamWorkloadIdentityPoolProvider#description}

disabledOptional
  • Type: typing.Union[bool, cdktf.IResolvable]

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#disabled IamWorkloadIdentityPoolProvider#disabled}

display_nameOptional
  • Type: str

A display name for the provider. Cannot exceed 32 characters.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#display_name IamWorkloadIdentityPoolProvider#display_name}

idOptional
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#id IamWorkloadIdentityPoolProvider#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

oidcOptional

oidc block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#oidc IamWorkloadIdentityPoolProvider#oidc}

projectOptional
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#project IamWorkloadIdentityPoolProvider#project}.

samlOptional

saml block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#saml IamWorkloadIdentityPoolProvider#saml}

timeoutsOptional

timeouts block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#timeouts IamWorkloadIdentityPoolProvider#timeouts}

x509Optional

x509 block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#x509 IamWorkloadIdentityPoolProvider#x509}

Methods

Name Description
to_string Returns a string representation of this construct.
add_override No description.
override_logical_id Overrides the auto-generated logical ID with a specific ID.
reset_override_logical_id Resets a previously passed logical Id to use the auto-generated logical id again.
to_hcl_terraform No description.
to_metadata No description.
to_terraform Adds this resource to the terraform JSON output.
add_move_target Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
has_resource_move No description.
import_from No description.
interpolation_for_attribute No description.
move_from_id Move the resource corresponding to "id" to this resource.
move_to Moves this resource to the target resource given by moveTarget.
move_to_id Moves this resource to the resource corresponding to "id".
put_aws No description.
put_oidc No description.
put_saml No description.
put_timeouts No description.
put_x509 No description.
reset_attribute_condition No description.
reset_attribute_mapping No description.
reset_aws No description.
reset_description No description.
reset_disabled No description.
reset_display_name No description.
reset_id No description.
reset_oidc No description.
reset_project No description.
reset_saml No description.
reset_timeouts No description.
reset_x509 No description.
to_string 
def to_string() -> str

Returns a string representation of this construct.

add_override 
def add_override(
  path: str,
  value: typing.Any
) -> None
pathRequired
  • Type: str
valueRequired
  • Type: typing.Any
override_logical_id 
def override_logical_id(
  new_logical_id: str
) -> None

Overrides the auto-generated logical ID with a specific ID.

new_logical_idRequired
  • Type: str

The new logical ID to use for this stack element.

reset_override_logical_id 
def reset_override_logical_id() -> None

Resets a previously passed logical Id to use the auto-generated logical id again.

to_hcl_terraform 
def to_hcl_terraform() -> typing.Any
to_metadata 
def to_metadata() -> typing.Any
to_terraform 
def to_terraform() -> typing.Any

Adds this resource to the terraform JSON output.

add_move_target 
def add_move_target(
  move_target: str
) -> None

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

move_targetRequired
  • Type: str

The string move target that will correspond to this resource.

get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
has_resource_move 
def has_resource_move() -> typing.Union[TerraformResourceMoveByTarget, TerraformResourceMoveById]
import_from 
def import_from(
  id: str,
  provider: TerraformProvider = None
) -> None
idRequired
  • Type: str
providerOptional
  • Type: cdktf.TerraformProvider
interpolation_for_attribute 
def interpolation_for_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
move_from_id 
def move_from_id(
  id: str
) -> None

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

idRequired
  • Type: str

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

move_to 
def move_to(
  move_target: str,
  index: typing.Union[str, typing.Union[int, float]] = None
) -> None

Moves this resource to the target resource given by moveTarget.

move_targetRequired
  • Type: str

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

indexOptional
  • Type: typing.Union[str, typing.Union[int, float]]

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

move_to_id 
def move_to_id(
  id: str
) -> None

Moves this resource to the resource corresponding to "id".

idRequired
  • Type: str

Full id of resource to move to, e.g. "aws_s3_bucket.example".

put_aws 
def put_aws(
  account_id: str
) -> None
account_idRequired
  • Type: str

The AWS account ID.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#account_id IamWorkloadIdentityPoolProvider#account_id}

put_oidc 
def put_oidc(
  issuer_uri: str,
  allowed_audiences: typing.List[str] = None,
  jwks_json: str = None
) -> None
issuer_uriRequired
  • Type: str

The OIDC issuer URL.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#issuer_uri IamWorkloadIdentityPoolProvider#issuer_uri}

allowed_audiencesOptional
  • Type: typing.List[str]

Acceptable values for the 'aud' field (audience) in the OIDC token.

Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example:

//iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#allowed_audiences IamWorkloadIdentityPoolProvider#allowed_audiences}

jwks_jsonOptional
  • Type: str

OIDC JWKs in JSON String format.

For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

{
  "keys": [
    {
          "kty": "RSA/EC",
          "alg": "<algorithm>",
          "use": "sig",
          "kid": "<key-id>",
          "n": "",
          "e": "",
          "x": "",
          "y": "",
          "crv": ""
    }
  ]
}

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#jwks_json IamWorkloadIdentityPoolProvider#jwks_json}

put_saml 
def put_saml(
  idp_metadata_xml: str
) -> None
idp_metadata_xmlRequired
  • Type: str

SAML Identity provider configuration metadata xml doc.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#idp_metadata_xml IamWorkloadIdentityPoolProvider#idp_metadata_xml}

put_timeouts 
def put_timeouts(
  create: str = None,
  delete: str = None,
  update: str = None
) -> None
createOptional
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#create IamWorkloadIdentityPoolProvider#create}.

deleteOptional
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#delete IamWorkloadIdentityPoolProvider#delete}.

updateOptional
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#update IamWorkloadIdentityPoolProvider#update}.

put_x509 
def put_x509(
  trust_store: IamWorkloadIdentityPoolProviderX509TrustStore
) -> None
trust_storeRequired

trust_store block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#trust_store IamWorkloadIdentityPoolProvider#trust_store}

reset_attribute_condition 
def reset_attribute_condition() -> None
reset_attribute_mapping 
def reset_attribute_mapping() -> None
reset_aws 
def reset_aws() -> None
reset_description 
def reset_description() -> None
reset_disabled 
def reset_disabled() -> None
reset_display_name 
def reset_display_name() -> None
reset_id 
def reset_id() -> None
reset_oidc 
def reset_oidc() -> None
reset_project 
def reset_project() -> None
reset_saml 
def reset_saml() -> None
reset_timeouts 
def reset_timeouts() -> None
reset_x509 
def reset_x509() -> None

Static Functions

Name Description
is_construct Checks if x is a construct.
is_terraform_element No description.
is_terraform_resource No description.
generate_config_for_import Generates CDKTF code for importing a IamWorkloadIdentityPoolProvider resource upon running "cdktf plan ".
is_construct 
from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProvider.is_construct(
  x: typing.Any
)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: typing.Any

Any object.

is_terraform_element 
from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProvider.is_terraform_element(
  x: typing.Any
)
xRequired
  • Type: typing.Any
is_terraform_resource 
from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProvider.is_terraform_resource(
  x: typing.Any
)
xRequired
  • Type: typing.Any
generate_config_for_import 
from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProvider.generate_config_for_import(
  scope: Construct,
  import_to_id: str,
  import_from_id: str,
  provider: TerraformProvider = None
)

Generates CDKTF code for importing a IamWorkloadIdentityPoolProvider resource upon running "cdktf plan ".

scopeRequired
  • Type: constructs.Construct

The scope in which to define this construct.

import_to_idRequired
  • Type: str

The construct id used in the generated config for the IamWorkloadIdentityPoolProvider to import.

import_from_idRequired
  • Type: str

The id of the existing IamWorkloadIdentityPoolProvider that should be imported.

Refer to the {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#import import section} in the documentation of this resource for the id to use

providerOptional
  • Type: cdktf.TerraformProvider

? Optional instance of the provider where the IamWorkloadIdentityPoolProvider to import is found.

Properties

Name Type Description
node constructs.Node The tree node.
cdktf_stack cdktf.TerraformStack No description.
fqn str No description.
friendly_unique_id str No description.
terraform_meta_arguments typing.Mapping[typing.Any] No description.
terraform_resource_type str No description.
terraform_generator_metadata cdktf.TerraformProviderGeneratorMetadata No description.
connection typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] No description.
count typing.Union[typing.Union[int, float], cdktf.TerraformCount] No description.
depends_on typing.List[str] No description.
for_each cdktf.ITerraformIterator No description.
lifecycle cdktf.TerraformResourceLifecycle No description.
provider cdktf.TerraformProvider No description.
provisioners typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] No description.
aws IamWorkloadIdentityPoolProviderAwsOutputReference No description.
name str No description.
oidc IamWorkloadIdentityPoolProviderOidcOutputReference No description.
saml IamWorkloadIdentityPoolProviderSamlOutputReference No description.
state str No description.
timeouts IamWorkloadIdentityPoolProviderTimeoutsOutputReference No description.
x509 IamWorkloadIdentityPoolProviderX509OutputReference No description.
attribute_condition_input str No description.
attribute_mapping_input typing.Mapping[str] No description.
aws_input IamWorkloadIdentityPoolProviderAws No description.
description_input str No description.
disabled_input typing.Union[bool, cdktf.IResolvable] No description.
display_name_input str No description.
id_input str No description.
oidc_input IamWorkloadIdentityPoolProviderOidc No description.
project_input str No description.
saml_input IamWorkloadIdentityPoolProviderSaml No description.
timeouts_input typing.Union[cdktf.IResolvable, IamWorkloadIdentityPoolProviderTimeouts] No description.
workload_identity_pool_id_input str No description.
workload_identity_pool_provider_id_input str No description.
x509_input IamWorkloadIdentityPoolProviderX509 No description.
attribute_condition str No description.
attribute_mapping typing.Mapping[str] No description.
description str No description.
disabled typing.Union[bool, cdktf.IResolvable] No description.
display_name str No description.
id str No description.
project str No description.
workload_identity_pool_id str No description.
workload_identity_pool_provider_id str No description.
nodeRequired 
node: Node
  • Type: constructs.Node

The tree node.

cdktf_stackRequired 
cdktf_stack: TerraformStack
  • Type: cdktf.TerraformStack
fqnRequired 
fqn: str
  • Type: str
friendly_unique_idRequired 
friendly_unique_id: str
  • Type: str
terraform_meta_argumentsRequired 
terraform_meta_arguments: typing.Mapping[typing.Any]
  • Type: typing.Mapping[typing.Any]
terraform_resource_typeRequired 
terraform_resource_type: str
  • Type: str
terraform_generator_metadataOptional 
terraform_generator_metadata: TerraformProviderGeneratorMetadata
  • Type: cdktf.TerraformProviderGeneratorMetadata
connectionOptional 
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
  • Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
countOptional 
count: typing.Union[typing.Union[int, float], TerraformCount]
  • Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_onOptional 
depends_on: typing.List[str]
  • Type: typing.List[str]
for_eachOptional 
for_each: ITerraformIterator
  • Type: cdktf.ITerraformIterator
lifecycleOptional 
lifecycle: TerraformResourceLifecycle
  • Type: cdktf.TerraformResourceLifecycle
providerOptional 
provider: TerraformProvider
  • Type: cdktf.TerraformProvider
provisionersOptional 
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
  • Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
awsRequired 
aws: IamWorkloadIdentityPoolProviderAwsOutputReference
nameRequired 
name: str
  • Type: str
oidcRequired 
oidc: IamWorkloadIdentityPoolProviderOidcOutputReference
samlRequired 
saml: IamWorkloadIdentityPoolProviderSamlOutputReference
stateRequired 
state: str
  • Type: str
timeoutsRequired 
timeouts: IamWorkloadIdentityPoolProviderTimeoutsOutputReference
x509Required 
x509: IamWorkloadIdentityPoolProviderX509OutputReference
attribute_condition_inputOptional 
attribute_condition_input: str
  • Type: str
attribute_mapping_inputOptional 
attribute_mapping_input: typing.Mapping[str]
  • Type: typing.Mapping[str]
aws_inputOptional 
aws_input: IamWorkloadIdentityPoolProviderAws
description_inputOptional 
description_input: str
  • Type: str
disabled_inputOptional 
disabled_input: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
display_name_inputOptional 
display_name_input: str
  • Type: str
id_inputOptional 
id_input: str
  • Type: str
oidc_inputOptional 
oidc_input: IamWorkloadIdentityPoolProviderOidc
project_inputOptional 
project_input: str
  • Type: str
saml_inputOptional 
saml_input: IamWorkloadIdentityPoolProviderSaml
timeouts_inputOptional 
timeouts_input: typing.Union[IResolvable, IamWorkloadIdentityPoolProviderTimeouts]
workload_identity_pool_id_inputOptional 
workload_identity_pool_id_input: str
  • Type: str
workload_identity_pool_provider_id_inputOptional 
workload_identity_pool_provider_id_input: str
  • Type: str
x509_inputOptional 
x509_input: IamWorkloadIdentityPoolProviderX509
attribute_conditionRequired 
attribute_condition: str
  • Type: str
attribute_mappingRequired 
attribute_mapping: typing.Mapping[str]
  • Type: typing.Mapping[str]
descriptionRequired 
description: str
  • Type: str
disabledRequired 
disabled: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]
display_nameRequired 
display_name: str
  • Type: str
idRequired 
id: str
  • Type: str
projectRequired 
project: str
  • Type: str
workload_identity_pool_idRequired 
workload_identity_pool_id: str
  • Type: str
workload_identity_pool_provider_idRequired 
workload_identity_pool_provider_id: str
  • Type: str

Constants

Name Type Description
tfResourceType str No description.
tfResourceTypeRequired 
tfResourceType: str
  • Type: str

Structs

IamWorkloadIdentityPoolProviderAws

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderAws(
  account_id: str
)

Properties

Name Type Description
account_id str The AWS account ID.
account_idRequired 
account_id: str
  • Type: str

The AWS account ID.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#account_id IamWorkloadIdentityPoolProvider#account_id}

IamWorkloadIdentityPoolProviderConfig

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderConfig(
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  workload_identity_pool_id: str,
  workload_identity_pool_provider_id: str,
  attribute_condition: str = None,
  attribute_mapping: typing.Mapping[str] = None,
  aws: IamWorkloadIdentityPoolProviderAws = None,
  description: str = None,
  disabled: typing.Union[bool, IResolvable] = None,
  display_name: str = None,
  id: str = None,
  oidc: IamWorkloadIdentityPoolProviderOidc = None,
  project: str = None,
  saml: IamWorkloadIdentityPoolProviderSaml = None,
  timeouts: IamWorkloadIdentityPoolProviderTimeouts = None,
  x509: IamWorkloadIdentityPoolProviderX509 = None
)

Properties

Name Type Description
connection typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection] No description.
count typing.Union[typing.Union[int, float], cdktf.TerraformCount] No description.
depends_on typing.List[cdktf.ITerraformDependable] No description.
for_each cdktf.ITerraformIterator No description.
lifecycle cdktf.TerraformResourceLifecycle No description.
provider cdktf.TerraformProvider No description.
provisioners typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]] No description.
workload_identity_pool_id str The ID used for the pool, which is the final component of the pool resource name.
workload_identity_pool_provider_id str The ID for the provider, which becomes the final component of the resource name.
attribute_condition str A Common Expression Language expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted.
attribute_mapping typing.Mapping[str] Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as 'subject' and 'segment'.
aws IamWorkloadIdentityPoolProviderAws aws block.
description str A description for the provider. Cannot exceed 256 characters.
disabled typing.Union[bool, cdktf.IResolvable] Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
display_name str A display name for the provider. Cannot exceed 32 characters.
id str Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#id IamWorkloadIdentityPoolProvider#id}.
oidc IamWorkloadIdentityPoolProviderOidc oidc block.
project str Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#project IamWorkloadIdentityPoolProvider#project}.
saml IamWorkloadIdentityPoolProviderSaml saml block.
timeouts IamWorkloadIdentityPoolProviderTimeouts timeouts block.
x509 IamWorkloadIdentityPoolProviderX509 x509 block.
connectionOptional 
connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]
  • Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]
countOptional 
count: typing.Union[typing.Union[int, float], TerraformCount]
  • Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]
depends_onOptional 
depends_on: typing.List[ITerraformDependable]
  • Type: typing.List[cdktf.ITerraformDependable]
for_eachOptional 
for_each: ITerraformIterator
  • Type: cdktf.ITerraformIterator
lifecycleOptional 
lifecycle: TerraformResourceLifecycle
  • Type: cdktf.TerraformResourceLifecycle
providerOptional 
provider: TerraformProvider
  • Type: cdktf.TerraformProvider
provisionersOptional 
provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]
  • Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]
workload_identity_pool_idRequired 
workload_identity_pool_id: str
  • Type: str

The ID used for the pool, which is the final component of the pool resource name.

This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix 'gcp-' is reserved for use by Google, and may not be specified.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#workload_identity_pool_id IamWorkloadIdentityPoolProvider#workload_identity_pool_id}

workload_identity_pool_provider_idRequired 
workload_identity_pool_provider_id: str
  • Type: str

The ID for the provider, which becomes the final component of the resource name.

This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix 'gcp-' is reserved for use by Google, and may not be specified.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#workload_identity_pool_provider_id IamWorkloadIdentityPoolProvider#workload_identity_pool_provider_id}

attribute_conditionOptional 
attribute_condition: str
  • Type: str

A Common Expression Language expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted.

The expression must output a boolean representing whether to allow the federation.

The following keywords may be referenced in the expressions:

  • 'assertion': JSON representing the authentication credential issued by the provider.
  • 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.
  • 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.

The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted.

The following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':

"'admins' in google.groups"

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#attribute_condition IamWorkloadIdentityPoolProvider#attribute_condition}

attribute_mappingOptional 
attribute_mapping: typing.Mapping[str]
  • Type: typing.Mapping[str]

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as 'subject' and 'segment'.

Each key must be a string specifying the Google Cloud IAM attribute to map to.

The following keys are supported:

  • 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters.
  • 'google.groups': Groups the external identity belongs to. You can grant groups access to resources using an IAM 'principalSet' binding; access applies to all members of the group.

You can also provide custom attributes by specifying 'attribute.{custom_attribute}', where '{custom_attribute}' is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].

You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example:

  • 'google.subject': 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'
  • 'google.groups': 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'
  • 'attribute.{custom_attribute}': 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'

Each value must be a Common Expression Language function that maps an identity provider credential to the normalized attribute specified by the corresponding map key.

You can use the 'assertion' keyword in the expression to access a JSON representation of the authentication credential issued by the provider.

The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB.

For AWS providers, the following rules apply:

  • If no attribute mapping is defined, the following default mapping applies:

    {
  "google.subject":"assertion.arn",
  "attribute.aws_role":
    "assertion.arn.contains('assumed-role')"
    " ? assertion.arn.extract('{account_arn}assumed-role/')"
    "   + 'assumed-role/'"
    "   + assertion.arn.extract('assumed-role/{role_name}/')"
    " : assertion.arn",
}

  • If any custom attribute mappings are defined, they must include a mapping to the 'google.subject' attribute.

For OIDC providers, the following rules apply:

  • Custom attribute mappings must be defined, and must include a mapping to the 'google.subject' attribute. For example, the following maps the 'sub' claim of the incoming credential to the 'subject' attribute on a Google token.

    {"google.subject": "assertion.sub"}

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#attribute_mapping IamWorkloadIdentityPoolProvider#attribute_mapping}

awsOptional 
aws: IamWorkloadIdentityPoolProviderAws

aws block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#aws IamWorkloadIdentityPoolProvider#aws}

descriptionOptional 
description: str
  • Type: str

A description for the provider. Cannot exceed 256 characters.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#description IamWorkloadIdentityPoolProvider#description}

disabledOptional 
disabled: typing.Union[bool, IResolvable]
  • Type: typing.Union[bool, cdktf.IResolvable]

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#disabled IamWorkloadIdentityPoolProvider#disabled}

display_nameOptional 
display_name: str
  • Type: str

A display name for the provider. Cannot exceed 32 characters.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#display_name IamWorkloadIdentityPoolProvider#display_name}

idOptional 
id: str
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#id IamWorkloadIdentityPoolProvider#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

oidcOptional 
oidc: IamWorkloadIdentityPoolProviderOidc

oidc block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#oidc IamWorkloadIdentityPoolProvider#oidc}

projectOptional 
project: str
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#project IamWorkloadIdentityPoolProvider#project}.

samlOptional 
saml: IamWorkloadIdentityPoolProviderSaml

saml block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#saml IamWorkloadIdentityPoolProvider#saml}

timeoutsOptional 
timeouts: IamWorkloadIdentityPoolProviderTimeouts

timeouts block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#timeouts IamWorkloadIdentityPoolProvider#timeouts}

x509Optional 
x509: IamWorkloadIdentityPoolProviderX509

x509 block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#x509 IamWorkloadIdentityPoolProvider#x509}

IamWorkloadIdentityPoolProviderOidc

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderOidc(
  issuer_uri: str,
  allowed_audiences: typing.List[str] = None,
  jwks_json: str = None
)

Properties

Name Type Description
issuer_uri str The OIDC issuer URL.
allowed_audiences typing.List[str] Acceptable values for the 'aud' field (audience) in the OIDC token.
jwks_json str OIDC JWKs in JSON String format.
issuer_uriRequired 
issuer_uri: str
  • Type: str

The OIDC issuer URL.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#issuer_uri IamWorkloadIdentityPoolProvider#issuer_uri}

allowed_audiencesOptional 
allowed_audiences: typing.List[str]
  • Type: typing.List[str]

Acceptable values for the 'aud' field (audience) in the OIDC token.

Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured.

If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example:

//iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#allowed_audiences IamWorkloadIdentityPoolProvider#allowed_audiences}

jwks_jsonOptional 
jwks_json: str
  • Type: str

OIDC JWKs in JSON String format.

For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the 'jwks_uri' from the discovery document fetched from the .well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

{
  "keys": [
    {
          "kty": "RSA/EC",
          "alg": "<algorithm>",
          "use": "sig",
          "kid": "<key-id>",
          "n": "",
          "e": "",
          "x": "",
          "y": "",
          "crv": ""
    }
  ]
}

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#jwks_json IamWorkloadIdentityPoolProvider#jwks_json}

IamWorkloadIdentityPoolProviderSaml

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderSaml(
  idp_metadata_xml: str
)

Properties

Name Type Description
idp_metadata_xml str SAML Identity provider configuration metadata xml doc.
idp_metadata_xmlRequired 
idp_metadata_xml: str
  • Type: str

SAML Identity provider configuration metadata xml doc.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#idp_metadata_xml IamWorkloadIdentityPoolProvider#idp_metadata_xml}

IamWorkloadIdentityPoolProviderTimeouts

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderTimeouts(
  create: str = None,
  delete: str = None,
  update: str = None
)

Properties

Name Type Description
create str Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#create IamWorkloadIdentityPoolProvider#create}.
delete str Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#delete IamWorkloadIdentityPoolProvider#delete}.
update str Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#update IamWorkloadIdentityPoolProvider#update}.
createOptional 
create: str
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#create IamWorkloadIdentityPoolProvider#create}.

deleteOptional 
delete: str
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#delete IamWorkloadIdentityPoolProvider#delete}.

updateOptional 
update: str
  • Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#update IamWorkloadIdentityPoolProvider#update}.

IamWorkloadIdentityPoolProviderX509

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509(
  trust_store: IamWorkloadIdentityPoolProviderX509TrustStore
)

Properties

Name Type Description
trust_store IamWorkloadIdentityPoolProviderX509TrustStore trust_store block.
trust_storeRequired 
trust_store: IamWorkloadIdentityPoolProviderX509TrustStore

trust_store block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#trust_store IamWorkloadIdentityPoolProvider#trust_store}

IamWorkloadIdentityPoolProviderX509TrustStore

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStore(
  trust_anchors: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]],
  intermediate_cas: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]] = None
)

Properties

Name Type Description
trust_anchors typing.Union[cdktf.IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]] trust_anchors block.
intermediate_cas typing.Union[cdktf.IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]] intermediate_cas block.
trust_anchorsRequired 
trust_anchors: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]]

trust_anchors block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#trust_anchors IamWorkloadIdentityPoolProvider#trust_anchors}

intermediate_casOptional 
intermediate_cas: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]]

intermediate_cas block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#intermediate_cas IamWorkloadIdentityPoolProvider#intermediate_cas}

IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas(
  pem_certificate: str = None
)

Properties

Name Type Description
pem_certificate str PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
pem_certificateOptional 
pem_certificate: str
  • Type: str

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#pem_certificate IamWorkloadIdentityPoolProvider#pem_certificate}

IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors

Initializer 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors(
  pem_certificate: str = None
)

Properties

Name Type Description
pem_certificate str PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).
pem_certificateOptional 
pem_certificate: str
  • Type: str

PEM certificate of the PKI used for validation. Must only contain one ca certificate(either root or intermediate cert).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#pem_certificate IamWorkloadIdentityPoolProvider#pem_certificate}

Classes

IamWorkloadIdentityPoolProviderAwsOutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderAwsOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
account_id_input str No description.
account_id str No description.
internal_value IamWorkloadIdentityPoolProviderAws No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
account_id_inputOptional 
account_id_input: str
  • Type: str
account_idRequired 
account_id: str
  • Type: str
internal_valueOptional 
internal_value: IamWorkloadIdentityPoolProviderAws

IamWorkloadIdentityPoolProviderOidcOutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderOidcOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
reset_allowed_audiences No description.
reset_jwks_json No description.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

reset_allowed_audiences 
def reset_allowed_audiences() -> None
reset_jwks_json 
def reset_jwks_json() -> None

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
allowed_audiences_input typing.List[str] No description.
issuer_uri_input str No description.
jwks_json_input str No description.
allowed_audiences typing.List[str] No description.
issuer_uri str No description.
jwks_json str No description.
internal_value IamWorkloadIdentityPoolProviderOidc No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
allowed_audiences_inputOptional 
allowed_audiences_input: typing.List[str]
  • Type: typing.List[str]
issuer_uri_inputOptional 
issuer_uri_input: str
  • Type: str
jwks_json_inputOptional 
jwks_json_input: str
  • Type: str
allowed_audiencesRequired 
allowed_audiences: typing.List[str]
  • Type: typing.List[str]
issuer_uriRequired 
issuer_uri: str
  • Type: str
jwks_jsonRequired 
jwks_json: str
  • Type: str
internal_valueOptional 
internal_value: IamWorkloadIdentityPoolProviderOidc

IamWorkloadIdentityPoolProviderSamlOutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderSamlOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
idp_metadata_xml_input str No description.
idp_metadata_xml str No description.
internal_value IamWorkloadIdentityPoolProviderSaml No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
idp_metadata_xml_inputOptional 
idp_metadata_xml_input: str
  • Type: str
idp_metadata_xmlRequired 
idp_metadata_xml: str
  • Type: str
internal_valueOptional 
internal_value: IamWorkloadIdentityPoolProviderSaml

IamWorkloadIdentityPoolProviderTimeoutsOutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderTimeoutsOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
reset_create No description.
reset_delete No description.
reset_update No description.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

reset_create 
def reset_create() -> None
reset_delete 
def reset_delete() -> None
reset_update 
def reset_update() -> None

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
create_input str No description.
delete_input str No description.
update_input str No description.
create str No description.
delete str No description.
update str No description.
internal_value typing.Union[cdktf.IResolvable, IamWorkloadIdentityPoolProviderTimeouts] No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
create_inputOptional 
create_input: str
  • Type: str
delete_inputOptional 
delete_input: str
  • Type: str
update_inputOptional 
update_input: str
  • Type: str
createRequired 
create: str
  • Type: str
deleteRequired 
delete: str
  • Type: str
updateRequired 
update: str
  • Type: str
internal_valueOptional 
internal_value: typing.Union[IResolvable, IamWorkloadIdentityPoolProviderTimeouts]

IamWorkloadIdentityPoolProviderX509OutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509OutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
put_trust_store No description.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

put_trust_store 
def put_trust_store(
  trust_anchors: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]],
  intermediate_cas: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]] = None
) -> None
trust_anchorsRequired

trust_anchors block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#trust_anchors IamWorkloadIdentityPoolProvider#trust_anchors}

intermediate_casOptional

intermediate_cas block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/6.34.0/docs/resources/iam_workload_identity_pool_provider#intermediate_cas IamWorkloadIdentityPoolProvider#intermediate_cas}

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
trust_store IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference No description.
trust_store_input IamWorkloadIdentityPoolProviderX509TrustStore No description.
internal_value IamWorkloadIdentityPoolProviderX509 No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
trust_storeRequired 
trust_store: IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference
trust_store_inputOptional 
trust_store_input: IamWorkloadIdentityPoolProviderX509TrustStore
internal_valueOptional 
internal_value: IamWorkloadIdentityPoolProviderX509

IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasList

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasList(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str,
  wraps_set: bool
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
wraps_set bool whether the list is wrapping a set (will add tolist() to be able to access an item via an index).
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

wraps_setRequired
  • Type: bool

whether the list is wrapping a set (will add tolist() to be able to access an item via an index).

Methods

Name Description
all_with_map_key Creating an iterator for this complex list.
compute_fqn No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
get No description.
all_with_map_key 
def all_with_map_key(
  map_key_attribute_name: str
) -> DynamicListTerraformIterator

Creating an iterator for this complex list.

The list will be converted into a map with the mapKeyAttributeName as the key.

map_key_attribute_nameRequired
  • Type: str
compute_fqn 
def compute_fqn() -> str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

get 
def get(
  index: typing.Union[int, float]
) -> IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasOutputReference
indexRequired
  • Type: typing.Union[int, float]

the index of the item to return.

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
internal_value typing.Union[cdktf.IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]] No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
internal_valueOptional 
internal_value: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]]

IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasOutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str,
  complex_object_index: typing.Union[int, float],
  complex_object_is_from_set: bool
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
complex_object_index typing.Union[int, float] the index of this item in the list.
complex_object_is_from_set bool whether the list is wrapping a set (will add tolist() to be able to access an item via an index).
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

complex_object_indexRequired
  • Type: typing.Union[int, float]

the index of this item in the list.

complex_object_is_from_setRequired
  • Type: bool

whether the list is wrapping a set (will add tolist() to be able to access an item via an index).

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
reset_pem_certificate No description.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

reset_pem_certificate 
def reset_pem_certificate() -> None

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
pem_certificate_input str No description.
pem_certificate str No description.
internal_value typing.Union[cdktf.IResolvable, IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas] No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
pem_certificate_inputOptional 
pem_certificate_input: str
  • Type: str
pem_certificateRequired 
pem_certificate: str
  • Type: str
internal_valueOptional 
internal_value: typing.Union[IResolvable, IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]

IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStoreOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
put_intermediate_cas No description.
put_trust_anchors No description.
reset_intermediate_cas No description.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

put_intermediate_cas 
def put_intermediate_cas(
  value: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]]
) -> None
valueRequired
put_trust_anchors 
def put_trust_anchors(
  value: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]]
) -> None
valueRequired
reset_intermediate_cas 
def reset_intermediate_cas() -> None

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
intermediate_cas IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasList No description.
trust_anchors IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsList No description.
intermediate_cas_input typing.Union[cdktf.IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]] No description.
trust_anchors_input typing.Union[cdktf.IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]] No description.
internal_value IamWorkloadIdentityPoolProviderX509TrustStore No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
intermediate_casRequired 
intermediate_cas: IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCasList
trust_anchorsRequired 
trust_anchors: IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsList
intermediate_cas_inputOptional 
intermediate_cas_input: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreIntermediateCas]]
trust_anchors_inputOptional 
trust_anchors_input: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]]
internal_valueOptional 
internal_value: IamWorkloadIdentityPoolProviderX509TrustStore

IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsList

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsList(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str,
  wraps_set: bool
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
wraps_set bool whether the list is wrapping a set (will add tolist() to be able to access an item via an index).
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

wraps_setRequired
  • Type: bool

whether the list is wrapping a set (will add tolist() to be able to access an item via an index).

Methods

Name Description
all_with_map_key Creating an iterator for this complex list.
compute_fqn No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
get No description.
all_with_map_key 
def all_with_map_key(
  map_key_attribute_name: str
) -> DynamicListTerraformIterator

Creating an iterator for this complex list.

The list will be converted into a map with the mapKeyAttributeName as the key.

map_key_attribute_nameRequired
  • Type: str
compute_fqn 
def compute_fqn() -> str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

get 
def get(
  index: typing.Union[int, float]
) -> IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsOutputReference
indexRequired
  • Type: typing.Union[int, float]

the index of the item to return.

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
internal_value typing.Union[cdktf.IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]] No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
internal_valueOptional 
internal_value: typing.Union[IResolvable, typing.List[IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]]

IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsOutputReference

Initializers 

from cdktf_cdktf_provider_google import iam_workload_identity_pool_provider

iamWorkloadIdentityPoolProvider.IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchorsOutputReference(
  terraform_resource: IInterpolatingParent,
  terraform_attribute: str,
  complex_object_index: typing.Union[int, float],
  complex_object_is_from_set: bool
)
Name Type Description
terraform_resource cdktf.IInterpolatingParent The parent resource.
terraform_attribute str The attribute on the parent resource this class is referencing.
complex_object_index typing.Union[int, float] the index of this item in the list.
complex_object_is_from_set bool whether the list is wrapping a set (will add tolist() to be able to access an item via an index).
terraform_resourceRequired
  • Type: cdktf.IInterpolatingParent

The parent resource.

terraform_attributeRequired
  • Type: str

The attribute on the parent resource this class is referencing.

complex_object_indexRequired
  • Type: typing.Union[int, float]

the index of this item in the list.

complex_object_is_from_setRequired
  • Type: bool

whether the list is wrapping a set (will add tolist() to be able to access an item via an index).

Methods

Name Description
compute_fqn No description.
get_any_map_attribute No description.
get_boolean_attribute No description.
get_boolean_map_attribute No description.
get_list_attribute No description.
get_number_attribute No description.
get_number_list_attribute No description.
get_number_map_attribute No description.
get_string_attribute No description.
get_string_map_attribute No description.
interpolation_for_attribute No description.
resolve Produce the Token's value at resolution time.
to_string Return a string representation of this resolvable object.
reset_pem_certificate No description.
compute_fqn 
def compute_fqn() -> str
get_any_map_attribute 
def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]
terraform_attributeRequired
  • Type: str
get_boolean_attribute 
def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable
terraform_attributeRequired
  • Type: str
get_boolean_map_attribute 
def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]
terraform_attributeRequired
  • Type: str
get_list_attribute 
def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]
terraform_attributeRequired
  • Type: str
get_number_attribute 
def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]
terraform_attributeRequired
  • Type: str
get_number_list_attribute 
def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_number_map_attribute 
def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]
terraform_attributeRequired
  • Type: str
get_string_attribute 
def get_string_attribute(
  terraform_attribute: str
) -> str
terraform_attributeRequired
  • Type: str
get_string_map_attribute 
def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]
terraform_attributeRequired
  • Type: str
interpolation_for_attribute 
def interpolation_for_attribute(
  property: str
) -> IResolvable
propertyRequired
  • Type: str
resolve 
def resolve(
  _context: IResolveContext
) -> typing.Any

Produce the Token's value at resolution time.

_contextRequired
  • Type: cdktf.IResolveContext
to_string 
def to_string() -> str

Return a string representation of this resolvable object.

Returns a reversible string representation.

reset_pem_certificate 
def reset_pem_certificate() -> None

Properties

Name Type Description
creation_stack typing.List[str] The creation stack of this resolvable which will be appended to errors thrown during resolution.
fqn str No description.
pem_certificate_input str No description.
pem_certificate str No description.
internal_value typing.Union[cdktf.IResolvable, IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors] No description.
creation_stackRequired 
creation_stack: typing.List[str]
  • Type: typing.List[str]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

If this returns an empty array the stack will not be attached.

fqnRequired 
fqn: str
  • Type: str
pem_certificate_inputOptional 
pem_certificate_input: str
  • Type: str
pem_certificateRequired 
pem_certificate: str
  • Type: str
internal_valueOptional 
internal_value: typing.Union[IResolvable, IamWorkloadIdentityPoolProviderX509TrustStoreTrustAnchors]