import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Represents a public key configuration for a Workforce Pool Provider. The key can be configured in your identity provider to encrypt SAML assertions.
* Google holds the corresponding private key, which it uses to decrypt encrypted tokens.
*
* To get more information about WorkforcePoolProviderKey, see:
*
* * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers.keys)
* * How-to Guides
* * [Configure a provider within the workforce pool](https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#configure_a_provider_within_the_workforce_pool)
* * [Workforce Identity Federation Overview](https://cloud.google.com/iam/docs/workforce-identity-federation)
*
* ## Example Usage
*
* ### Iam Workforce Pool Provider Saml Key Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const pool = new gcp.iam.WorkforcePool("pool", {
* workforcePoolId: "example-pool",
* parent: "organizations/123456789",
* location: "global",
* });
* const provider = new gcp.iam.WorkforcePoolProvider("provider", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: "example-prvdr",
* attributeMapping: {
* "google.subject": "assertion.sub",
* },
* saml: {
* idpMetadataXml: " MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv",
* },
* });
* const example = new gcp.iam.WorkforcePoolProviderKey("example", {
* workforcePoolId: pool.workforcePoolId,
* location: pool.location,
* providerId: provider.providerId,
* keyId: "example-key",
* keyData: {
* keySpec: "RSA_2048",
* },
* use: "ENCRYPTION",
* });
* ```
*
* ## Import
*
* WorkforcePoolProviderKey can be imported using any of these accepted formats:
*
* * `locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/keys/{{key_id}}`
* * `{{location}}/{{workforce_pool_id}}/{{provider_id}}/{{key_id}}`
*
* When using the `pulumi import` command, WorkforcePoolProviderKey can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:iam/workforcePoolProviderKey:WorkforcePoolProviderKey default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/keys/{{key_id}}
* $ pulumi import gcp:iam/workforcePoolProviderKey:WorkforcePoolProviderKey default {{location}}/{{workforce_pool_id}}/{{provider_id}}/{{key_id}}
* ```
*/
export declare class WorkforcePoolProviderKey extends pulumi.CustomResource {
/**
* Get an existing WorkforcePoolProviderKey resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input, state?: WorkforcePoolProviderKeyState, opts?: pulumi.CustomResourceOptions): WorkforcePoolProviderKey;
/**
* Returns true if the given object is an instance of WorkforcePoolProviderKey. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is WorkforcePoolProviderKey;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
readonly deletionPolicy: pulumi.Output;
/**
* The time after which the key will be permanently deleted and cannot be recovered.
* Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
*/
readonly expireTime: pulumi.Output;
/**
* Immutable. Public half of the asymmetric key.
* Structure is documented below.
*/
readonly keyData: pulumi.Output;
/**
* The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
*/
readonly keyId: pulumi.Output;
/**
* The location for the resource.
*/
readonly location: pulumi.Output;
/**
* Identifier. The resource name of the key.
* Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId}`
*/
readonly name: pulumi.Output;
/**
* The ID of the provider.
*/
readonly providerId: pulumi.Output;
/**
* The state of the key.
*/
readonly state: pulumi.Output;
/**
* The purpose of the key.
* Possible values are: `ENCRYPTION`.
*/
readonly use: pulumi.Output;
/**
* The ID of the workforce pool.
*/
readonly workforcePoolId: pulumi.Output;
/**
* Create a WorkforcePoolProviderKey resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: WorkforcePoolProviderKeyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering WorkforcePoolProviderKey resources.
*/
export interface WorkforcePoolProviderKeyState {
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input;
/**
* The time after which the key will be permanently deleted and cannot be recovered.
* Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
*/
expireTime?: pulumi.Input;
/**
* Immutable. Public half of the asymmetric key.
* Structure is documented below.
*/
keyData?: pulumi.Input;
/**
* The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
*/
keyId?: pulumi.Input;
/**
* The location for the resource.
*/
location?: pulumi.Input;
/**
* Identifier. The resource name of the key.
* Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId}`
*/
name?: pulumi.Input;
/**
* The ID of the provider.
*/
providerId?: pulumi.Input;
/**
* The state of the key.
*/
state?: pulumi.Input;
/**
* The purpose of the key.
* Possible values are: `ENCRYPTION`.
*/
use?: pulumi.Input;
/**
* The ID of the workforce pool.
*/
workforcePoolId?: pulumi.Input;
}
/**
* The set of arguments for constructing a WorkforcePoolProviderKey resource.
*/
export interface WorkforcePoolProviderKeyArgs {
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input;
/**
* Immutable. Public half of the asymmetric key.
* Structure is documented below.
*/
keyData: pulumi.Input;
/**
* The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
*/
keyId: pulumi.Input;
/**
* The location for the resource.
*/
location: pulumi.Input;
/**
* The ID of the provider.
*/
providerId: pulumi.Input;
/**
* The purpose of the key.
* Possible values are: `ENCRYPTION`.
*/
use: pulumi.Input;
/**
* The ID of the workforce pool.
*/
workforcePoolId: pulumi.Input;
}
//# sourceMappingURL=workforcePoolProviderKey.d.ts.map