import * as pulumi from "@pulumi/pulumi"; /** * Represents a SCIM tenant configuration for a Workforce Pool Provider. * The SCIM tenant configuration allows for the synchronization of user/group identities from external identity provider into Google Cloud using the System for Cross-domain Identity Management (SCIM) protocol. * * To get more information about WorkforcePoolProviderScimTenant, see: * * * [API documentation](https://docs.cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers.scimTenants) * * How-to Guides * * [Configure a SCIM Tenant](https://cloud.google.com/iam/docs/workforce-sign-in-microsoft-entra-id-scalable-groups?group_type=extended#extended-attributes) * * ## Example Usage * * ### Iam Workforce Pool Provider Scim Tenant Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkforcePool("pool", { * workforcePoolId: "example-pool", * parent: "organizations/123456789", * location: "global", * }); * const provider = new gcp.iam.WorkforcePoolProvider("provider", { * location: "global", * workforcePoolId: pool.workforcePoolId, * providerId: "example-prvdr", * attributeMapping: { * "google.subject": "assertion.sub", * }, * oidc: { * issuerUri: "https://accounts.thirdparty.com", * clientId: "client-id", * clientSecret: { * value: { * plainText: "client-secret", * }, * }, * webSsoConfig: { * responseType: "CODE", * assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS", * additionalScopes: [ * "groups", * "roles", * ], * }, * }, * displayName: "Display name", * description: "A sample OIDC workforce pool provider.", * disabled: false, * attributeCondition: "true", * }); * const example = new gcp.iam.WorkforcePoolProviderScimTenant("example", { * location: "global", * workforcePoolId: pool.workforcePoolId, * providerId: provider.providerId, * scimTenantId: "example-scim-tenant", * displayName: "Example SCIM Tenant", * description: "A basic SCIM tenant for IAM Workforce Pool Provider", * claimMapping: { * "google.subject": "user.externalId", * "google.group": "group.externalId", * }, * hardDelete: true, * }); * ``` * * ## Import * * WorkforcePoolProviderScimTenant can be imported using any of these accepted formats: * * * `locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/scimTenants/{{scim_tenant_id}}` * * `{{location}}/{{workforce_pool_id}}/{{provider_id}}/{{scim_tenant_id}}` * * When using the `pulumi import` command, WorkforcePoolProviderScimTenant can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/workforcePoolProviderScimTenant:WorkforcePoolProviderScimTenant default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/scimTenants/{{scim_tenant_id}} * $ pulumi import gcp:iam/workforcePoolProviderScimTenant:WorkforcePoolProviderScimTenant default {{location}}/{{workforce_pool_id}}/{{provider_id}}/{{scim_tenant_id}} * ``` */ export declare class WorkforcePoolProviderScimTenant extends pulumi.CustomResource { /** * Get an existing WorkforcePoolProviderScimTenant resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: WorkforcePoolProviderScimTenantState, opts?: pulumi.CustomResourceOptions): WorkforcePoolProviderScimTenant; /** * Returns true if the given object is an instance of WorkforcePoolProviderScimTenant. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is WorkforcePoolProviderScimTenant; /** * Represents the base URI as defined in [RFC 7644, Section * 1.3](https://datatracker.ietf.org/doc/html/rfc7644#section-1.3). Clients * must use this as the root address for managing resources under the tenant. * Format: * https://iamscim.googleapis.com/{version}/{tenant_id}/ */ readonly baseUri: pulumi.Output; /** * Maps BYOID claims to SCIM claims. This is a required field for new SCIM Tenants being created. */ readonly claimMapping: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ readonly deletionPolicy: pulumi.Output; /** * A user-specified description of the provider. Cannot exceed 256 characters. */ readonly description: pulumi.Output; /** * A user-specified display name for the scim tenant. Cannot exceed 32 characters. */ readonly displayName: pulumi.Output; /** * Deletes the SCIM tenant immediately. This operation cannot be undone. */ readonly hardDelete: pulumi.Output; /** * The location for the resource. */ readonly location: pulumi.Output; /** * Identifier. The resource name of the scim tenant. * Format: `locations/{location}/workforcePools/{workforce_pool}/providers/{workforce_pool_provider}/scimTenants/{scim_tenant_id} */ readonly name: pulumi.Output; /** * The ID of the provider. */ readonly providerId: pulumi.Output; /** * The timestamp that represents the time when the SCIM tenant is purged. */ readonly purgeTime: pulumi.Output; /** * The ID to use for the SCIM tenant, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. */ readonly scimTenantId: pulumi.Output; /** * Service Agent created by SCIM Tenant API. SCIM tokens created under * this tenant will be attached to this service agent. */ readonly serviceAgent: pulumi.Output; /** * The current state of the scim tenant. * * ACTIVE: The scim tenant is active and may be used to validate authentication credentials. * * DELETED: The scim tenant is soft-deleted. Soft-deleted scim tenants are permanently * deleted after approximately 30 days. */ readonly state: pulumi.Output; /** * The ID of the workforce pool. */ readonly workforcePoolId: pulumi.Output; /** * Create a WorkforcePoolProviderScimTenant resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkforcePoolProviderScimTenantArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering WorkforcePoolProviderScimTenant resources. */ export interface WorkforcePoolProviderScimTenantState { /** * Represents the base URI as defined in [RFC 7644, Section * 1.3](https://datatracker.ietf.org/doc/html/rfc7644#section-1.3). Clients * must use this as the root address for managing resources under the tenant. * Format: * https://iamscim.googleapis.com/{version}/{tenant_id}/ */ baseUri?: pulumi.Input; /** * Maps BYOID claims to SCIM claims. This is a required field for new SCIM Tenants being created. */ claimMapping?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * A user-specified description of the provider. Cannot exceed 256 characters. */ description?: pulumi.Input; /** * A user-specified display name for the scim tenant. Cannot exceed 32 characters. */ displayName?: pulumi.Input; /** * Deletes the SCIM tenant immediately. This operation cannot be undone. */ hardDelete?: pulumi.Input; /** * The location for the resource. */ location?: pulumi.Input; /** * Identifier. The resource name of the scim tenant. * Format: `locations/{location}/workforcePools/{workforce_pool}/providers/{workforce_pool_provider}/scimTenants/{scim_tenant_id} */ name?: pulumi.Input; /** * The ID of the provider. */ providerId?: pulumi.Input; /** * The timestamp that represents the time when the SCIM tenant is purged. */ purgeTime?: pulumi.Input; /** * The ID to use for the SCIM tenant, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. */ scimTenantId?: pulumi.Input; /** * Service Agent created by SCIM Tenant API. SCIM tokens created under * this tenant will be attached to this service agent. */ serviceAgent?: pulumi.Input; /** * The current state of the scim tenant. * * ACTIVE: The scim tenant is active and may be used to validate authentication credentials. * * DELETED: The scim tenant is soft-deleted. Soft-deleted scim tenants are permanently * deleted after approximately 30 days. */ state?: pulumi.Input; /** * The ID of the workforce pool. */ workforcePoolId?: pulumi.Input; } /** * The set of arguments for constructing a WorkforcePoolProviderScimTenant resource. */ export interface WorkforcePoolProviderScimTenantArgs { /** * Maps BYOID claims to SCIM claims. This is a required field for new SCIM Tenants being created. */ claimMapping?: pulumi.Input<{ [key: string]: pulumi.Input; } | undefined>; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * A user-specified description of the provider. Cannot exceed 256 characters. */ description?: pulumi.Input; /** * A user-specified display name for the scim tenant. Cannot exceed 32 characters. */ displayName?: pulumi.Input; /** * Deletes the SCIM tenant immediately. This operation cannot be undone. */ hardDelete?: pulumi.Input; /** * The location for the resource. */ location: pulumi.Input; /** * The ID of the provider. */ providerId: pulumi.Input; /** * The ID to use for the SCIM tenant, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. */ scimTenantId: pulumi.Input; /** * The ID of the workforce pool. */ workforcePoolId: pulumi.Input; } //# sourceMappingURL=workforcePoolProviderScimTenant.d.ts.map