import * as pulumi from "@pulumi/pulumi";
/**
 * Registers a new OIDC issuer for an organization, establishing a trust relationship with an external identity provider. Once registered, the identity provider can issue signed, short-lived tokens that are exchanged for temporary Pulumi Cloud credentials during deployments. This eliminates the need to store long-lived access tokens. Supported providers include AWS, Azure, Google Cloud, GitHub Actions, and any OIDC-compliant identity provider. The request must include the issuer URL, and the service will fetch the provider's public signing keys to verify token authenticity.
 */
export declare class OidcIssuer extends pulumi.CustomResource {
    /**
     * Get an existing OidcIssuer resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): OidcIssuer;
    /**
     * Returns true if the given object is an instance of OidcIssuer.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is OidcIssuer;
    /**
     * The ISO 8601 timestamp when the OIDC issuer was created.
     */
    readonly created: pulumi.Output<string | undefined>;
    /**
     * The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.
     */
    readonly issuer: pulumi.Output<string>;
    /**
     * The unique identifier of the registered OIDC issuer.
     */
    readonly issuerId: pulumi.Output<string>;
    /**
     * The JSON Web Key Set for the OIDC issuer.
     */
    readonly jwks: pulumi.Output<any | undefined>;
    /**
     * The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.
     */
    readonly lastUsed: pulumi.Output<string | undefined>;
    /**
     * The maximum token expiration time in seconds.
     */
    readonly maxExpiration: pulumi.Output<number | undefined>;
    /**
     * The ISO 8601 timestamp when the OIDC issuer was last modified.
     */
    readonly modified: pulumi.Output<string | undefined>;
    /**
     * The display name of the OIDC issuer.
     */
    readonly name: pulumi.Output<string>;
    /**
     * SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
     */
    readonly thumbprints: pulumi.Output<string[] | undefined>;
    /**
     * The URL of the OIDC issuer.
     */
    readonly url: pulumi.Output<string>;
    /**
     * Create a OidcIssuer resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: OidcIssuerArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * The set of arguments for constructing a OidcIssuer resource.
 */
export interface OidcIssuerArgs {
    /**
     * The OIDC issuer identifier
     */
    issuerId?: pulumi.Input<string | undefined>;
    /**
     * The JSON Web Key Set for the OIDC issuer.
     */
    jwks?: any | undefined;
    /**
     * The maximum token expiration time in seconds.
     */
    maxExpiration?: pulumi.Input<number | undefined>;
    /**
     * The display name of the OIDC issuer.
     */
    name: pulumi.Input<string>;
    /**
     * The organization name
     */
    orgName: pulumi.Input<string>;
    /**
     * SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.
     */
    thumbprints?: pulumi.Input<pulumi.Input<string>[] | undefined>;
    /**
     * The URL of the OIDC issuer.
     */
    url: pulumi.Input<string>;
}
//# sourceMappingURL=oidcIssuer.d.ts.map