import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
 * Register an OIDC Provider to establish a trust relationship between third-party systems like GitHub Actions and Pulumi Cloud, obviating the need to store a hard-coded Pulumi Cloud token in systems that need to run Pulumi commands or consume Pulumi Cloud APIs. Instead of a hard-coded, static token that must be manually rotated, trusted systems are granted temporary Pulumi Cloud tokens on an as-needed basis, which is more secure than static tokens.
 */
export declare class OidcIssuer extends pulumi.CustomResource {
    /**
     * Get an existing OidcIssuer resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): OidcIssuer;
    /**
     * Returns true if the given object is an instance of OidcIssuer.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is OidcIssuer;
    /**
     * The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
     */
    readonly maxExpirationSeconds: pulumi.Output<number | undefined>;
    /**
     * Issuer name.
     */
    readonly name: pulumi.Output<string>;
    /**
     * Organization name.
     */
    readonly organization: pulumi.Output<string>;
    /**
     * The authorization policies for this Oidc Issuer.
     */
    readonly policies: pulumi.Output<outputs.AuthPolicyDefinition[]>;
    /**
     * The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.
     */
    readonly thumbprints: pulumi.Output<string[]>;
    /**
     * The OIDC issuer URL.
     */
    readonly url: pulumi.Output<string>;
    /**
     * Create a OidcIssuer resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: OidcIssuerArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * The set of arguments for constructing a OidcIssuer resource.
 */
export interface OidcIssuerArgs {
    /**
     * The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
     */
    maxExpirationSeconds?: pulumi.Input<number | undefined>;
    /**
     * Issuer name.
     */
    name: pulumi.Input<string>;
    /**
     * Organization name.
     */
    organization: pulumi.Input<string>;
    /**
     * The auth policies for this Oidc Issuer.
     */
    policies?: pulumi.Input<pulumi.Input<inputs.AuthPolicyDefinitionArgs>[] | undefined>;
    /**
     * The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.
     */
    thumbprints?: pulumi.Input<pulumi.Input<string>[] | undefined>;
    /**
     * The OIDC issuer URL.
     */
    url: pulumi.Input<string>;
}
//# sourceMappingURL=oidcIssuer.d.ts.map