Viewing docs for Confluent v2.59.0
published on Friday, Mar 6, 2026 by Pulumi
published on Friday, Mar 6, 2026 by Pulumi
Viewing docs for Confluent v2.59.0
published on Friday, Mar 6, 2026 by Pulumi
published on Friday, Mar 6, 2026 by Pulumi
confluentcloud.ProviderIntegrationAuthorization describes the authorization configuration for a Cloud Service Provider (CSP) integration, including cloud-specific setup information like Azure multi-tenant app IDs or GCP service accounts.
Example Usage
Azure Provider Integration Authorization
You can use the authorization data source with either approach:
Option 1: With Azure Terraform Provider
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as confluentcloud from "@pulumi/confluentcloud";
// Get the authorization data
const azure = confluentcloud.getProviderIntegrationAuthorization({
id: "cspi-abc123",
environment: {
id: "env-xyz456",
},
});
// Create the service principal using Azure Terraform Provider
const confluent = new azuread.index.ServicePrincipal("confluent", {clientId: azure.azures?.[0]?.confluentMultiTenantAppId});
export const azureAppId = azure.then(azure => azure.azures?.[0]?.confluentMultiTenantAppId);
export const servicePrincipalObjectId = confluent.objectId;
import pulumi
import pulumi_azuread as azuread
import pulumi_confluentcloud as confluentcloud
# Get the authorization data
azure = confluentcloud.get_provider_integration_authorization(id="cspi-abc123",
environment={
"id": "env-xyz456",
})
# Create the service principal using Azure Terraform Provider
confluent = azuread.index.ServicePrincipal("confluent", client_id=azure.azures[0].confluent_multi_tenant_app_id)
pulumi.export("azureAppId", azure.azures[0].confluent_multi_tenant_app_id)
pulumi.export("servicePrincipalObjectId", confluent["objectId"])
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/go/azuread"
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get the authorization data
azure, err := confluentcloud.LookupProviderIntegrationAuthorization(ctx, &confluentcloud.LookupProviderIntegrationAuthorizationArgs{
Id: "cspi-abc123",
Environment: confluentcloud.GetProviderIntegrationAuthorizationEnvironment{
Id: "env-xyz456",
},
}, nil)
if err != nil {
return err
}
// Create the service principal using Azure Terraform Provider
confluent, err := azuread.NewServicePrincipal(ctx, "confluent", &azuread.ServicePrincipalArgs{
ClientId: azure.Azures[0].ConfluentMultiTenantAppId,
})
if err != nil {
return err
}
ctx.Export("azureAppId", azure.Azures[0].ConfluentMultiTenantAppId)
ctx.Export("servicePrincipalObjectId", confluent.ObjectId)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azuread = Pulumi.Azuread;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
// Get the authorization data
var azure = ConfluentCloud.GetProviderIntegrationAuthorization.Invoke(new()
{
Id = "cspi-abc123",
Environment = new ConfluentCloud.Inputs.GetProviderIntegrationAuthorizationEnvironmentInputArgs
{
Id = "env-xyz456",
},
});
// Create the service principal using Azure Terraform Provider
var confluent = new Azuread.Index.ServicePrincipal("confluent", new()
{
ClientId = azure.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Azures[0]?.ConfluentMultiTenantAppId),
});
return new Dictionary<string, object?>
{
["azureAppId"] = azure.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Azures[0]?.ConfluentMultiTenantAppId),
["servicePrincipalObjectId"] = confluent.ObjectId,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.ConfluentcloudFunctions;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationArgs;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationEnvironmentArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get the authorization data
final var azure = ConfluentcloudFunctions.getProviderIntegrationAuthorization(GetProviderIntegrationAuthorizationArgs.builder()
.id("cspi-abc123")
.environment(GetProviderIntegrationAuthorizationEnvironmentArgs.builder()
.id("env-xyz456")
.build())
.build());
// Create the service principal using Azure Terraform Provider
var confluent = new ServicePrincipal("confluent", ServicePrincipalArgs.builder()
.clientId(azure.azures()[0].confluentMultiTenantAppId())
.build());
ctx.export("azureAppId", azure.azures()[0].confluentMultiTenantAppId());
ctx.export("servicePrincipalObjectId", confluent.objectId());
}
}
resources:
# Create the service principal using Azure Terraform Provider
confluent:
type: azuread:ServicePrincipal
properties:
clientId: ${azure.azures[0].confluentMultiTenantAppId}
variables:
# Get the authorization data
azure:
fn::invoke:
function: confluentcloud:getProviderIntegrationAuthorization
arguments:
id: cspi-abc123
environment:
id: env-xyz456
outputs:
# Output the setup information
azureAppId: ${azure.azures[0].confluentMultiTenantAppId}
servicePrincipalObjectId: ${confluent.objectId}
Option 2: With CLI Commands
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
// Get the authorization data
const azure = confluentcloud.getProviderIntegrationAuthorization({
id: "cspi-abc123",
environment: {
id: "env-xyz456",
},
});
export const azureSetupCommand = azure.then(azure => `az ad sp create --id ${azure.azures?.[0]?.confluentMultiTenantAppId}`);
import pulumi
import pulumi_confluentcloud as confluentcloud
# Get the authorization data
azure = confluentcloud.get_provider_integration_authorization(id="cspi-abc123",
environment={
"id": "env-xyz456",
})
pulumi.export("azureSetupCommand", f"az ad sp create --id {azure.azures[0].confluent_multi_tenant_app_id}")
package main
import (
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get the authorization data
azure, err := confluentcloud.LookupProviderIntegrationAuthorization(ctx, &confluentcloud.LookupProviderIntegrationAuthorizationArgs{
Id: "cspi-abc123",
Environment: confluentcloud.GetProviderIntegrationAuthorizationEnvironment{
Id: "env-xyz456",
},
}, nil)
if err != nil {
return err
}
ctx.Export("azureSetupCommand", pulumi.Sprintf("az ad sp create --id %v", azure.Azures[0].ConfluentMultiTenantAppId))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
// Get the authorization data
var azure = ConfluentCloud.GetProviderIntegrationAuthorization.Invoke(new()
{
Id = "cspi-abc123",
Environment = new ConfluentCloud.Inputs.GetProviderIntegrationAuthorizationEnvironmentInputArgs
{
Id = "env-xyz456",
},
});
return new Dictionary<string, object?>
{
["azureSetupCommand"] = $"az ad sp create --id {azure.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Azures[0]?.ConfluentMultiTenantAppId)}",
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.ConfluentcloudFunctions;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationArgs;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationEnvironmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get the authorization data
final var azure = ConfluentcloudFunctions.getProviderIntegrationAuthorization(GetProviderIntegrationAuthorizationArgs.builder()
.id("cspi-abc123")
.environment(GetProviderIntegrationAuthorizationEnvironmentArgs.builder()
.id("env-xyz456")
.build())
.build());
ctx.export("azureSetupCommand", String.format("az ad sp create --id %s", azure.azures()[0].confluentMultiTenantAppId()));
}
}
variables:
# Get the authorization data
azure:
fn::invoke:
function: confluentcloud:getProviderIntegrationAuthorization
arguments:
id: cspi-abc123
environment:
id: env-xyz456
outputs:
# Output CLI commands for manual setup
azureSetupCommand: az ad sp create --id ${azure.azures[0].confluentMultiTenantAppId}
GCP Provider Integration Authorization
You can use the authorization data source with either approach:
Option 1: With Google Terraform Provider
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
import * as google from "@pulumi/google";
// Get the authorization data
const gcp = confluentcloud.getProviderIntegrationAuthorization({
id: "cspi-def456",
environment: {
id: "env-xyz456",
},
});
// Grant IAM permissions using Google Terraform Provider
const confluentTokenCreator = new google.index.ProjectIamMember("confluent_token_creator", {
project: gcpProjectId,
role: "roles/iam.serviceAccountTokenCreator",
member: `serviceAccount:${gcp.gcps?.[0]?.googleServiceAccount}`,
condition: [{
title: "Confluent Cloud Access",
description: "Allow Confluent Cloud to impersonate the customer service account",
expression: `request.auth.claims.sub == '${gcp.gcps?.[0]?.googleServiceAccount}'`,
}],
});
export const confluentServiceAccount = gcp.then(gcp => gcp.gcps?.[0]?.googleServiceAccount);
export const customerServiceAccount = gcp.then(gcp => gcp.gcps?.[0]?.customerGoogleServiceAccount);
import pulumi
import pulumi_confluentcloud as confluentcloud
import pulumi_google as google
# Get the authorization data
gcp = confluentcloud.get_provider_integration_authorization(id="cspi-def456",
environment={
"id": "env-xyz456",
})
# Grant IAM permissions using Google Terraform Provider
confluent_token_creator = google.index.ProjectIamMember("confluent_token_creator",
project=gcp_project_id,
role=roles/iam.serviceAccountTokenCreator,
member=fserviceAccount:{gcp.gcps[0].google_service_account},
condition=[{
title: Confluent Cloud Access,
description: Allow Confluent Cloud to impersonate the customer service account,
expression: frequest.auth.claims.sub == '{gcp.gcps[0].google_service_account}',
}])
pulumi.export("confluentServiceAccount", gcp.gcps[0].google_service_account)
pulumi.export("customerServiceAccount", gcp.gcps[0].customer_google_service_account)
package main
import (
"fmt"
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi-google/sdk/go/google"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get the authorization data
gcp, err := confluentcloud.LookupProviderIntegrationAuthorization(ctx, &confluentcloud.LookupProviderIntegrationAuthorizationArgs{
Id: "cspi-def456",
Environment: confluentcloud.GetProviderIntegrationAuthorizationEnvironment{
Id: "env-xyz456",
},
}, nil)
if err != nil {
return err
}
// Grant IAM permissions using Google Terraform Provider
_, err = google.NewProjectIamMember(ctx, "confluent_token_creator", &google.ProjectIamMemberArgs{
Project: gcpProjectId,
Role: "roles/iam.serviceAccountTokenCreator",
Member: fmt.Sprintf("serviceAccount:%v", gcp.Gcps[0].GoogleServiceAccount),
Condition: []map[string]interface{}{
map[string]interface{}{
"title": "Confluent Cloud Access",
"description": "Allow Confluent Cloud to impersonate the customer service account",
"expression": fmt.Sprintf("request.auth.claims.sub == '%v'", gcp.Gcps[0].GoogleServiceAccount),
},
},
})
if err != nil {
return err
}
ctx.Export("confluentServiceAccount", gcp.Gcps[0].GoogleServiceAccount)
ctx.Export("customerServiceAccount", gcp.Gcps[0].CustomerGoogleServiceAccount)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
using Google = Pulumi.Google;
return await Deployment.RunAsync(() =>
{
// Get the authorization data
var gcp = ConfluentCloud.GetProviderIntegrationAuthorization.Invoke(new()
{
Id = "cspi-def456",
Environment = new ConfluentCloud.Inputs.GetProviderIntegrationAuthorizationEnvironmentInputArgs
{
Id = "env-xyz456",
},
});
// Grant IAM permissions using Google Terraform Provider
var confluentTokenCreator = new Google.Index.ProjectIamMember("confluent_token_creator", new()
{
Project = gcpProjectId,
Role = "roles/iam.serviceAccountTokenCreator",
Member = $"serviceAccount:{gcp.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Gcps[0]?.GoogleServiceAccount)}",
Condition = new[]
{
{
{ "title", "Confluent Cloud Access" },
{ "description", "Allow Confluent Cloud to impersonate the customer service account" },
{ "expression", $"request.auth.claims.sub == '{gcp.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Gcps[0]?.GoogleServiceAccount)}'" },
},
},
});
return new Dictionary<string, object?>
{
["confluentServiceAccount"] = gcp.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Gcps[0]?.GoogleServiceAccount),
["customerServiceAccount"] = gcp.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Gcps[0]?.CustomerGoogleServiceAccount),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.ConfluentcloudFunctions;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationArgs;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationEnvironmentArgs;
import com.pulumi.google.ProjectIamMember;
import com.pulumi.google.ProjectIamMemberArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get the authorization data
final var gcp = ConfluentcloudFunctions.getProviderIntegrationAuthorization(GetProviderIntegrationAuthorizationArgs.builder()
.id("cspi-def456")
.environment(GetProviderIntegrationAuthorizationEnvironmentArgs.builder()
.id("env-xyz456")
.build())
.build());
// Grant IAM permissions using Google Terraform Provider
var confluentTokenCreator = new ProjectIamMember("confluentTokenCreator", ProjectIamMemberArgs.builder()
.project(gcpProjectId)
.role("roles/iam.serviceAccountTokenCreator")
.member(String.format("serviceAccount:%s", gcp.gcps()[0].googleServiceAccount()))
.condition(List.of(Map.ofEntries(
Map.entry("title", "Confluent Cloud Access"),
Map.entry("description", "Allow Confluent Cloud to impersonate the customer service account"),
Map.entry("expression", String.format("request.auth.claims.sub == '%s'", gcp.gcps()[0].googleServiceAccount()))
)))
.build());
ctx.export("confluentServiceAccount", gcp.gcps()[0].googleServiceAccount());
ctx.export("customerServiceAccount", gcp.gcps()[0].customerGoogleServiceAccount());
}
}
resources:
# Grant IAM permissions using Google Terraform Provider
confluentTokenCreator:
type: google:ProjectIamMember
name: confluent_token_creator
properties:
project: ${gcpProjectId}
role: roles/iam.serviceAccountTokenCreator
member: serviceAccount:${gcp.gcps[0].googleServiceAccount}
condition:
- title: Confluent Cloud Access
description: Allow Confluent Cloud to impersonate the customer service account
expression: request.auth.claims.sub == '${gcp.gcps[0].googleServiceAccount}'
variables:
# Get the authorization data
gcp:
fn::invoke:
function: confluentcloud:getProviderIntegrationAuthorization
arguments:
id: cspi-def456
environment:
id: env-xyz456
outputs:
# Output the setup information
confluentServiceAccount: ${gcp.gcps[0].googleServiceAccount}
customerServiceAccount: ${gcp.gcps[0].customerGoogleServiceAccount}
Option 2: With gcloud CLI Commands
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
// Get the authorization data
const gcp = confluentcloud.getProviderIntegrationAuthorization({
id: "cspi-def456",
environment: {
id: "env-xyz456",
},
});
export const gcpIamCommand = Promise.all([gcp, gcp]).then(([gcp, gcp1]) => `gcloud projects add-iam-policy-binding YOUR_PROJECT_ID --member="serviceAccount:${gcp.gcps?.[0]?.googleServiceAccount}" --role="roles/iam.serviceAccountTokenCreator" --condition="expression=request.auth.claims.sub=='${gcp1.gcps?.[0]?.googleServiceAccount}'"`);
export const confluentServiceAccount = gcp.then(gcp => gcp.gcps?.[0]?.googleServiceAccount);
import pulumi
import pulumi_confluentcloud as confluentcloud
# Get the authorization data
gcp = confluentcloud.get_provider_integration_authorization(id="cspi-def456",
environment={
"id": "env-xyz456",
})
pulumi.export("gcpIamCommand", f"gcloud projects add-iam-policy-binding YOUR_PROJECT_ID --member=\"serviceAccount:{gcp.gcps[0].google_service_account}\" --role=\"roles/iam.serviceAccountTokenCreator\" --condition=\"expression=request.auth.claims.sub=='{gcp.gcps[0].google_service_account}'\"")
pulumi.export("confluentServiceAccount", gcp.gcps[0].google_service_account)
package main
import (
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get the authorization data
gcp, err := confluentcloud.LookupProviderIntegrationAuthorization(ctx, &confluentcloud.LookupProviderIntegrationAuthorizationArgs{
Id: "cspi-def456",
Environment: confluentcloud.GetProviderIntegrationAuthorizationEnvironment{
Id: "env-xyz456",
},
}, nil)
if err != nil {
return err
}
ctx.Export("gcpIamCommand", pulumi.Sprintf("gcloud projects add-iam-policy-binding YOUR_PROJECT_ID --member=\"serviceAccount:%v\" --role=\"roles/iam.serviceAccountTokenCreator\" --condition=\"expression=request.auth.claims.sub=='%v'\"", gcp.Gcps[0].GoogleServiceAccount, gcp.Gcps[0].GoogleServiceAccount))
ctx.Export("confluentServiceAccount", gcp.Gcps[0].GoogleServiceAccount)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
// Get the authorization data
var gcp = ConfluentCloud.GetProviderIntegrationAuthorization.Invoke(new()
{
Id = "cspi-def456",
Environment = new ConfluentCloud.Inputs.GetProviderIntegrationAuthorizationEnvironmentInputArgs
{
Id = "env-xyz456",
},
});
return new Dictionary<string, object?>
{
["gcpIamCommand"] = Output.Tuple(gcp, gcp).Apply(values =>
{
var gcp = values.Item1;
var gcp1 = values.Item2;
return $"gcloud projects add-iam-policy-binding YOUR_PROJECT_ID --member=\"serviceAccount:{gcp.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Gcps[0]?.GoogleServiceAccount)}\" --role=\"roles/iam.serviceAccountTokenCreator\" --condition=\"expression=request.auth.claims.sub=='{gcp1.Gcps[0]?.GoogleServiceAccount}'\"";
}),
["confluentServiceAccount"] = gcp.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Gcps[0]?.GoogleServiceAccount),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.ConfluentcloudFunctions;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationArgs;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationEnvironmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Get the authorization data
final var gcp = ConfluentcloudFunctions.getProviderIntegrationAuthorization(GetProviderIntegrationAuthorizationArgs.builder()
.id("cspi-def456")
.environment(GetProviderIntegrationAuthorizationEnvironmentArgs.builder()
.id("env-xyz456")
.build())
.build());
ctx.export("gcpIamCommand", String.format("gcloud projects add-iam-policy-binding YOUR_PROJECT_ID --member=\"serviceAccount:%s\" --role=\"roles/iam.serviceAccountTokenCreator\" --condition=\"expression=request.auth.claims.sub=='%s'\"", gcp.gcps()[0].googleServiceAccount(),gcp.gcps()[0].googleServiceAccount()));
ctx.export("confluentServiceAccount", gcp.gcps()[0].googleServiceAccount());
}
}
variables:
# Get the authorization data
gcp:
fn::invoke:
function: confluentcloud:getProviderIntegrationAuthorization
arguments:
id: cspi-def456
environment:
id: env-xyz456
outputs:
# Output gcloud commands for manual setup
gcpIamCommand: gcloud projects add-iam-policy-binding YOUR_PROJECT_ID --member="serviceAccount:${gcp.gcps[0].googleServiceAccount}" --role="roles/iam.serviceAccountTokenCreator" --condition="expression=request.auth.claims.sub=='${gcp.gcps[0].googleServiceAccount}'"
confluentServiceAccount: ${gcp.gcps[0].googleServiceAccount}
Using with Integration Data Source
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
const main = confluentcloud.getProviderIntegrationSetup({
displayName: "my-integration",
environment: {
id: "env-xyz456",
},
});
const mainGetProviderIntegrationAuthorization = main.then(main => confluentcloud.getProviderIntegrationAuthorization({
id: main.id,
environment: {
id: "env-xyz456",
},
}));
export const setupInfo = Promise.all([main, mainGetProviderIntegrationAuthorization, mainGetProviderIntegrationAuthorization, mainGetProviderIntegrationAuthorization, mainGetProviderIntegrationAuthorization]).then(([main, mainGetProviderIntegrationAuthorization, mainGetProviderIntegrationAuthorization1, mainGetProviderIntegrationAuthorization2, mainGetProviderIntegrationAuthorization3]) => main.cloud == "AZURE" ? {
appId: mainGetProviderIntegrationAuthorization.azures?.[0]?.confluentMultiTenantAppId,
command: `az ad sp create --id ${mainGetProviderIntegrationAuthorization1.azures?.[0]?.confluentMultiTenantAppId}`,
} : {
confluentSa: mainGetProviderIntegrationAuthorization2.gcps?.[0]?.googleServiceAccount,
customerSa: mainGetProviderIntegrationAuthorization3.gcps?.[0]?.customerGoogleServiceAccount,
});
import pulumi
import pulumi_confluentcloud as confluentcloud
main = confluentcloud.get_provider_integration_setup(display_name="my-integration",
environment={
"id": "env-xyz456",
})
main_get_provider_integration_authorization = confluentcloud.get_provider_integration_authorization(id=main.id,
environment={
"id": "env-xyz456",
})
pulumi.export("setupInfo", {
"appId": main_get_provider_integration_authorization.azures[0].confluent_multi_tenant_app_id,
"command": f"az ad sp create --id {main_get_provider_integration_authorization.azures[0].confluent_multi_tenant_app_id}",
} if main.cloud == "AZURE" else {
"confluentSa": main_get_provider_integration_authorization.gcps[0].google_service_account,
"customerSa": main_get_provider_integration_authorization.gcps[0].customer_google_service_account,
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := confluentcloud.LookupProviderIntegrationSetup(ctx, &confluentcloud.LookupProviderIntegrationSetupArgs{
DisplayName: pulumi.StringRef("my-integration"),
Environment: confluentcloud.GetProviderIntegrationSetupEnvironment{
Id: "env-xyz456",
},
}, nil)
if err != nil {
return err
}
mainGetProviderIntegrationAuthorization, err := confluentcloud.LookupProviderIntegrationAuthorization(ctx, &confluentcloud.LookupProviderIntegrationAuthorizationArgs{
Id: main.Id,
Environment: confluentcloud.GetProviderIntegrationAuthorizationEnvironment{
Id: "env-xyz456",
},
}, nil)
if err != nil {
return err
}
var tmp0 map[string]interface{}
if main.Cloud == "AZURE" {
tmp0 = map[string]interface{}{
"appId": mainGetProviderIntegrationAuthorization.Azures[0].ConfluentMultiTenantAppId,
"command": fmt.Sprintf("az ad sp create --id %v", mainGetProviderIntegrationAuthorization.Azures[0].ConfluentMultiTenantAppId),
}
} else {
tmp0 = map[string]interface{}{
"confluentSa": mainGetProviderIntegrationAuthorization.Gcps[0].GoogleServiceAccount,
"customerSa": mainGetProviderIntegrationAuthorization.Gcps[0].CustomerGoogleServiceAccount,
}
}
ctx.Export("setupInfo", tmp0)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
var main = ConfluentCloud.GetProviderIntegrationSetup.Invoke(new()
{
DisplayName = "my-integration",
Environment = new ConfluentCloud.Inputs.GetProviderIntegrationSetupEnvironmentInputArgs
{
Id = "env-xyz456",
},
});
var mainGetProviderIntegrationAuthorization = ConfluentCloud.GetProviderIntegrationAuthorization.Invoke(new()
{
Id = main.Apply(getProviderIntegrationSetupResult => getProviderIntegrationSetupResult.Id),
Environment = new ConfluentCloud.Inputs.GetProviderIntegrationAuthorizationEnvironmentInputArgs
{
Id = "env-xyz456",
},
});
return new Dictionary<string, object?>
{
["setupInfo"] = Output.Tuple(main, mainGetProviderIntegrationAuthorization, mainGetProviderIntegrationAuthorization, mainGetProviderIntegrationAuthorization, mainGetProviderIntegrationAuthorization).Apply(values =>
{
var main = values.Item1;
var mainGetProviderIntegrationAuthorization = values.Item2;
var mainGetProviderIntegrationAuthorization1 = values.Item3;
var mainGetProviderIntegrationAuthorization2 = values.Item4;
var mainGetProviderIntegrationAuthorization3 = values.Item5;
return main.Apply(getProviderIntegrationSetupResult => getProviderIntegrationSetupResult.Cloud) == "AZURE" ?
{
{ "appId", mainGetProviderIntegrationAuthorization.Apply(getProviderIntegrationAuthorizationResult => getProviderIntegrationAuthorizationResult.Azures[0]?.ConfluentMultiTenantAppId) },
{ "command", $"az ad sp create --id {mainGetProviderIntegrationAuthorization1.Azures[0]?.ConfluentMultiTenantAppId}" },
} :
{
{ "confluentSa", mainGetProviderIntegrationAuthorization2.Gcps[0]?.GoogleServiceAccount },
{ "customerSa", mainGetProviderIntegrationAuthorization3.Gcps[0]?.CustomerGoogleServiceAccount },
};
}),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.ConfluentcloudFunctions;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationSetupArgs;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationSetupEnvironmentArgs;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationArgs;
import com.pulumi.confluentcloud.inputs.GetProviderIntegrationAuthorizationEnvironmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var main = ConfluentcloudFunctions.getProviderIntegrationSetup(GetProviderIntegrationSetupArgs.builder()
.displayName("my-integration")
.environment(GetProviderIntegrationSetupEnvironmentArgs.builder()
.id("env-xyz456")
.build())
.build());
final var mainGetProviderIntegrationAuthorization = ConfluentcloudFunctions.getProviderIntegrationAuthorization(GetProviderIntegrationAuthorizationArgs.builder()
.id(main.id())
.environment(GetProviderIntegrationAuthorizationEnvironmentArgs.builder()
.id("env-xyz456")
.build())
.build());
ctx.export("setupInfo", main.cloud() == "AZURE" ? Map.ofEntries(
Map.entry("appId", mainGetProviderIntegrationAuthorization.azures()[0].confluentMultiTenantAppId()),
Map.entry("command", String.format("az ad sp create --id %s", mainGetProviderIntegrationAuthorization.azures()[0].confluentMultiTenantAppId()))
) : Map.ofEntries(
Map.entry("confluentSa", mainGetProviderIntegrationAuthorization.gcps()[0].googleServiceAccount()),
Map.entry("customerSa", mainGetProviderIntegrationAuthorization.gcps()[0].customerGoogleServiceAccount())
));
}
}
Example coming soon!
Getting Started
The following end-to-end examples might help to get started with confluentcloud.ProviderIntegrationAuthorization data source:
- provider-integration-azure: Complete Azure Provider Integration setup
- provider-integration-gcp: Complete GCP Provider Integration setup
Using getProviderIntegrationAuthorization
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getProviderIntegrationAuthorization(args: GetProviderIntegrationAuthorizationArgs, opts?: InvokeOptions): Promise<GetProviderIntegrationAuthorizationResult>
function getProviderIntegrationAuthorizationOutput(args: GetProviderIntegrationAuthorizationOutputArgs, opts?: InvokeOptions): Output<GetProviderIntegrationAuthorizationResult>def get_provider_integration_authorization(environment: Optional[GetProviderIntegrationAuthorizationEnvironment] = None,
id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetProviderIntegrationAuthorizationResult
def get_provider_integration_authorization_output(environment: Optional[pulumi.Input[GetProviderIntegrationAuthorizationEnvironmentArgs]] = None,
id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetProviderIntegrationAuthorizationResult]func LookupProviderIntegrationAuthorization(ctx *Context, args *LookupProviderIntegrationAuthorizationArgs, opts ...InvokeOption) (*LookupProviderIntegrationAuthorizationResult, error)
func LookupProviderIntegrationAuthorizationOutput(ctx *Context, args *LookupProviderIntegrationAuthorizationOutputArgs, opts ...InvokeOption) LookupProviderIntegrationAuthorizationResultOutput> Note: This function is named LookupProviderIntegrationAuthorization in the Go SDK.
public static class GetProviderIntegrationAuthorization
{
public static Task<GetProviderIntegrationAuthorizationResult> InvokeAsync(GetProviderIntegrationAuthorizationArgs args, InvokeOptions? opts = null)
public static Output<GetProviderIntegrationAuthorizationResult> Invoke(GetProviderIntegrationAuthorizationInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetProviderIntegrationAuthorizationResult> getProviderIntegrationAuthorization(GetProviderIntegrationAuthorizationArgs args, InvokeOptions options)
public static Output<GetProviderIntegrationAuthorizationResult> getProviderIntegrationAuthorization(GetProviderIntegrationAuthorizationArgs args, InvokeOptions options)
fn::invoke:
function: confluentcloud:index/getProviderIntegrationAuthorization:getProviderIntegrationAuthorization
arguments:
# arguments dictionaryThe following arguments are supported:
- Environment
Pulumi.
Confluent Cloud. Inputs. Get Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- Id string
- The ID of the Provider Integration Authorization, for example,
cspi-4xg0q.
- Environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- Id string
- The ID of the Provider Integration Authorization, for example,
cspi-4xg0q.
- environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- id String
- The ID of the Provider Integration Authorization, for example,
cspi-4xg0q.
- environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- id string
- The ID of the Provider Integration Authorization, for example,
cspi-4xg0q.
- environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- id str
- The ID of the Provider Integration Authorization, for example,
cspi-4xg0q.
- environment Property Map
- (Required Configuration Block) supports the following:
- id String
- The ID of the Provider Integration Authorization, for example,
cspi-4xg0q.
getProviderIntegrationAuthorization Result
The following output properties are available:
- Azures
List<Pulumi.
Confluent Cloud. Outputs. Get Provider Integration Authorization Azure> - (Optional Configuration Block) Azure-specific configuration details. Present for Azure integrations. It supports the following:
- Environment
Pulumi.
Confluent Cloud. Outputs. Get Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- Gcps
List<Pulumi.
Confluent Cloud. Outputs. Get Provider Integration Authorization Gcp> - (Optional Configuration Block) GCP-specific configuration details. Present for GCP integrations. It supports the following:
- Id string
- (Required String) The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123. - Provider
Integration stringId - (Required String) The ID of the provider integration.
- Azures
[]Get
Provider Integration Authorization Azure - (Optional Configuration Block) Azure-specific configuration details. Present for Azure integrations. It supports the following:
- Environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- Gcps
[]Get
Provider Integration Authorization Gcp - (Optional Configuration Block) GCP-specific configuration details. Present for GCP integrations. It supports the following:
- Id string
- (Required String) The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123. - Provider
Integration stringId - (Required String) The ID of the provider integration.
- azures
List<Get
Provider Integration Authorization Azure> - (Optional Configuration Block) Azure-specific configuration details. Present for Azure integrations. It supports the following:
- environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- gcps
List<Get
Provider Integration Authorization Gcp> - (Optional Configuration Block) GCP-specific configuration details. Present for GCP integrations. It supports the following:
- id String
- (Required String) The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123. - provider
Integration StringId - (Required String) The ID of the provider integration.
- azures
Get
Provider Integration Authorization Azure[] - (Optional Configuration Block) Azure-specific configuration details. Present for Azure integrations. It supports the following:
- environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- gcps
Get
Provider Integration Authorization Gcp[] - (Optional Configuration Block) GCP-specific configuration details. Present for GCP integrations. It supports the following:
- id string
- (Required String) The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123. - provider
Integration stringId - (Required String) The ID of the provider integration.
- azures
Sequence[Get
Provider Integration Authorization Azure] - (Optional Configuration Block) Azure-specific configuration details. Present for Azure integrations. It supports the following:
- environment
Get
Provider Integration Authorization Environment - (Required Configuration Block) supports the following:
- gcps
Sequence[Get
Provider Integration Authorization Gcp] - (Optional Configuration Block) GCP-specific configuration details. Present for GCP integrations. It supports the following:
- id str
- (Required String) The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123. - provider_
integration_ strid - (Required String) The ID of the provider integration.
- azures List<Property Map>
- (Optional Configuration Block) Azure-specific configuration details. Present for Azure integrations. It supports the following:
- environment Property Map
- (Required Configuration Block) supports the following:
- gcps List<Property Map>
- (Optional Configuration Block) GCP-specific configuration details. Present for GCP integrations. It supports the following:
- id String
- (Required String) The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123. - provider
Integration StringId - (Required String) The ID of the provider integration.
Supporting Types
GetProviderIntegrationAuthorizationAzure
- Confluent
Multi stringTenant App Id - (Computed String) Confluent Multi-Tenant App ID used to access customer Azure resources.
- Customer
Azure stringTenant Id - (Computed String) Customer's Azure Tenant ID.
- Confluent
Multi stringTenant App Id - (Computed String) Confluent Multi-Tenant App ID used to access customer Azure resources.
- Customer
Azure stringTenant Id - (Computed String) Customer's Azure Tenant ID.
- confluent
Multi StringTenant App Id - (Computed String) Confluent Multi-Tenant App ID used to access customer Azure resources.
- customer
Azure StringTenant Id - (Computed String) Customer's Azure Tenant ID.
- confluent
Multi stringTenant App Id - (Computed String) Confluent Multi-Tenant App ID used to access customer Azure resources.
- customer
Azure stringTenant Id - (Computed String) Customer's Azure Tenant ID.
- confluent_
multi_ strtenant_ app_ id - (Computed String) Confluent Multi-Tenant App ID used to access customer Azure resources.
- customer_
azure_ strtenant_ id - (Computed String) Customer's Azure Tenant ID.
- confluent
Multi StringTenant App Id - (Computed String) Confluent Multi-Tenant App ID used to access customer Azure resources.
- customer
Azure StringTenant Id - (Computed String) Customer's Azure Tenant ID.
GetProviderIntegrationAuthorizationEnvironment
- Id string
- The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123.
- Id string
- The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123.
- id String
- The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123.
- id string
- The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123.
- id str
- The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123.
- id String
- The ID of the Environment that the Provider Integration belongs to, for example,
env-abc123.
GetProviderIntegrationAuthorizationGcp
- Customer
Google stringService Account - (Computed String) Customer's Google Service Account that Confluent Cloud impersonates.
- Google
Service stringAccount - (Computed String) Google Service Account that Confluent Cloud uses for impersonation.
- Customer
Google stringService Account - (Computed String) Customer's Google Service Account that Confluent Cloud impersonates.
- Google
Service stringAccount - (Computed String) Google Service Account that Confluent Cloud uses for impersonation.
- customer
Google StringService Account - (Computed String) Customer's Google Service Account that Confluent Cloud impersonates.
- google
Service StringAccount - (Computed String) Google Service Account that Confluent Cloud uses for impersonation.
- customer
Google stringService Account - (Computed String) Customer's Google Service Account that Confluent Cloud impersonates.
- google
Service stringAccount - (Computed String) Google Service Account that Confluent Cloud uses for impersonation.
- customer_
google_ strservice_ account - (Computed String) Customer's Google Service Account that Confluent Cloud impersonates.
- google_
service_ straccount - (Computed String) Google Service Account that Confluent Cloud uses for impersonation.
- customer
Google StringService Account - (Computed String) Customer's Google Service Account that Confluent Cloud impersonates.
- google
Service StringAccount - (Computed String) Google Service Account that Confluent Cloud uses for impersonation.
Package Details
- Repository
- Confluent Cloud pulumi/pulumi-confluentcloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
confluentTerraform Provider.
Viewing docs for Confluent v2.59.0
published on Friday, Mar 6, 2026 by Pulumi
published on Friday, Mar 6, 2026 by Pulumi
