Docs Home
Google Cloud v8.33.0 published on Wednesday, Jun 4, 2025 by Pulumi
gcp.iam.WorkforcePoolProviderKey
Explore with Pulumi AI
Represents a public key configuration for a Workforce Pool Provider. The key can be configured in your identity provider to encrypt SAML assertions. Google holds the corresponding private key, which it uses to decrypt encrypted tokens.
To get more information about WorkforcePoolProviderKey, see:
- API documentation
- How-to Guides
Example Usage
Iam Workforce Pool Provider Saml Key Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const pool = new gcp.iam.WorkforcePool("pool", {
workforcePoolId: "example-pool",
parent: "organizations/123456789",
location: "global",
});
const provider = new gcp.iam.WorkforcePoolProvider("provider", {
workforcePoolId: pool.workforcePoolId,
location: pool.location,
providerId: "example-prvdr",
attributeMapping: {
"google.subject": "assertion.sub",
},
saml: {
idpMetadataXml: "<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
},
});
const example = new gcp.iam.WorkforcePoolProviderKey("example", {
workforcePoolId: pool.workforcePoolId,
location: pool.location,
providerId: provider.providerId,
keyId: "example-key",
keyData: {
keySpec: "RSA_2048",
},
use: "ENCRYPTION",
});
import pulumi
import pulumi_gcp as gcp
pool = gcp.iam.WorkforcePool("pool",
workforce_pool_id="example-pool",
parent="organizations/123456789",
location="global")
provider = gcp.iam.WorkforcePoolProvider("provider",
workforce_pool_id=pool.workforce_pool_id,
location=pool.location,
provider_id="example-prvdr",
attribute_mapping={
"google.subject": "assertion.sub",
},
saml={
"idp_metadata_xml": "<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
})
example = gcp.iam.WorkforcePoolProviderKey("example",
workforce_pool_id=pool.workforce_pool_id,
location=pool.location,
provider_id=provider.provider_id,
key_id="example-key",
key_data={
"key_spec": "RSA_2048",
},
use="ENCRYPTION")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pool, err := iam.NewWorkforcePool(ctx, "pool", &iam.WorkforcePoolArgs{
WorkforcePoolId: pulumi.String("example-pool"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
provider, err := iam.NewWorkforcePoolProvider(ctx, "provider", &iam.WorkforcePoolProviderArgs{
WorkforcePoolId: pool.WorkforcePoolId,
Location: pool.Location,
ProviderId: pulumi.String("example-prvdr"),
AttributeMapping: pulumi.StringMap{
"google.subject": pulumi.String("assertion.sub"),
},
Saml: &iam.WorkforcePoolProviderSamlArgs{
IdpMetadataXml: pulumi.String("<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>"),
},
})
if err != nil {
return err
}
_, err = iam.NewWorkforcePoolProviderKey(ctx, "example", &iam.WorkforcePoolProviderKeyArgs{
WorkforcePoolId: pool.WorkforcePoolId,
Location: pool.Location,
ProviderId: provider.ProviderId,
KeyId: pulumi.String("example-key"),
KeyData: &iam.WorkforcePoolProviderKeyKeyDataArgs{
KeySpec: pulumi.String("RSA_2048"),
},
Use: pulumi.String("ENCRYPTION"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var pool = new Gcp.Iam.WorkforcePool("pool", new()
{
WorkforcePoolId = "example-pool",
Parent = "organizations/123456789",
Location = "global",
});
var provider = new Gcp.Iam.WorkforcePoolProvider("provider", new()
{
WorkforcePoolId = pool.WorkforcePoolId,
Location = pool.Location,
ProviderId = "example-prvdr",
AttributeMapping =
{
{ "google.subject", "assertion.sub" },
},
Saml = new Gcp.Iam.Inputs.WorkforcePoolProviderSamlArgs
{
IdpMetadataXml = "<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
},
});
var example = new Gcp.Iam.WorkforcePoolProviderKey("example", new()
{
WorkforcePoolId = pool.WorkforcePoolId,
Location = pool.Location,
ProviderId = provider.ProviderId,
KeyId = "example-key",
KeyData = new Gcp.Iam.Inputs.WorkforcePoolProviderKeyKeyDataArgs
{
KeySpec = "RSA_2048",
},
Use = "ENCRYPTION",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.WorkforcePool;
import com.pulumi.gcp.iam.WorkforcePoolArgs;
import com.pulumi.gcp.iam.WorkforcePoolProvider;
import com.pulumi.gcp.iam.WorkforcePoolProviderArgs;
import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderSamlArgs;
import com.pulumi.gcp.iam.WorkforcePoolProviderKey;
import com.pulumi.gcp.iam.WorkforcePoolProviderKeyArgs;
import com.pulumi.gcp.iam.inputs.WorkforcePoolProviderKeyKeyDataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new WorkforcePool("pool", WorkforcePoolArgs.builder()
.workforcePoolId("example-pool")
.parent("organizations/123456789")
.location("global")
.build());
var provider = new WorkforcePoolProvider("provider", WorkforcePoolProviderArgs.builder()
.workforcePoolId(pool.workforcePoolId())
.location(pool.location())
.providerId("example-prvdr")
.attributeMapping(Map.of("google.subject", "assertion.sub"))
.saml(WorkforcePoolProviderSamlArgs.builder()
.idpMetadataXml("<?xml version=\"1.0\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://test.com\"><md:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"> <md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://test.com/sso\"/></md:IDPSSODescriptor></md:EntityDescriptor>")
.build())
.build());
var example = new WorkforcePoolProviderKey("example", WorkforcePoolProviderKeyArgs.builder()
.workforcePoolId(pool.workforcePoolId())
.location(pool.location())
.providerId(provider.providerId())
.keyId("example-key")
.keyData(WorkforcePoolProviderKeyKeyDataArgs.builder()
.keySpec("RSA_2048")
.build())
.use("ENCRYPTION")
.build());
}
}
resources:
pool:
type: gcp:iam:WorkforcePool
properties:
workforcePoolId: example-pool
parent: organizations/123456789
location: global
provider:
type: gcp:iam:WorkforcePoolProvider
properties:
workforcePoolId: ${pool.workforcePoolId}
location: ${pool.location}
providerId: example-prvdr
attributeMapping:
google.subject: assertion.sub
saml:
idpMetadataXml: <?xml version="1.0"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://test.com"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test.com/sso"/></md:IDPSSODescriptor></md:EntityDescriptor>
example:
type: gcp:iam:WorkforcePoolProviderKey
properties:
workforcePoolId: ${pool.workforcePoolId}
location: ${pool.location}
providerId: ${provider.providerId}
keyId: example-key
keyData:
keySpec: RSA_2048
use: ENCRYPTION
Create WorkforcePoolProviderKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WorkforcePoolProviderKey(name: string, args: WorkforcePoolProviderKeyArgs, opts?: CustomResourceOptions);@overload
def WorkforcePoolProviderKey(resource_name: str,
args: WorkforcePoolProviderKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WorkforcePoolProviderKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_data: Optional[WorkforcePoolProviderKeyKeyDataArgs] = None,
key_id: Optional[str] = None,
location: Optional[str] = None,
provider_id: Optional[str] = None,
use: Optional[str] = None,
workforce_pool_id: Optional[str] = None)func NewWorkforcePoolProviderKey(ctx *Context, name string, args WorkforcePoolProviderKeyArgs, opts ...ResourceOption) (*WorkforcePoolProviderKey, error)public WorkforcePoolProviderKey(string name, WorkforcePoolProviderKeyArgs args, CustomResourceOptions? opts = null)
public WorkforcePoolProviderKey(String name, WorkforcePoolProviderKeyArgs args)
public WorkforcePoolProviderKey(String name, WorkforcePoolProviderKeyArgs args, CustomResourceOptions options)
type: gcp:iam:WorkforcePoolProviderKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WorkforcePoolProviderKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkforcePoolProviderKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkforcePoolProviderKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkforcePoolProviderKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkforcePoolProviderKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var workforcePoolProviderKeyResource = new Gcp.Iam.WorkforcePoolProviderKey("workforcePoolProviderKeyResource", new()
{
KeyData = new Gcp.Iam.Inputs.WorkforcePoolProviderKeyKeyDataArgs
{
KeySpec = "string",
Format = "string",
Key = "string",
NotAfterTime = "string",
NotBeforeTime = "string",
},
KeyId = "string",
Location = "string",
ProviderId = "string",
Use = "string",
WorkforcePoolId = "string",
});
example, err := iam.NewWorkforcePoolProviderKey(ctx, "workforcePoolProviderKeyResource", &iam.WorkforcePoolProviderKeyArgs{
KeyData: &iam.WorkforcePoolProviderKeyKeyDataArgs{
KeySpec: pulumi.String("string"),
Format: pulumi.String("string"),
Key: pulumi.String("string"),
NotAfterTime: pulumi.String("string"),
NotBeforeTime: pulumi.String("string"),
},
KeyId: pulumi.String("string"),
Location: pulumi.String("string"),
ProviderId: pulumi.String("string"),
Use: pulumi.String("string"),
WorkforcePoolId: pulumi.String("string"),
})
var workforcePoolProviderKeyResource = new WorkforcePoolProviderKey("workforcePoolProviderKeyResource", WorkforcePoolProviderKeyArgs.builder()
.keyData(WorkforcePoolProviderKeyKeyDataArgs.builder()
.keySpec("string")
.format("string")
.key("string")
.notAfterTime("string")
.notBeforeTime("string")
.build())
.keyId("string")
.location("string")
.providerId("string")
.use("string")
.workforcePoolId("string")
.build());
workforce_pool_provider_key_resource = gcp.iam.WorkforcePoolProviderKey("workforcePoolProviderKeyResource",
key_data={
"key_spec": "string",
"format": "string",
"key": "string",
"not_after_time": "string",
"not_before_time": "string",
},
key_id="string",
location="string",
provider_id="string",
use="string",
workforce_pool_id="string")
const workforcePoolProviderKeyResource = new gcp.iam.WorkforcePoolProviderKey("workforcePoolProviderKeyResource", {
keyData: {
keySpec: "string",
format: "string",
key: "string",
notAfterTime: "string",
notBeforeTime: "string",
},
keyId: "string",
location: "string",
providerId: "string",
use: "string",
workforcePoolId: "string",
});
type: gcp:iam:WorkforcePoolProviderKey
properties:
keyData:
format: string
key: string
keySpec: string
notAfterTime: string
notBeforeTime: string
keyId: string
location: string
providerId: string
use: string
workforcePoolId: string
WorkforcePoolProviderKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WorkforcePoolProviderKey resource accepts the following input properties:
- Key
Data WorkforcePool Provider Key Key Data - Immutable. Public half of the asymmetric key. Structure is documented below.
- Key
Id string - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- Location string
- The location for the resource.
- Provider
Id string - The ID of the provider.
- Use string
- The purpose of the key.
Possible values are:
ENCRYPTION. - Workforce
Pool stringId - The ID of the workforce pool.
- Key
Data WorkforcePool Provider Key Key Data Args - Immutable. Public half of the asymmetric key. Structure is documented below.
- Key
Id string - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- Location string
- The location for the resource.
- Provider
Id string - The ID of the provider.
- Use string
- The purpose of the key.
Possible values are:
ENCRYPTION. - Workforce
Pool stringId - The ID of the workforce pool.
- key
Data WorkforcePool Provider Key Key Data - Immutable. Public half of the asymmetric key. Structure is documented below.
- key
Id String - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location String
- The location for the resource.
- provider
Id String - The ID of the provider.
- use String
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce
Pool StringId - The ID of the workforce pool.
- key
Data WorkforcePool Provider Key Key Data - Immutable. Public half of the asymmetric key. Structure is documented below.
- key
Id string - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location string
- The location for the resource.
- provider
Id string - The ID of the provider.
- use string
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce
Pool stringId - The ID of the workforce pool.
- key_
data WorkforcePool Provider Key Key Data Args - Immutable. Public half of the asymmetric key. Structure is documented below.
- key_
id str - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location str
- The location for the resource.
- provider_
id str - The ID of the provider.
- use str
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce_
pool_ strid - The ID of the workforce pool.
- key
Data Property Map - Immutable. Public half of the asymmetric key. Structure is documented below.
- key
Id String - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location String
- The location for the resource.
- provider
Id String - The ID of the provider.
- use String
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce
Pool StringId - The ID of the workforce pool.
Outputs
All input properties are implicitly available as output properties. Additionally, the WorkforcePoolProviderKey resource produces the following output properties:
- Expire
Time string - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - State string
- The state of the key.
- Expire
Time string - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - State string
- The state of the key.
- expire
Time String - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - state String
- The state of the key.
- expire
Time string - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - state string
- The state of the key.
- expire_
time str - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - state str
- The state of the key.
- expire
Time String - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - state String
- The state of the key.
Look up Existing WorkforcePoolProviderKey Resource
Get an existing WorkforcePoolProviderKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkforcePoolProviderKeyState, opts?: CustomResourceOptions): WorkforcePoolProviderKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
expire_time: Optional[str] = None,
key_data: Optional[WorkforcePoolProviderKeyKeyDataArgs] = None,
key_id: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
provider_id: Optional[str] = None,
state: Optional[str] = None,
use: Optional[str] = None,
workforce_pool_id: Optional[str] = None) -> WorkforcePoolProviderKeyfunc GetWorkforcePoolProviderKey(ctx *Context, name string, id IDInput, state *WorkforcePoolProviderKeyState, opts ...ResourceOption) (*WorkforcePoolProviderKey, error)public static WorkforcePoolProviderKey Get(string name, Input<string> id, WorkforcePoolProviderKeyState? state, CustomResourceOptions? opts = null)public static WorkforcePoolProviderKey get(String name, Output<String> id, WorkforcePoolProviderKeyState state, CustomResourceOptions options)resources: _: type: gcp:iam:WorkforcePoolProviderKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Expire
Time string - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- Key
Data WorkforcePool Provider Key Key Data - Immutable. Public half of the asymmetric key. Structure is documented below.
- Key
Id string - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- Location string
- The location for the resource.
- Name string
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - Provider
Id string - The ID of the provider.
- State string
- The state of the key.
- Use string
- The purpose of the key.
Possible values are:
ENCRYPTION. - Workforce
Pool stringId - The ID of the workforce pool.
- Expire
Time string - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- Key
Data WorkforcePool Provider Key Key Data Args - Immutable. Public half of the asymmetric key. Structure is documented below.
- Key
Id string - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- Location string
- The location for the resource.
- Name string
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - Provider
Id string - The ID of the provider.
- State string
- The state of the key.
- Use string
- The purpose of the key.
Possible values are:
ENCRYPTION. - Workforce
Pool stringId - The ID of the workforce pool.
- expire
Time String - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- key
Data WorkforcePool Provider Key Key Data - Immutable. Public half of the asymmetric key. Structure is documented below.
- key
Id String - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location String
- The location for the resource.
- name String
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - provider
Id String - The ID of the provider.
- state String
- The state of the key.
- use String
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce
Pool StringId - The ID of the workforce pool.
- expire
Time string - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- key
Data WorkforcePool Provider Key Key Data - Immutable. Public half of the asymmetric key. Structure is documented below.
- key
Id string - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location string
- The location for the resource.
- name string
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - provider
Id string - The ID of the provider.
- state string
- The state of the key.
- use string
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce
Pool stringId - The ID of the workforce pool.
- expire_
time str - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- key_
data WorkforcePool Provider Key Key Data Args - Immutable. Public half of the asymmetric key. Structure is documented below.
- key_
id str - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location str
- The location for the resource.
- name str
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - provider_
id str - The ID of the provider.
- state str
- The state of the key.
- use str
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce_
pool_ strid - The ID of the workforce pool.
- expire
Time String - The time after which the key will be permanently deleted and cannot be recovered. Note that the key may get purged before this time if the total limit of keys per provider is exceeded.
- key
Data Property Map - Immutable. Public half of the asymmetric key. Structure is documented below.
- key
Id String - The ID to use for the key, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-].
- location String
- The location for the resource.
- name String
- Identifier. The resource name of the key.
Format:
locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}/keys/{keyId} - provider
Id String - The ID of the provider.
- state String
- The state of the key.
- use String
- The purpose of the key.
Possible values are:
ENCRYPTION. - workforce
Pool StringId - The ID of the workforce pool.
Supporting Types
WorkforcePoolProviderKeyKeyData, WorkforcePoolProviderKeyKeyDataArgs
- Key
Spec string - The specifications for the key.
Possible values are:
RSA_2048,RSA_3072,RSA_4096. - Format string
- (Output) The format of the key.
- Key string
- (Output) The key data. The format of the key is represented by the format field.
- Not
After stringTime - (Output) Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- Not
Before stringTime - (Output) Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- Key
Spec string - The specifications for the key.
Possible values are:
RSA_2048,RSA_3072,RSA_4096. - Format string
- (Output) The format of the key.
- Key string
- (Output) The key data. The format of the key is represented by the format field.
- Not
After stringTime - (Output) Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- Not
Before stringTime - (Output) Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- key
Spec String - The specifications for the key.
Possible values are:
RSA_2048,RSA_3072,RSA_4096. - format String
- (Output) The format of the key.
- key String
- (Output) The key data. The format of the key is represented by the format field.
- not
After StringTime - (Output) Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- not
Before StringTime - (Output) Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- key
Spec string - The specifications for the key.
Possible values are:
RSA_2048,RSA_3072,RSA_4096. - format string
- (Output) The format of the key.
- key string
- (Output) The key data. The format of the key is represented by the format field.
- not
After stringTime - (Output) Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- not
Before stringTime - (Output) Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- key_
spec str - The specifications for the key.
Possible values are:
RSA_2048,RSA_3072,RSA_4096. - format str
- (Output) The format of the key.
- key str
- (Output) The key data. The format of the key is represented by the format field.
- not_
after_ strtime - (Output) Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- not_
before_ strtime - (Output) Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- key
Spec String - The specifications for the key.
Possible values are:
RSA_2048,RSA_3072,RSA_4096. - format String
- (Output) The format of the key.
- key String
- (Output) The key data. The format of the key is represented by the format field.
- not
After StringTime - (Output) Latest timestamp when this key is valid. Attempts to use this key after this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
- not
Before StringTime - (Output) Earliest timestamp when this key is valid. Attempts to use this key before this time will fail. Only present if the key data represents a X.509 certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Import
WorkforcePoolProviderKey can be imported using any of these accepted formats:
locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/keys/{{key_id}}{{location}}/{{workforce_pool_id}}/{{provider_id}}/{{key_id}}
When using the pulumi import command, WorkforcePoolProviderKey can be imported using one of the formats above. For example:
$ pulumi import gcp:iam/workforcePoolProviderKey:WorkforcePoolProviderKey default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/keys/{{key_id}}
$ pulumi import gcp:iam/workforcePoolProviderKey:WorkforcePoolProviderKey default {{location}}/{{workforce_pool_id}}/{{provider_id}}/{{key_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.