pulumi-gcp 7.17.0__py3-none-any.whl → 7.17.0a1711607165__py3-none-any.whl

pulumi_gcp/gkehub/membership_binding.py

@@ -419,15 +419,15 @@ class MembershipBinding(pulumi.CustomResource):
             network="default",
             subnetwork="default")
         membership = gcp.gkehub.Membership("membership",
-            membership_id="tf-test-membership_75125",
+            membership_id="tf-test-membership_74000",
             endpoint=gcp.gkehub.MembershipEndpointArgs(
                 gke_cluster=gcp.gkehub.MembershipEndpointGkeClusterArgs(
                     resource_link=primary.id.apply(lambda id: f"//container.googleapis.com/{id}"),
                 ),
             ))
-        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_88722")
+        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_75125")
         membership_binding = gcp.gkehub.MembershipBinding("membership_binding",
-            membership_binding_id="tf-test-membership-binding_39249",
+            membership_binding_id="tf-test-membership-binding_88722",
             scope=scope.name,
             membership_id=membership.membership_id,
             location="global",
@@ -512,15 +512,15 @@ class MembershipBinding(pulumi.CustomResource):
             network="default",
             subnetwork="default")
         membership = gcp.gkehub.Membership("membership",
-            membership_id="tf-test-membership_75125",
+            membership_id="tf-test-membership_74000",
             endpoint=gcp.gkehub.MembershipEndpointArgs(
                 gke_cluster=gcp.gkehub.MembershipEndpointGkeClusterArgs(
                     resource_link=primary.id.apply(lambda id: f"//container.googleapis.com/{id}"),
                 ),
             ))
-        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_88722")
+        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_75125")
         membership_binding = gcp.gkehub.MembershipBinding("membership_binding",
-            membership_binding_id="tf-test-membership-binding_39249",
+            membership_binding_id="tf-test-membership-binding_88722",
             scope=scope.name,
             membership_id=membership.membership_id,
             location="global",

pulumi_gcp/gkehub/membership_rbac_role_binding.py

@@ -364,7 +364,7 @@ class MembershipRbacRoleBinding(pulumi.CustomResource):
             network="default",
             subnetwork="default")
         membership = gcp.gkehub.Membership("membership",
-            membership_id="tf-test-membership_74391",
+            membership_id="tf-test-membership_39249",
             endpoint=gcp.gkehub.MembershipEndpointArgs(
                 gke_cluster=gcp.gkehub.MembershipEndpointGkeClusterArgs(
                     resource_link=primary.id.apply(lambda id: f"//container.googleapis.com/{id}"),
@@ -372,7 +372,7 @@ class MembershipRbacRoleBinding(pulumi.CustomResource):
             ))
         project = gcp.organizations.get_project()
         membership_rbac_role_binding = gcp.gkehub.MembershipRbacRoleBinding("membership_rbac_role_binding",
-            membership_rbac_role_binding_id="tf-test-membership-rbac-role-binding_16511",
+            membership_rbac_role_binding_id="tf-test-membership-rbac-role-binding_74391",
             membership_id=membership.membership_id,
             user=f"service-{project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com",
             role=gcp.gkehub.MembershipRbacRoleBindingRoleArgs(
@@ -444,7 +444,7 @@ class MembershipRbacRoleBinding(pulumi.CustomResource):
             network="default",
             subnetwork="default")
         membership = gcp.gkehub.Membership("membership",
-            membership_id="tf-test-membership_74391",
+            membership_id="tf-test-membership_39249",
             endpoint=gcp.gkehub.MembershipEndpointArgs(
                 gke_cluster=gcp.gkehub.MembershipEndpointGkeClusterArgs(
                     resource_link=primary.id.apply(lambda id: f"//container.googleapis.com/{id}"),
@@ -452,7 +452,7 @@ class MembershipRbacRoleBinding(pulumi.CustomResource):
             ))
         project = gcp.organizations.get_project()
         membership_rbac_role_binding = gcp.gkehub.MembershipRbacRoleBinding("membership_rbac_role_binding",
-            membership_rbac_role_binding_id="tf-test-membership-rbac-role-binding_16511",
+            membership_rbac_role_binding_id="tf-test-membership-rbac-role-binding_74391",
             membership_id=membership.membership_id,
             user=f"service-{project.number}@gcp-sa-anthossupport.iam.gserviceaccount.com",
             role=gcp.gkehub.MembershipRbacRoleBindingRoleArgs(

pulumi_gcp/gkehub/namespace.py

@@ -424,9 +424,9 @@ class Namespace(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_8493")
+        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_16511")
         namespace = gcp.gkehub.Namespace("namespace",
-            scope_namespace_id="tf-test-namespace_9106",
+            scope_namespace_id="tf-test-namespace_8493",
             scope_id=scope.scope_id,
             scope=scope.name,
             namespace_labels={
@@ -510,9 +510,9 @@ class Namespace(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_8493")
+        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_16511")
         namespace = gcp.gkehub.Namespace("namespace",
-            scope_namespace_id="tf-test-namespace_9106",
+            scope_namespace_id="tf-test-namespace_8493",
             scope_id=scope.scope_id,
             scope=scope.name,
             namespace_labels={

pulumi_gcp/gkehub/scope_rbac_role_binding.py

@@ -453,9 +453,9 @@ class ScopeRbacRoleBinding(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_27169")
+        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_9106")
         scope_rbac_role_binding = gcp.gkehub.ScopeRbacRoleBinding("scope_rbac_role_binding",
-            scope_rbac_role_binding_id="tf-test-scope-rbac-role-binding_75223",
+            scope_rbac_role_binding_id="tf-test-scope-rbac-role-binding_27169",
             scope_id=scope.scope_id,
             user="test-email@gmail.com",
             role=gcp.gkehub.ScopeRbacRoleBindingRoleArgs(
@@ -535,9 +535,9 @@ class ScopeRbacRoleBinding(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_27169")
+        scope = gcp.gkehub.Scope("scope", scope_id="tf-test-scope_9106")
         scope_rbac_role_binding = gcp.gkehub.ScopeRbacRoleBinding("scope_rbac_role_binding",
-            scope_rbac_role_binding_id="tf-test-scope-rbac-role-binding_75223",
+            scope_rbac_role_binding_id="tf-test-scope-rbac-role-binding_27169",
             scope_id=scope.scope_id,
             user="test-email@gmail.com",
             role=gcp.gkehub.ScopeRbacRoleBindingRoleArgs(

pulumi_gcp/iam/_inputs.py

@@ -513,23 +513,6 @@ class WorkforcePoolProviderOidcArgs:
                .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
                keys are supported. The JWK must use following format and include only
                the following fields:
-               ```
-               {
-               "keys": [
-               {
-               "kty": "RSA/EC",
-               "alg": "<algorithm>",
-               "use": "sig",
-               "kid": "<key-id>",
-               "n": "",
-               "e": "",
-               "x": "",
-               "y": "",
-               "crv": ""
-               }
-               ]
-               }
-               ```
         :param pulumi.Input['WorkforcePoolProviderOidcWebSsoConfigArgs'] web_sso_config: Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
                Structure is documented below.
         """
@@ -589,23 +572,6 @@ class WorkforcePoolProviderOidcArgs:
         .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
         keys are supported. The JWK must use following format and include only
         the following fields:
-        ```
-        {
-        "keys": [
-        {
-        "kty": "RSA/EC",
-        "alg": "<algorithm>",
-        "use": "sig",
-        "kid": "<key-id>",
-        "n": "",
-        "e": "",
-        "x": "",
-        "y": "",
-        "crv": ""
-        }
-        ]
-        }
-        ```
         """
         return pulumi.get(self, "jwks_json")
 
@@ -846,33 +812,12 @@ class WorkloadIdentityPoolProviderOidcArgs:
                If this list is empty, the OIDC token audience must be equal to the full canonical
                resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
                For example:
-               ```
-               //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-               https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-               ```
         :param pulumi.Input[str] jwks_json: OIDC JWKs in JSON String format. For details on definition of a
                JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
                use the `jwks_uri` from the discovery document fetched from the
                .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
                keys are supported. The JWK must use following format and include only
                the following fields:
-               ```
-               {
-               "keys": [
-               {
-               "kty": "RSA/EC",
-               "alg": "<algorithm>",
-               "use": "sig",
-               "kid": "<key-id>",
-               "n": "",
-               "e": "",
-               "x": "",
-               "y": "",
-               "crv": ""
-               }
-               ]
-               }
-               ```
         """
         pulumi.set(__self__, "issuer_uri", issuer_uri)
         if allowed_audiences is not None:
@@ -903,10 +848,6 @@ class WorkloadIdentityPoolProviderOidcArgs:
         If this list is empty, the OIDC token audience must be equal to the full canonical
         resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
         For example:
-        ```
-        //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-        https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-        ```
         """
         return pulumi.get(self, "allowed_audiences")
 
@@ -924,23 +865,6 @@ class WorkloadIdentityPoolProviderOidcArgs:
         .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
         keys are supported. The JWK must use following format and include only
         the following fields:
-        ```
-        {
-        "keys": [
-        {
-        "kty": "RSA/EC",
-        "alg": "<algorithm>",
-        "use": "sig",
-        "kid": "<key-id>",
-        "n": "",
-        "e": "",
-        "x": "",
-        "y": "",
-        "crv": ""
-        }
-        ]
-        }
-        ```
         """
         return pulumi.get(self, "jwks_json")
 

pulumi_gcp/iam/outputs.py

@@ -550,23 +550,6 @@ class WorkforcePoolProviderOidc(dict):
                .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
                keys are supported. The JWK must use following format and include only
                the following fields:
-               ```
-               {
-               "keys": [
-               {
-               "kty": "RSA/EC",
-               "alg": "<algorithm>",
-               "use": "sig",
-               "kid": "<key-id>",
-               "n": "",
-               "e": "",
-               "x": "",
-               "y": "",
-               "crv": ""
-               }
-               ]
-               }
-               ```
         :param 'WorkforcePoolProviderOidcWebSsoConfigArgs' web_sso_config: Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
                Structure is documented below.
         """
@@ -614,23 +597,6 @@ class WorkforcePoolProviderOidc(dict):
         .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
         keys are supported. The JWK must use following format and include only
         the following fields:
-        ```
-        {
-        "keys": [
-        {
-        "kty": "RSA/EC",
-        "alg": "<algorithm>",
-        "use": "sig",
-        "kid": "<key-id>",
-        "n": "",
-        "e": "",
-        "x": "",
-        "y": "",
-        "crv": ""
-        }
-        ]
-        }
-        ```
         """
         return pulumi.get(self, "jwks_json")
 
@@ -924,33 +890,12 @@ class WorkloadIdentityPoolProviderOidc(dict):
                If this list is empty, the OIDC token audience must be equal to the full canonical
                resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
                For example:
-               ```
-               //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-               https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-               ```
         :param str jwks_json: OIDC JWKs in JSON String format. For details on definition of a
                JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
                use the `jwks_uri` from the discovery document fetched from the
                .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
                keys are supported. The JWK must use following format and include only
                the following fields:
-               ```
-               {
-               "keys": [
-               {
-               "kty": "RSA/EC",
-               "alg": "<algorithm>",
-               "use": "sig",
-               "kid": "<key-id>",
-               "n": "",
-               "e": "",
-               "x": "",
-               "y": "",
-               "crv": ""
-               }
-               ]
-               }
-               ```
         """
         pulumi.set(__self__, "issuer_uri", issuer_uri)
         if allowed_audiences is not None:
@@ -977,10 +922,6 @@ class WorkloadIdentityPoolProviderOidc(dict):
         If this list is empty, the OIDC token audience must be equal to the full canonical
         resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
         For example:
-        ```
-        //iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-        https://iam.googleapis.com/projects/<project-number>/locations/<location>/workloadIdentityPools/<pool-id>/providers/<provider-id>
-        ```
         """
         return pulumi.get(self, "allowed_audiences")
 
@@ -994,23 +935,6 @@ class WorkloadIdentityPoolProviderOidc(dict):
         .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric
         keys are supported. The JWK must use following format and include only
         the following fields:
-        ```
-        {
-        "keys": [
-        {
-        "kty": "RSA/EC",
-        "alg": "<algorithm>",
-        "use": "sig",
-        "kid": "<key-id>",
-        "n": "",
-        "e": "",
-        "x": "",
-        "y": "",
-        "crv": ""
-        }
-        ]
-        }
-        ```
         """
         return pulumi.get(self, "jwks_json")
 

pulumi_gcp/iam/workforce_pool_provider.py

@@ -81,11 +81,6 @@ class WorkforcePoolProviderArgs:
                For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
                For example, the following maps the sub claim of the incoming credential to the `subject` attribute
                on a Google token:
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
-               An object containing a list of `"key": value` pairs.
-               Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
         :param pulumi.Input[str] description: A user-specified description of the provider. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
@@ -214,11 +209,6 @@ class WorkforcePoolProviderArgs:
         For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
         For example, the following maps the sub claim of the incoming credential to the `subject` attribute
         on a Google token:
-        ```
-        {"google.subject": "assertion.sub"}
-        ```
-        An object containing a list of `"key": value` pairs.
-        Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
         """
         return pulumi.get(self, "attribute_mapping")
 
@@ -349,11 +339,6 @@ class _WorkforcePoolProviderState:
                For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
                For example, the following maps the sub claim of the incoming credential to the `subject` attribute
                on a Google token:
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
-               An object containing a list of `"key": value` pairs.
-               Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
         :param pulumi.Input[str] description: A user-specified description of the provider. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
@@ -464,11 +449,6 @@ class _WorkforcePoolProviderState:
         For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
         For example, the following maps the sub claim of the incoming credential to the `subject` attribute
         on a Google token:
-        ```
-        {"google.subject": "assertion.sub"}
-        ```
-        An object containing a list of `"key": value` pairs.
-        Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
         """
         return pulumi.get(self, "attribute_mapping")
 
@@ -831,11 +811,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
                For example, the following maps the sub claim of the incoming credential to the `subject` attribute
                on a Google token:
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
-               An object containing a list of `"key": value` pairs.
-               Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
         :param pulumi.Input[str] description: A user-specified description of the provider. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
@@ -1142,11 +1117,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
                For example, the following maps the sub claim of the incoming credential to the `subject` attribute
                on a Google token:
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
-               An object containing a list of `"key": value` pairs.
-               Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
         :param pulumi.Input[str] description: A user-specified description of the provider. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
@@ -1246,11 +1216,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute.
         For example, the following maps the sub claim of the incoming credential to the `subject` attribute
         on a Google token:
-        ```
-        {"google.subject": "assertion.sub"}
-        ```
-        An object containing a list of `"key": value` pairs.
-        Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
         """
         return pulumi.get(self, "attribute_mapping")
 

pulumi_gcp/iam/workload_identity_pool_provider.py

@@ -74,26 +74,6 @@ class WorkloadIdentityPoolProviderArgs:
                the total size of all mapped attributes must not exceed 8KB.
                For AWS providers, the following rules apply:
                - If no attribute mapping is defined, the following default mapping applies:
-               ```
-               {
-               "google.subject":"assertion.arn",
-               "attribute.aws_role":
-               "assertion.arn.contains('assumed-role')"
-               " ? assertion.arn.extract('{account_arn}assumed-role/')"
-               "   + 'assumed-role/'"
-               "   + assertion.arn.extract('assumed-role/{role_name}/')"
-               " : assertion.arn",
-               }
-               ```
-               - If any custom attribute mappings are defined, they must include a mapping to the
-               `google.subject` attribute.
-               For OIDC providers, the following rules apply:
-               - Custom attribute mappings must be defined, and must include a mapping to the
-               `google.subject` attribute. For example, the following maps the `sub` claim of the
-               incoming credential to the `subject` attribute on a Google token.
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
         :param pulumi.Input['WorkloadIdentityPoolProviderAwsArgs'] aws: An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
                Structure is documented below.
         :param pulumi.Input[str] description: A description for the provider. Cannot exceed 256 characters.
@@ -210,26 +190,6 @@ class WorkloadIdentityPoolProviderArgs:
         the total size of all mapped attributes must not exceed 8KB.
         For AWS providers, the following rules apply:
         - If no attribute mapping is defined, the following default mapping applies:
-        ```
-        {
-        "google.subject":"assertion.arn",
-        "attribute.aws_role":
-        "assertion.arn.contains('assumed-role')"
-        " ? assertion.arn.extract('{account_arn}assumed-role/')"
-        "   + 'assumed-role/'"
-        "   + assertion.arn.extract('assumed-role/{role_name}/')"
-        " : assertion.arn",
-        }
-        ```
-        - If any custom attribute mappings are defined, they must include a mapping to the
-        `google.subject` attribute.
-        For OIDC providers, the following rules apply:
-        - Custom attribute mappings must be defined, and must include a mapping to the
-        `google.subject` attribute. For example, the following maps the `sub` claim of the
-        incoming credential to the `subject` attribute on a Google token.
-        ```
-        {"google.subject": "assertion.sub"}
-        ```
         """
         return pulumi.get(self, "attribute_mapping")
 
@@ -381,26 +341,6 @@ class _WorkloadIdentityPoolProviderState:
                the total size of all mapped attributes must not exceed 8KB.
                For AWS providers, the following rules apply:
                - If no attribute mapping is defined, the following default mapping applies:
-               ```
-               {
-               "google.subject":"assertion.arn",
-               "attribute.aws_role":
-               "assertion.arn.contains('assumed-role')"
-               " ? assertion.arn.extract('{account_arn}assumed-role/')"
-               "   + 'assumed-role/'"
-               "   + assertion.arn.extract('assumed-role/{role_name}/')"
-               " : assertion.arn",
-               }
-               ```
-               - If any custom attribute mappings are defined, they must include a mapping to the
-               `google.subject` attribute.
-               For OIDC providers, the following rules apply:
-               - Custom attribute mappings must be defined, and must include a mapping to the
-               `google.subject` attribute. For example, the following maps the `sub` claim of the
-               incoming credential to the `subject` attribute on a Google token.
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
         :param pulumi.Input['WorkloadIdentityPoolProviderAwsArgs'] aws: An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
                Structure is documented below.
         :param pulumi.Input[str] description: A description for the provider. Cannot exceed 256 characters.
@@ -510,26 +450,6 @@ class _WorkloadIdentityPoolProviderState:
         the total size of all mapped attributes must not exceed 8KB.
         For AWS providers, the following rules apply:
         - If no attribute mapping is defined, the following default mapping applies:
-        ```
-        {
-        "google.subject":"assertion.arn",
-        "attribute.aws_role":
-        "assertion.arn.contains('assumed-role')"
-        " ? assertion.arn.extract('{account_arn}assumed-role/')"
-        "   + 'assumed-role/'"
-        "   + assertion.arn.extract('assumed-role/{role_name}/')"
-        " : assertion.arn",
-        }
-        ```
-        - If any custom attribute mappings are defined, they must include a mapping to the
-        `google.subject` attribute.
-        For OIDC providers, the following rules apply:
-        - Custom attribute mappings must be defined, and must include a mapping to the
-        `google.subject` attribute. For example, the following maps the `sub` claim of the
-        incoming credential to the `subject` attribute on a Google token.
-        ```
-        {"google.subject": "assertion.sub"}
-        ```
         """
         return pulumi.get(self, "attribute_mapping")
 
@@ -954,26 +874,6 @@ class WorkloadIdentityPoolProvider(pulumi.CustomResource):
                the total size of all mapped attributes must not exceed 8KB.
                For AWS providers, the following rules apply:
                - If no attribute mapping is defined, the following default mapping applies:
-               ```
-               {
-               "google.subject":"assertion.arn",
-               "attribute.aws_role":
-               "assertion.arn.contains('assumed-role')"
-               " ? assertion.arn.extract('{account_arn}assumed-role/')"
-               "   + 'assumed-role/'"
-               "   + assertion.arn.extract('assumed-role/{role_name}/')"
-               " : assertion.arn",
-               }
-               ```
-               - If any custom attribute mappings are defined, they must include a mapping to the
-               `google.subject` attribute.
-               For OIDC providers, the following rules apply:
-               - Custom attribute mappings must be defined, and must include a mapping to the
-               `google.subject` attribute. For example, the following maps the `sub` claim of the
-               incoming credential to the `subject` attribute on a Google token.
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
         :param pulumi.Input[pulumi.InputType['WorkloadIdentityPoolProviderAwsArgs']] aws: An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
                Structure is documented below.
         :param pulumi.Input[str] description: A description for the provider. Cannot exceed 256 characters.
@@ -1330,26 +1230,6 @@ class WorkloadIdentityPoolProvider(pulumi.CustomResource):
                the total size of all mapped attributes must not exceed 8KB.
                For AWS providers, the following rules apply:
                - If no attribute mapping is defined, the following default mapping applies:
-               ```
-               {
-               "google.subject":"assertion.arn",
-               "attribute.aws_role":
-               "assertion.arn.contains('assumed-role')"
-               " ? assertion.arn.extract('{account_arn}assumed-role/')"
-               "   + 'assumed-role/'"
-               "   + assertion.arn.extract('assumed-role/{role_name}/')"
-               " : assertion.arn",
-               }
-               ```
-               - If any custom attribute mappings are defined, they must include a mapping to the
-               `google.subject` attribute.
-               For OIDC providers, the following rules apply:
-               - Custom attribute mappings must be defined, and must include a mapping to the
-               `google.subject` attribute. For example, the following maps the `sub` claim of the
-               incoming credential to the `subject` attribute on a Google token.
-               ```
-               {"google.subject": "assertion.sub"}
-               ```
         :param pulumi.Input[pulumi.InputType['WorkloadIdentityPoolProviderAwsArgs']] aws: An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
                Structure is documented below.
         :param pulumi.Input[str] description: A description for the provider. Cannot exceed 256 characters.
@@ -1447,26 +1327,6 @@ class WorkloadIdentityPoolProvider(pulumi.CustomResource):
         the total size of all mapped attributes must not exceed 8KB.
         For AWS providers, the following rules apply:
         - If no attribute mapping is defined, the following default mapping applies:
-        ```
-        {
-        "google.subject":"assertion.arn",
-        "attribute.aws_role":
-        "assertion.arn.contains('assumed-role')"
-        " ? assertion.arn.extract('{account_arn}assumed-role/')"
-        "   + 'assumed-role/'"
-        "   + assertion.arn.extract('assumed-role/{role_name}/')"
-        " : assertion.arn",
-        }
-        ```
-        - If any custom attribute mappings are defined, they must include a mapping to the
-        `google.subject` attribute.
-        For OIDC providers, the following rules apply:
-        - Custom attribute mappings must be defined, and must include a mapping to the
-        `google.subject` attribute. For example, the following maps the `sub` claim of the
-        incoming credential to the `subject` attribute on a Google token.
-        ```
-        {"google.subject": "assertion.sub"}
-        ```
         """
         return pulumi.get(self, "attribute_mapping")
 

pulumi_gcp/iap/tunnel_dest_group.py

@@ -249,7 +249,7 @@ class TunnelDestGroup(pulumi.CustomResource):
 
         dest_group = gcp.iap.TunnelDestGroup("dest_group",
             region="us-central1",
-            group_name="testgroup_41819",
+            group_name="testgroup_75223",
             cidrs=[
                 "10.1.0.0/16",
                 "192.168.10.0/24",
@@ -337,7 +337,7 @@ class TunnelDestGroup(pulumi.CustomResource):
 
         dest_group = gcp.iap.TunnelDestGroup("dest_group",
             region="us-central1",
-            group_name="testgroup_41819",
+            group_name="testgroup_75223",
             cidrs=[
                 "10.1.0.0/16",
                 "192.168.10.0/24",