pulumi-gcp 7.23.0__py3-none-any.whl → 7.23.0a1715621482__py3-none-any.whl

pulumi_gcp/iam/outputs.py

@@ -19,10 +19,6 @@ __all__ = [
     'DenyPolicyRuleDenyRuleDenialCondition',
     'WorkforcePoolAccessRestrictions',
     'WorkforcePoolAccessRestrictionsAllowedService',
-    'WorkforcePoolProviderExtraAttributesOauth2Client',
-    'WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret',
-    'WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue',
-    'WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters',
     'WorkforcePoolProviderOidc',
     'WorkforcePoolProviderOidcClientSecret',
     'WorkforcePoolProviderOidcClientSecretValue',
@@ -510,195 +506,6 @@ class WorkforcePoolAccessRestrictionsAllowedService(dict):
         return pulumi.get(self, "domain")
 
 
-@pulumi.output_type
-class WorkforcePoolProviderExtraAttributesOauth2Client(dict):
-    @staticmethod
-    def __key_warning(key: str):
-        suggest = None
-        if key == "attributesType":
-            suggest = "attributes_type"
-        elif key == "clientId":
-            suggest = "client_id"
-        elif key == "clientSecret":
-            suggest = "client_secret"
-        elif key == "issuerUri":
-            suggest = "issuer_uri"
-        elif key == "queryParameters":
-            suggest = "query_parameters"
-
-        if suggest:
-            pulumi.log.warn(f"Key '{key}' not found in WorkforcePoolProviderExtraAttributesOauth2Client. Access the value via the '{suggest}' property getter instead.")
-
-    def __getitem__(self, key: str) -> Any:
-        WorkforcePoolProviderExtraAttributesOauth2Client.__key_warning(key)
-        return super().__getitem__(key)
-
-    def get(self, key: str, default = None) -> Any:
-        WorkforcePoolProviderExtraAttributesOauth2Client.__key_warning(key)
-        return super().get(key, default)
-
-    def __init__(__self__, *,
-                 attributes_type: str,
-                 client_id: str,
-                 client_secret: 'outputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret',
-                 issuer_uri: str,
-                 query_parameters: Optional['outputs.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters'] = None):
-        """
-        :param str attributes_type: Represents the IdP and type of claims that should be fetched.
-               * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
-               in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
-               See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
-               'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
-        :param str client_id: The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
-        :param 'WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs' client_secret: The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
-        :param str issuer_uri: The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
-        :param 'WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs' query_parameters: Represents the parameters to control which claims are fetched from an IdP.
-        """
-        pulumi.set(__self__, "attributes_type", attributes_type)
-        pulumi.set(__self__, "client_id", client_id)
-        pulumi.set(__self__, "client_secret", client_secret)
-        pulumi.set(__self__, "issuer_uri", issuer_uri)
-        if query_parameters is not None:
-            pulumi.set(__self__, "query_parameters", query_parameters)
-
-    @property
-    @pulumi.getter(name="attributesType")
-    def attributes_type(self) -> str:
-        """
-        Represents the IdP and type of claims that should be fetched.
-        * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
-        in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
-        See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
-        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
-        """
-        return pulumi.get(self, "attributes_type")
-
-    @property
-    @pulumi.getter(name="clientId")
-    def client_id(self) -> str:
-        """
-        The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
-        """
-        return pulumi.get(self, "client_id")
-
-    @property
-    @pulumi.getter(name="clientSecret")
-    def client_secret(self) -> 'outputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret':
-        """
-        The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
-        """
-        return pulumi.get(self, "client_secret")
-
-    @property
-    @pulumi.getter(name="issuerUri")
-    def issuer_uri(self) -> str:
-        """
-        The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
-        """
-        return pulumi.get(self, "issuer_uri")
-
-    @property
-    @pulumi.getter(name="queryParameters")
-    def query_parameters(self) -> Optional['outputs.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters']:
-        """
-        Represents the parameters to control which claims are fetched from an IdP.
-        """
-        return pulumi.get(self, "query_parameters")
-
-
-@pulumi.output_type
-class WorkforcePoolProviderExtraAttributesOauth2ClientClientSecret(dict):
-    def __init__(__self__, *,
-                 value: Optional['outputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue'] = None):
-        """
-        :param 'WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs' value: The value of the client secret.
-               Structure is documented below.
-        """
-        if value is not None:
-            pulumi.set(__self__, "value", value)
-
-    @property
-    @pulumi.getter
-    def value(self) -> Optional['outputs.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue']:
-        """
-        The value of the client secret.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "value")
-
-
-@pulumi.output_type
-class WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue(dict):
-    @staticmethod
-    def __key_warning(key: str):
-        suggest = None
-        if key == "plainText":
-            suggest = "plain_text"
-
-        if suggest:
-            pulumi.log.warn(f"Key '{key}' not found in WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue. Access the value via the '{suggest}' property getter instead.")
-
-    def __getitem__(self, key: str) -> Any:
-        WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue.__key_warning(key)
-        return super().__getitem__(key)
-
-    def get(self, key: str, default = None) -> Any:
-        WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValue.__key_warning(key)
-        return super().get(key, default)
-
-    def __init__(__self__, *,
-                 plain_text: str,
-                 thumbprint: Optional[str] = None):
-        """
-        :param str plain_text: The plain text of the client secret value.
-        :param str thumbprint: (Output)
-               A thumbprint to represent the current client secret value.
-        """
-        pulumi.set(__self__, "plain_text", plain_text)
-        if thumbprint is not None:
-            pulumi.set(__self__, "thumbprint", thumbprint)
-
-    @property
-    @pulumi.getter(name="plainText")
-    def plain_text(self) -> str:
-        """
-        The plain text of the client secret value.
-        """
-        return pulumi.get(self, "plain_text")
-
-    @property
-    @pulumi.getter
-    def thumbprint(self) -> Optional[str]:
-        """
-        (Output)
-        A thumbprint to represent the current client secret value.
-        """
-        return pulumi.get(self, "thumbprint")
-
-
-@pulumi.output_type
-class WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters(dict):
-    def __init__(__self__, *,
-                 filter: Optional[str] = None):
-        """
-        :param str filter: The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
-               filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
-               groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
-        """
-        if filter is not None:
-            pulumi.set(__self__, "filter", filter)
-
-    @property
-    @pulumi.getter
-    def filter(self) -> Optional[str]:
-        """
-        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
-        filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
-        groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
-        """
-        return pulumi.get(self, "filter")
-
-
 @pulumi.output_type
 class WorkforcePoolProviderOidc(dict):
     @staticmethod
@@ -882,6 +689,7 @@ class WorkforcePoolProviderOidcClientSecretValue(dict):
                  thumbprint: Optional[str] = None):
         """
         :param str plain_text: The plain text of the client secret value.
+               **Note**: This property is sensitive and will not be displayed in the plan.
         :param str thumbprint: (Output)
                A thumbprint to represent the current client secret value.
         """
@@ -894,6 +702,7 @@ class WorkforcePoolProviderOidcClientSecretValue(dict):
     def plain_text(self) -> str:
         """
         The plain text of the client secret value.
+        **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "plain_text")
 
@@ -946,8 +755,6 @@ class WorkforcePoolProviderOidcWebSsoConfig(dict):
                Possible values are: `CODE`, `ID_TOKEN`.
         :param Sequence[str] additional_scopes: Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
                Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
-               
-               <a name="nested_extra_attributes_oauth2_client"></a>The `extra_attributes_oauth2_client` block supports:
         """
         pulumi.set(__self__, "assertion_claims_behavior", assertion_claims_behavior)
         pulumi.set(__self__, "response_type", response_type)
@@ -983,8 +790,6 @@ class WorkforcePoolProviderOidcWebSsoConfig(dict):
         """
         Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
         Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
-
-        <a name="nested_extra_attributes_oauth2_client"></a>The `extra_attributes_oauth2_client` block supports:
         """
         return pulumi.get(self, "additional_scopes")
 

pulumi_gcp/iam/workforce_pool_provider.py

@@ -24,7 +24,6 @@ class WorkforcePoolProviderArgs:
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
-                 extra_attributes_oauth2_client: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']] = None,
                  oidc: Optional[pulumi.Input['WorkforcePoolProviderOidcArgs']] = None,
                  saml: Optional[pulumi.Input['WorkforcePoolProviderSamlArgs']] = None):
         """
@@ -91,11 +90,6 @@ class WorkforcePoolProviderArgs:
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
         :param pulumi.Input[str] display_name: A user-specified display name for the provider. Cannot exceed 32 characters.
-        :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs'] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
-               attributes. This should be used when users can't get the desired claims
-               in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
-               Structure is documented below.
         :param pulumi.Input['WorkforcePoolProviderOidcArgs'] oidc: Represents an OpenId Connect 1.0 identity provider.
                Structure is documented below.
         :param pulumi.Input['WorkforcePoolProviderSamlArgs'] saml: Represents a SAML identity provider.
@@ -114,8 +108,6 @@ class WorkforcePoolProviderArgs:
             pulumi.set(__self__, "disabled", disabled)
         if display_name is not None:
             pulumi.set(__self__, "display_name", display_name)
-        if extra_attributes_oauth2_client is not None:
-            pulumi.set(__self__, "extra_attributes_oauth2_client", extra_attributes_oauth2_client)
         if oidc is not None:
             pulumi.set(__self__, "oidc", oidc)
         if saml is not None:
@@ -271,22 +263,6 @@ class WorkforcePoolProviderArgs:
     def display_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "display_name", value)
 
-    @property
-    @pulumi.getter(name="extraAttributesOauth2Client")
-    def extra_attributes_oauth2_client(self) -> Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']]:
-        """
-        The configuration for OAuth 2.0 client used to get the additional user
-        attributes. This should be used when users can't get the desired claims
-        in authentication credentials. Currently this configuration is only
-        supported with OIDC protocol.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "extra_attributes_oauth2_client")
-
-    @extra_attributes_oauth2_client.setter
-    def extra_attributes_oauth2_client(self, value: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']]):
-        pulumi.set(self, "extra_attributes_oauth2_client", value)
-
     @property
     @pulumi.getter
     def oidc(self) -> Optional[pulumi.Input['WorkforcePoolProviderOidcArgs']]:
@@ -322,7 +298,6 @@ class _WorkforcePoolProviderState:
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
-                 extra_attributes_oauth2_client: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']] = None,
                  location: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  oidc: Optional[pulumi.Input['WorkforcePoolProviderOidcArgs']] = None,
@@ -383,11 +358,6 @@ class _WorkforcePoolProviderState:
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
         :param pulumi.Input[str] display_name: A user-specified display name for the provider. Cannot exceed 32 characters.
-        :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs'] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
-               attributes. This should be used when users can't get the desired claims
-               in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
-               Structure is documented below.
         :param pulumi.Input[str] location: The location for the resource.
         :param pulumi.Input[str] name: Output only. The resource name of the provider.
                Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`
@@ -422,8 +392,6 @@ class _WorkforcePoolProviderState:
             pulumi.set(__self__, "disabled", disabled)
         if display_name is not None:
             pulumi.set(__self__, "display_name", display_name)
-        if extra_attributes_oauth2_client is not None:
-            pulumi.set(__self__, "extra_attributes_oauth2_client", extra_attributes_oauth2_client)
         if location is not None:
             pulumi.set(__self__, "location", location)
         if name is not None:
@@ -545,22 +513,6 @@ class _WorkforcePoolProviderState:
     def display_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "display_name", value)
 
-    @property
-    @pulumi.getter(name="extraAttributesOauth2Client")
-    def extra_attributes_oauth2_client(self) -> Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']]:
-        """
-        The configuration for OAuth 2.0 client used to get the additional user
-        attributes. This should be used when users can't get the desired claims
-        in authentication credentials. Currently this configuration is only
-        supported with OIDC protocol.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "extra_attributes_oauth2_client")
-
-    @extra_attributes_oauth2_client.setter
-    def extra_attributes_oauth2_client(self, value: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']]):
-        pulumi.set(self, "extra_attributes_oauth2_client", value)
-
     @property
     @pulumi.getter
     def location(self) -> Optional[pulumi.Input[str]]:
@@ -672,7 +624,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
-                 extra_attributes_oauth2_client: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']]] = None,
                  location: Optional[pulumi.Input[str]] = None,
                  oidc: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolProviderOidcArgs']]] = None,
                  provider_id: Optional[pulumi.Input[str]] = None,
@@ -809,91 +760,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
             disabled=False,
             attribute_condition="true")
         ```
-        ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Basic
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        pool = gcp.iam.WorkforcePool("pool",
-            workforce_pool_id="example-pool",
-            parent="organizations/123456789",
-            location="global")
-        example = gcp.iam.WorkforcePoolProvider("example",
-            workforce_pool_id=pool.workforce_pool_id,
-            location=pool.location,
-            provider_id="example-prvdr",
-            attribute_mapping={
-                "google.subject": "assertion.sub",
-            },
-            oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
-                issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
-                client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
-                web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
-                    response_type="CODE",
-                    assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
-                ),
-                client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-            ),
-            extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
-                issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
-                client_id="client-id",
-                client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-                attributes_type="AZURE_AD_GROUPS_MAIL",
-            ))
-        ```
-        ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Full
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        pool = gcp.iam.WorkforcePool("pool",
-            workforce_pool_id="example-pool",
-            parent="organizations/123456789",
-            location="global")
-        example = gcp.iam.WorkforcePoolProvider("example",
-            workforce_pool_id=pool.workforce_pool_id,
-            location=pool.location,
-            provider_id="example-prvdr",
-            attribute_mapping={
-                "google.subject": "assertion.sub",
-            },
-            oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
-                issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
-                client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
-                client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-                web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
-                    response_type="CODE",
-                    assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
-                ),
-            ),
-            extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
-                issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
-                client_id="client-id",
-                client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-                attributes_type="AZURE_AD_GROUPS_MAIL",
-                query_parameters=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs(
-                    filter="mail:gcp",
-                ),
-            ))
-        ```
 
         ## Import
 
@@ -966,11 +832,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
         :param pulumi.Input[str] display_name: A user-specified display name for the provider. Cannot exceed 32 characters.
-        :param pulumi.Input[pulumi.InputType['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
-               attributes. This should be used when users can't get the desired claims
-               in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
-               Structure is documented below.
         :param pulumi.Input[str] location: The location for the resource.
         :param pulumi.Input[pulumi.InputType['WorkforcePoolProviderOidcArgs']] oidc: Represents an OpenId Connect 1.0 identity provider.
                Structure is documented below.
@@ -1123,91 +984,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
             disabled=False,
             attribute_condition="true")
         ```
-        ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Basic
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        pool = gcp.iam.WorkforcePool("pool",
-            workforce_pool_id="example-pool",
-            parent="organizations/123456789",
-            location="global")
-        example = gcp.iam.WorkforcePoolProvider("example",
-            workforce_pool_id=pool.workforce_pool_id,
-            location=pool.location,
-            provider_id="example-prvdr",
-            attribute_mapping={
-                "google.subject": "assertion.sub",
-            },
-            oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
-                issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
-                client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
-                web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
-                    response_type="CODE",
-                    assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
-                ),
-                client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-            ),
-            extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
-                issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
-                client_id="client-id",
-                client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-                attributes_type="AZURE_AD_GROUPS_MAIL",
-            ))
-        ```
-        ### Iam Workforce Pool Provider Extra Attributes Oauth2 Config Client Full
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        pool = gcp.iam.WorkforcePool("pool",
-            workforce_pool_id="example-pool",
-            parent="organizations/123456789",
-            location="global")
-        example = gcp.iam.WorkforcePoolProvider("example",
-            workforce_pool_id=pool.workforce_pool_id,
-            location=pool.location,
-            provider_id="example-prvdr",
-            attribute_mapping={
-                "google.subject": "assertion.sub",
-            },
-            oidc=gcp.iam.WorkforcePoolProviderOidcArgs(
-                issuer_uri="https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989/",
-                client_id="https://analysis.windows.net/powerbi/connector/GoogleBigQuery",
-                client_secret=gcp.iam.WorkforcePoolProviderOidcClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderOidcClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-                web_sso_config=gcp.iam.WorkforcePoolProviderOidcWebSsoConfigArgs(
-                    response_type="CODE",
-                    assertion_claims_behavior="MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS",
-                ),
-            ),
-            extra_attributes_oauth2_client=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientArgs(
-                issuer_uri="https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
-                client_id="client-id",
-                client_secret=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs(
-                    value=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs(
-                        plain_text="client-secret",
-                    ),
-                ),
-                attributes_type="AZURE_AD_GROUPS_MAIL",
-                query_parameters=gcp.iam.WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs(
-                    filter="mail:gcp",
-                ),
-            ))
-        ```
 
         ## Import
 
@@ -1247,7 +1023,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
-                 extra_attributes_oauth2_client: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']]] = None,
                  location: Optional[pulumi.Input[str]] = None,
                  oidc: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolProviderOidcArgs']]] = None,
                  provider_id: Optional[pulumi.Input[str]] = None,
@@ -1267,7 +1042,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
             __props__.__dict__["description"] = description
             __props__.__dict__["disabled"] = disabled
             __props__.__dict__["display_name"] = display_name
-            __props__.__dict__["extra_attributes_oauth2_client"] = extra_attributes_oauth2_client
             if location is None and not opts.urn:
                 raise TypeError("Missing required property 'location'")
             __props__.__dict__["location"] = location
@@ -1296,7 +1070,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
             description: Optional[pulumi.Input[str]] = None,
             disabled: Optional[pulumi.Input[bool]] = None,
             display_name: Optional[pulumi.Input[str]] = None,
-            extra_attributes_oauth2_client: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']]] = None,
             location: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
             oidc: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolProviderOidcArgs']]] = None,
@@ -1362,11 +1135,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         :param pulumi.Input[bool] disabled: Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
                However, existing tokens still grant access.
         :param pulumi.Input[str] display_name: A user-specified display name for the provider. Cannot exceed 32 characters.
-        :param pulumi.Input[pulumi.InputType['WorkforcePoolProviderExtraAttributesOauth2ClientArgs']] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
-               attributes. This should be used when users can't get the desired claims
-               in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
-               Structure is documented below.
         :param pulumi.Input[str] location: The location for the resource.
         :param pulumi.Input[str] name: Output only. The resource name of the provider.
                Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}`
@@ -1400,7 +1168,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         __props__.__dict__["description"] = description
         __props__.__dict__["disabled"] = disabled
         __props__.__dict__["display_name"] = display_name
-        __props__.__dict__["extra_attributes_oauth2_client"] = extra_attributes_oauth2_client
         __props__.__dict__["location"] = location
         __props__.__dict__["name"] = name
         __props__.__dict__["oidc"] = oidc
@@ -1496,18 +1263,6 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         """
         return pulumi.get(self, "display_name")
 
-    @property
-    @pulumi.getter(name="extraAttributesOauth2Client")
-    def extra_attributes_oauth2_client(self) -> pulumi.Output[Optional['outputs.WorkforcePoolProviderExtraAttributesOauth2Client']]:
-        """
-        The configuration for OAuth 2.0 client used to get the additional user
-        attributes. This should be used when users can't get the desired claims
-        in authentication credentials. Currently this configuration is only
-        supported with OIDC protocol.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "extra_attributes_oauth2_client")
-
     @property
     @pulumi.getter
     def location(self) -> pulumi.Output[str]:

pulumi_gcp/integrationconnectors/__init__.py

@@ -7,6 +7,5 @@ import typing
 # Export this package's modules as members:
 from .connection import *
 from .endpoint_attachment import *
-from .managed_zone import *
 from ._inputs import *
 from . import outputs

pulumi_gcp/networkconnectivity/__init__.py

@@ -8,7 +8,6 @@ import typing
 from .hub import *
 from .internal_range import *
 from .policy_based_route import *
-from .regional_endpoint import *
 from .service_connection_policy import *
 from .spoke import *
 from ._inputs import *