pulumi-gcp 8.21.0a1741070272__py3-none-any.whl → 8.21.0a1741103856__py3-none-any.whl

pulumi_gcp/gemini/logging_setting.py

@@ -343,6 +343,8 @@ class LoggingSetting(pulumi.CustomResource):
                  project: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
+        The resource for managing Logging settings for Admin Control.
+
         ## Example Usage
 
         ### Gemini Logging Setting Basic
@@ -407,6 +409,8 @@ class LoggingSetting(pulumi.CustomResource):
                  args: LoggingSettingArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        The resource for managing Logging settings for Admin Control.
+
         ## Example Usage
 
         ### Gemini Logging Setting Basic

pulumi_gcp/gemini/logging_setting_binding.py

@@ -379,6 +379,12 @@ class LoggingSettingBinding(pulumi.CustomResource):
                  target: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
+        The resource for managing Logging setting bindings for Admin Control.
+
+        To get more information about LoggingSettingBinding, see:
+        * How-to Guides
+            * [Gemini Cloud Assist overview](https://cloud.google.com/gemini/docs/cloud-assist/overview)
+
         ## Example Usage
 
         ### Gemini Logging Setting Binding Basic
@@ -449,6 +455,12 @@ class LoggingSettingBinding(pulumi.CustomResource):
                  args: LoggingSettingBindingArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        The resource for managing Logging setting bindings for Admin Control.
+
+        To get more information about LoggingSettingBinding, see:
+        * How-to Guides
+            * [Gemini Cloud Assist overview](https://cloud.google.com/gemini/docs/cloud-assist/overview)
+
         ## Example Usage
 
         ### Gemini Logging Setting Binding Basic

pulumi_gcp/iam/organizations_policy_binding.py

@@ -512,12 +512,15 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
         ```python
         import pulumi
         import pulumi_gcp as gcp
+        import pulumi_time as time
 
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
             display_name="test org binding",
             principal_access_boundary_policy_id="my-pab-policy")
+        wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
+        opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
         my_org_binding = gcp.iam.OrganizationsPolicyBinding("my-org-binding",
             organization="123456789",
             location="global",
@@ -527,7 +530,8 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
-            })
+            },
+            opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))
         ```
 
         ## Import
@@ -596,12 +600,15 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
         ```python
         import pulumi
         import pulumi_gcp as gcp
+        import pulumi_time as time
 
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
             display_name="test org binding",
             principal_access_boundary_policy_id="my-pab-policy")
+        wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
+        opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
         my_org_binding = gcp.iam.OrganizationsPolicyBinding("my-org-binding",
             organization="123456789",
             location="global",
@@ -611,7 +618,8 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
-            })
+            },
+            opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))
         ```
 
         ## Import

pulumi_gcp/iam/projects_policy_binding.py

@@ -505,6 +505,7 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
         ```python
         import pulumi
         import pulumi_gcp as gcp
+        import pulumi_time as time
 
         project = gcp.organizations.get_project()
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
@@ -512,6 +513,8 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
             location="global",
             display_name="test project binding",
             principal_access_boundary_policy_id="my-pab-policy")
+        wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
+        opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
         my_project_binding = gcp.iam.ProjectsPolicyBinding("my-project-binding",
             project=project.project_id,
             location="global",
@@ -521,7 +524,8 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": f"//cloudresourcemanager.googleapis.com/projects/{project.project_id}",
-            })
+            },
+            opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))
         ```
 
         ## Import
@@ -595,6 +599,7 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
         ```python
         import pulumi
         import pulumi_gcp as gcp
+        import pulumi_time as time
 
         project = gcp.organizations.get_project()
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
@@ -602,6 +607,8 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
             location="global",
             display_name="test project binding",
             principal_access_boundary_policy_id="my-pab-policy")
+        wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
+        opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
         my_project_binding = gcp.iam.ProjectsPolicyBinding("my-project-binding",
             project=project.project_id,
             location="global",
@@ -611,7 +618,8 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": f"//cloudresourcemanager.googleapis.com/projects/{project.project_id}",
-            })
+            },
+            opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))
         ```
 
         ## Import

pulumi_gcp/iam/workforce_pool_provider.py

@@ -99,7 +99,7 @@ class WorkforcePoolProviderArgs:
         :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs'] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
                attributes. This should be used when users can't get the desired claims
                in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
+               supported with SAML and OIDC protocol.
                Structure is documented below.
         :param pulumi.Input['WorkforcePoolProviderOidcArgs'] oidc: Represents an OpenId Connect 1.0 identity provider.
                Structure is documented below.
@@ -283,7 +283,7 @@ class WorkforcePoolProviderArgs:
         The configuration for OAuth 2.0 client used to get the additional user
         attributes. This should be used when users can't get the desired claims
         in authentication credentials. Currently this configuration is only
-        supported with OIDC protocol.
+        supported with SAML and OIDC protocol.
         Structure is documented below.
         """
         return pulumi.get(self, "extra_attributes_oauth2_client")
@@ -391,7 +391,7 @@ class _WorkforcePoolProviderState:
         :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientArgs'] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
                attributes. This should be used when users can't get the desired claims
                in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
+               supported with SAML and OIDC protocol.
                Structure is documented below.
         :param pulumi.Input[str] location: The location for the resource.
         :param pulumi.Input[str] name: Output only. The resource name of the provider.
@@ -557,7 +557,7 @@ class _WorkforcePoolProviderState:
         The configuration for OAuth 2.0 client used to get the additional user
         attributes. This should be used when users can't get the desired claims
         in authentication credentials. Currently this configuration is only
-        supported with OIDC protocol.
+        supported with SAML and OIDC protocol.
         Structure is documented below.
         """
         return pulumi.get(self, "extra_attributes_oauth2_client")
@@ -737,7 +737,20 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                 "google.subject": "assertion.sub",
             },
             saml={
-                "idp_metadata_xml": "<?xml version=\\"1.0\\"?><md:EntityDescriptor xmlns:md=\\"urn:oasis:names:tc:SAML:2.0:metadata\\" entityID=\\"https://test.com\\"><md:IDPSSODescriptor protocolSupportEnumeration=\\"urn:oasis:names:tc:SAML:2.0:protocol\\"> <md:KeyDescriptor use=\\"signing\\"><ds:KeyInfo xmlns:ds=\\"http://www.w3.org/2000/09/xmldsig#\\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\\" Location=\\"https://test.com/sso\\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
+                "idp_metadata_xml": "<?xml version=\\"1.0\\"?><md:EntityDescriptor xmlns:md=\\"urn:oasis:names:tc:SAML:2.0:metadata\\" entityID=\\"https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989\\"><md:IDPSSODescriptor protocolSupportEnumeration=\\"urn:oasis:names:tc:SAML:2.0:protocol\\"> <md:KeyDescriptor use=\\"signing\\"><ds:KeyInfo xmlns:ds=\\"http://www.w3.org/2000/09/xmldsig#\\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\\" Location=\\"https://test.com/sso\\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
+            },
+            extra_attributes_oauth2_client={
+                "issuer_uri": "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
+                "client_id": "client-id",
+                "client_secret": {
+                    "value": {
+                        "plain_text": "client-secret",
+                    },
+                },
+                "attributes_type": "AZURE_AD_GROUPS_MAIL",
+                "query_parameters": {
+                    "filter": "mail:gcp",
+                },
             },
             display_name="Display name",
             description="A sample SAML workforce pool provider.",
@@ -793,7 +806,7 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                 "google.subject": "assertion.sub",
             },
             oidc={
-                "issuer_uri": "https://accounts.thirdparty.com",
+                "issuer_uri": "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
                 "client_id": "client-id",
                 "client_secret": {
                     "value": {
@@ -809,6 +822,19 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                     ],
                 },
             },
+            extra_attributes_oauth2_client={
+                "issuer_uri": "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
+                "client_id": "client-id",
+                "client_secret": {
+                    "value": {
+                        "plain_text": "client-secret",
+                    },
+                },
+                "attributes_type": "AZURE_AD_GROUPS_MAIL",
+                "query_parameters": {
+                    "filter": "mail:sales",
+                },
+            },
             display_name="Display name",
             description="A sample OIDC workforce pool provider.",
             disabled=False,
@@ -974,7 +1000,7 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         :param pulumi.Input[Union['WorkforcePoolProviderExtraAttributesOauth2ClientArgs', 'WorkforcePoolProviderExtraAttributesOauth2ClientArgsDict']] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
                attributes. This should be used when users can't get the desired claims
                in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
+               supported with SAML and OIDC protocol.
                Structure is documented below.
         :param pulumi.Input[str] location: The location for the resource.
         :param pulumi.Input[Union['WorkforcePoolProviderOidcArgs', 'WorkforcePoolProviderOidcArgsDict']] oidc: Represents an OpenId Connect 1.0 identity provider.
@@ -1051,7 +1077,20 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                 "google.subject": "assertion.sub",
             },
             saml={
-                "idp_metadata_xml": "<?xml version=\\"1.0\\"?><md:EntityDescriptor xmlns:md=\\"urn:oasis:names:tc:SAML:2.0:metadata\\" entityID=\\"https://test.com\\"><md:IDPSSODescriptor protocolSupportEnumeration=\\"urn:oasis:names:tc:SAML:2.0:protocol\\"> <md:KeyDescriptor use=\\"signing\\"><ds:KeyInfo xmlns:ds=\\"http://www.w3.org/2000/09/xmldsig#\\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\\" Location=\\"https://test.com/sso\\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
+                "idp_metadata_xml": "<?xml version=\\"1.0\\"?><md:EntityDescriptor xmlns:md=\\"urn:oasis:names:tc:SAML:2.0:metadata\\" entityID=\\"https://sts.windows.net/826602fe-2101-470c-9d71-ee1343668989\\"><md:IDPSSODescriptor protocolSupportEnumeration=\\"urn:oasis:names:tc:SAML:2.0:protocol\\"> <md:KeyDescriptor use=\\"signing\\"><ds:KeyInfo xmlns:ds=\\"http://www.w3.org/2000/09/xmldsig#\\"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX7/5qPhMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTg0MjExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjIwMjE2MDAxOTEyWhcNMzIwMjE2MDAyMDEyWjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU4NDIxMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrBl7GKz52cRpxF9xCsirnRuMxnhFBaUrsHqAQrLqWmdlpNYZTVg+T9iQ+aq/iE68L+BRZcZniKIvW58wqqS0ltXVvIkXuDSvnvnkkI5yMIVErR20K8jSOKQm1FmK+fgAJ4koshFiu9oLiqu0Ejc0DuL3/XRsb4RuxjktKTb1khgBBtb+7idEk0sFR0RPefAweXImJkDHDm7SxjDwGJUubbqpdTxasPr0W+AHI1VUzsUsTiHAoyb0XDkYqHfDzhj/ZdIEl4zHQ3bEZvlD984ztAnmX2SuFLLKfXeAAGHei8MMixJvwxYkkPeYZ/5h8WgBZPP4heS2CPjwYExt29L8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARjJFz++a9Z5IQGFzsZMrX2EDR5ML4xxUiQkbhld1S1PljOLcYFARDmUC2YYHOueU4ee8Jid9nPGEUebV/4Jok+b+oQh+dWMgiWjSLI7h5q4OYZ3VJtdlVwgMFt2iz+/4yBKMUZ50g3Qgg36vE34us+eKitg759JgCNsibxn0qtJgSPm0sgP2L6yTaLnoEUbXBRxCwynTSkp9ZijZqEzbhN0e2dWv7Rx/nfpohpDP6vEiFImKFHpDSv3M/5de1ytQzPFrZBYt9WlzlYwE1aD9FHCxdd+rWgYMVVoRaRmndpV/Rq3QUuDuFJtaoX11bC7ExkOpg9KstZzA63i3VcfYv</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding=\\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\\" Location=\\"https://test.com/sso\\"/></md:IDPSSODescriptor></md:EntityDescriptor>",
+            },
+            extra_attributes_oauth2_client={
+                "issuer_uri": "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
+                "client_id": "client-id",
+                "client_secret": {
+                    "value": {
+                        "plain_text": "client-secret",
+                    },
+                },
+                "attributes_type": "AZURE_AD_GROUPS_MAIL",
+                "query_parameters": {
+                    "filter": "mail:gcp",
+                },
             },
             display_name="Display name",
             description="A sample SAML workforce pool provider.",
@@ -1107,7 +1146,7 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                 "google.subject": "assertion.sub",
             },
             oidc={
-                "issuer_uri": "https://accounts.thirdparty.com",
+                "issuer_uri": "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
                 "client_id": "client-id",
                 "client_secret": {
                     "value": {
@@ -1123,6 +1162,19 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                     ],
                 },
             },
+            extra_attributes_oauth2_client={
+                "issuer_uri": "https://login.microsoftonline.com/826602fe-2101-470c-9d71-ee1343668989/v2.0",
+                "client_id": "client-id",
+                "client_secret": {
+                    "value": {
+                        "plain_text": "client-secret",
+                    },
+                },
+                "attributes_type": "AZURE_AD_GROUPS_MAIL",
+                "query_parameters": {
+                    "filter": "mail:sales",
+                },
+            },
             display_name="Display name",
             description="A sample OIDC workforce pool provider.",
             disabled=False,
@@ -1370,7 +1422,7 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         :param pulumi.Input[Union['WorkforcePoolProviderExtraAttributesOauth2ClientArgs', 'WorkforcePoolProviderExtraAttributesOauth2ClientArgsDict']] extra_attributes_oauth2_client: The configuration for OAuth 2.0 client used to get the additional user
                attributes. This should be used when users can't get the desired claims
                in authentication credentials. Currently this configuration is only
-               supported with OIDC protocol.
+               supported with SAML and OIDC protocol.
                Structure is documented below.
         :param pulumi.Input[str] location: The location for the resource.
         :param pulumi.Input[str] name: Output only. The resource name of the provider.
@@ -1508,7 +1560,7 @@ class WorkforcePoolProvider(pulumi.CustomResource):
         The configuration for OAuth 2.0 client used to get the additional user
         attributes. This should be used when users can't get the desired claims
         in authentication credentials. Currently this configuration is only
-        supported with OIDC protocol.
+        supported with SAML and OIDC protocol.
         Structure is documented below.
         """
         return pulumi.get(self, "extra_attributes_oauth2_client")

pulumi_gcp/parametermanager/get_parameter_version_render.py

@@ -103,6 +103,9 @@ class GetParameterVersionRenderResult:
     @property
     @pulumi.getter(name="renderedParameterData")
     def rendered_parameter_data(self) -> str:
+        """
+        The Rendered Parameter Data specifies that if you use `__REF__()` to reference a secret and the format is JSON or YAML, the placeholder `__REF__()` will be replaced with the actual secret value. However, if the format is UNFORMATTED, it will stay the same as the original `parameter_data`.
+        """
         return pulumi.get(self, "rendered_parameter_data")
 
 

pulumi_gcp/parametermanager/get_regional_parameter_version_render.py

@@ -111,6 +111,9 @@ class GetRegionalParameterVersionRenderResult:
     @property
     @pulumi.getter(name="renderedParameterData")
     def rendered_parameter_data(self) -> str:
+        """
+        The Rendered Parameter Data specifies that if you use `__REF__()` to reference a secret and the format is JSON or YAML, the placeholder `__REF__()` will be replaced with the actual secret value. However, if the format is UNFORMATTED, it will stay the same as the original `parameter_data`.
+        """
         return pulumi.get(self, "rendered_parameter_data")
 
 

pulumi_gcp/projects/__init__.py

@@ -8,6 +8,7 @@ import typing
 from .access_approval_settings import *
 from .api_key import *
 from .default_service_accounts import *
+from .get_ancestry import *
 from .get_iam_policy import *
 from .get_organization_policy import *
 from .get_project import *

pulumi_gcp/projects/get_ancestry.py

@@ -0,0 +1,150 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+from . import outputs
+
+__all__ = [
+    'GetAncestryResult',
+    'AwaitableGetAncestryResult',
+    'get_ancestry',
+    'get_ancestry_output',
+]
+
+@pulumi.output_type
+class GetAncestryResult:
+    """
+    A collection of values returned by getAncestry.
+    """
+    def __init__(__self__, ancestors=None, id=None, org_id=None, parent_id=None, parent_type=None, project=None):
+        if ancestors and not isinstance(ancestors, list):
+            raise TypeError("Expected argument 'ancestors' to be a list")
+        pulumi.set(__self__, "ancestors", ancestors)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if org_id and not isinstance(org_id, str):
+            raise TypeError("Expected argument 'org_id' to be a str")
+        pulumi.set(__self__, "org_id", org_id)
+        if parent_id and not isinstance(parent_id, str):
+            raise TypeError("Expected argument 'parent_id' to be a str")
+        pulumi.set(__self__, "parent_id", parent_id)
+        if parent_type and not isinstance(parent_type, str):
+            raise TypeError("Expected argument 'parent_type' to be a str")
+        pulumi.set(__self__, "parent_type", parent_type)
+        if project and not isinstance(project, str):
+            raise TypeError("Expected argument 'project' to be a str")
+        pulumi.set(__self__, "project", project)
+
+    @property
+    @pulumi.getter
+    def ancestors(self) -> Sequence['outputs.GetAncestryAncestorResult']:
+        """
+        A list of the project's ancestors. Structure is defined below.
+        """
+        return pulumi.get(self, "ancestors")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="orgId")
+    def org_id(self) -> str:
+        """
+        The optional user-assigned display name of the project.
+        """
+        return pulumi.get(self, "org_id")
+
+    @property
+    @pulumi.getter(name="parentId")
+    def parent_id(self) -> str:
+        """
+        The parent's id.
+        """
+        return pulumi.get(self, "parent_id")
+
+    @property
+    @pulumi.getter(name="parentType")
+    def parent_type(self) -> str:
+        """
+        One of `"folder"` or `"organization"`.
+        """
+        return pulumi.get(self, "parent_type")
+
+    @property
+    @pulumi.getter
+    def project(self) -> Optional[str]:
+        return pulumi.get(self, "project")
+
+
+class AwaitableGetAncestryResult(GetAncestryResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetAncestryResult(
+            ancestors=self.ancestors,
+            id=self.id,
+            org_id=self.org_id,
+            parent_id=self.parent_id,
+            parent_type=self.parent_type,
+            project=self.project)
+
+
+def get_ancestry(project: Optional[str] = None,
+                 opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAncestryResult:
+    """
+    Retrieve the ancestors for a project.
+    See the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getAncestry) for more details.
+
+
+    :param str project: The ID of the project. If it is not provided, the provider project is used.
+    """
+    __args__ = dict()
+    __args__['project'] = project
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('gcp:projects/getAncestry:getAncestry', __args__, opts=opts, typ=GetAncestryResult).value
+
+    return AwaitableGetAncestryResult(
+        ancestors=pulumi.get(__ret__, 'ancestors'),
+        id=pulumi.get(__ret__, 'id'),
+        org_id=pulumi.get(__ret__, 'org_id'),
+        parent_id=pulumi.get(__ret__, 'parent_id'),
+        parent_type=pulumi.get(__ret__, 'parent_type'),
+        project=pulumi.get(__ret__, 'project'))
+def get_ancestry_output(project: Optional[pulumi.Input[Optional[str]]] = None,
+                        opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAncestryResult]:
+    """
+    Retrieve the ancestors for a project.
+    See the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getAncestry) for more details.
+
+
+    :param str project: The ID of the project. If it is not provided, the provider project is used.
+    """
+    __args__ = dict()
+    __args__['project'] = project
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('gcp:projects/getAncestry:getAncestry', __args__, opts=opts, typ=GetAncestryResult)
+    return __ret__.apply(lambda __response__: GetAncestryResult(
+        ancestors=pulumi.get(__response__, 'ancestors'),
+        id=pulumi.get(__response__, 'id'),
+        org_id=pulumi.get(__response__, 'org_id'),
+        parent_id=pulumi.get(__response__, 'parent_id'),
+        parent_type=pulumi.get(__response__, 'parent_type'),
+        project=pulumi.get(__response__, 'project')))

pulumi_gcp/projects/outputs.py

@@ -32,6 +32,7 @@ __all__ = [
     'OrganizationPolicyListPolicyAllow',
     'OrganizationPolicyListPolicyDeny',
     'OrganizationPolicyRestorePolicy',
+    'GetAncestryAncestorResult',
     'GetOrganizationPolicyBooleanPolicyResult',
     'GetOrganizationPolicyListPolicyResult',
     'GetOrganizationPolicyListPolicyAllowResult',
@@ -756,6 +757,35 @@ class OrganizationPolicyRestorePolicy(dict):
         return pulumi.get(self, "default")
 
 
+@pulumi.output_type
+class GetAncestryAncestorResult(dict):
+    def __init__(__self__, *,
+                 id: str,
+                 type: str):
+        """
+        :param str id: If it's a project, the `project_id` is exported, else the numeric folder id or organization id.
+        :param str type: One of `"project"`, `"folder"` or `"organization"`.
+        """
+        pulumi.set(__self__, "id", id)
+        pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        If it's a project, the `project_id` is exported, else the numeric folder id or organization id.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter
+    def type(self) -> str:
+        """
+        One of `"project"`, `"folder"` or `"organization"`.
+        """
+        return pulumi.get(self, "type")
+
+
 @pulumi.output_type
 class GetOrganizationPolicyBooleanPolicyResult(dict):
     def __init__(__self__, *,

pulumi_gcp/pulumi-plugin.json

@@ -1,5 +1,5 @@
 {
   "resource": true,
   "name": "gcp",
-  "version": "8.21.0-alpha.1741070272"
+  "version": "8.21.0-alpha.1741103856"
 }