PyPI - pulumi-gcp - Versions diffs - 8.32.0a1747459264__py3-none-any.whl → 8.32.1__py3-none-any.whl - Mend

pulumi-gcp 8.32.0a1747459264py3-none-any.whl → 8.32.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

pulumi_gcp/__init__.py +88 -0
pulumi_gcp/accesscontextmanager/authorized_orgs_desc.py +2 -2
pulumi_gcp/apigateway/api_config_iam_binding.py +13 -0
pulumi_gcp/apigateway/api_config_iam_member.py +13 -0
pulumi_gcp/apigateway/api_config_iam_policy.py +13 -0
pulumi_gcp/apigateway/api_iam_binding.py +13 -0
pulumi_gcp/apigateway/api_iam_member.py +13 -0
pulumi_gcp/apigateway/api_iam_policy.py +13 -0
pulumi_gcp/apigateway/gateway_iam_binding.py +13 -0
pulumi_gcp/apigateway/gateway_iam_member.py +13 -0
pulumi_gcp/apigateway/gateway_iam_policy.py +13 -0
pulumi_gcp/apigateway/get_api_config_iam_policy.py +2 -0
pulumi_gcp/apigateway/get_api_iam_policy.py +2 -0
pulumi_gcp/apigateway/get_gateway_iam_policy.py +2 -0
pulumi_gcp/apigee/environment_iam_binding.py +27 -0
pulumi_gcp/apigee/environment_iam_member.py +27 -0
pulumi_gcp/apigee/environment_iam_policy.py +27 -0
pulumi_gcp/apigee/get_environment_iam_policy.py +6 -0
pulumi_gcp/beyondcorp/__init__.py +1 -0
pulumi_gcp/beyondcorp/application.py +8 -4
pulumi_gcp/beyondcorp/application_iam_binding.py +26 -0
pulumi_gcp/beyondcorp/application_iam_member.py +26 -0
pulumi_gcp/beyondcorp/application_iam_policy.py +26 -0
pulumi_gcp/beyondcorp/get_application_iam_policy.py +4 -0
pulumi_gcp/beyondcorp/get_security_gateway.py +222 -0
pulumi_gcp/beyondcorp/get_security_gateway_iam_policy.py +2 -0
pulumi_gcp/beyondcorp/outputs.py +45 -0
pulumi_gcp/beyondcorp/security_gateway_iam_binding.py +13 -0
pulumi_gcp/beyondcorp/security_gateway_iam_member.py +13 -0
pulumi_gcp/beyondcorp/security_gateway_iam_policy.py +13 -0
pulumi_gcp/bigquery/__init__.py +1 -0
pulumi_gcp/bigquery/connection_iam_binding.py +4 -11
pulumi_gcp/bigquery/connection_iam_member.py +4 -11
pulumi_gcp/bigquery/connection_iam_policy.py +4 -11
pulumi_gcp/bigquery/data_transfer_config.py +2 -2
pulumi_gcp/bigquery/get_connection_iam_policy.py +2 -4
pulumi_gcp/bigquery/get_table_iam_policy.py +4 -0
pulumi_gcp/bigquery/iam_binding.py +26 -0
pulumi_gcp/bigquery/iam_member.py +26 -0
pulumi_gcp/bigquery/iam_policy.py +26 -0
pulumi_gcp/bigquery/row_access_policy.py +787 -0
pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_binding.py +7 -7
pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_member.py +7 -7
pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_policy.py +7 -7
pulumi_gcp/bigqueryanalyticshub/get_data_exchange_iam_policy.py +2 -2
pulumi_gcp/bigqueryanalyticshub/get_listing_iam_policy.py +2 -2
pulumi_gcp/bigqueryanalyticshub/listing_iam_binding.py +7 -7
pulumi_gcp/bigqueryanalyticshub/listing_iam_member.py +7 -7
pulumi_gcp/bigqueryanalyticshub/listing_iam_policy.py +7 -7
pulumi_gcp/bigqueryanalyticshub/listing_subscription.py +6 -6
pulumi_gcp/bigquerydatapolicy/data_policy_iam_binding.py +13 -0
pulumi_gcp/bigquerydatapolicy/data_policy_iam_member.py +13 -0
pulumi_gcp/bigquerydatapolicy/data_policy_iam_policy.py +13 -0
pulumi_gcp/bigquerydatapolicy/get_iam_policy.py +2 -0
pulumi_gcp/bigtable/logical_view.py +49 -0
pulumi_gcp/cloudbuild/trigger.py +2 -2
pulumi_gcp/clouddeploy/get_delivery_pipeline_iam_policy.py +6 -0
pulumi_gcp/clouddeploy/get_target_iam_policy.py +6 -0
pulumi_gcp/colab/schedule.py +2 -2
pulumi_gcp/compute/_inputs.py +126 -0
pulumi_gcp/compute/backend_service.py +259 -51
pulumi_gcp/compute/get_backend_service.py +23 -1
pulumi_gcp/compute/get_global_forwarding_rule.py +23 -1
pulumi_gcp/compute/get_instance_template.py +12 -1
pulumi_gcp/compute/get_network_endpoint_group.py +12 -1
pulumi_gcp/compute/global_forwarding_rule.py +199 -0
pulumi_gcp/compute/instance_template.py +28 -0
pulumi_gcp/compute/network_endpoint_group.py +28 -0
pulumi_gcp/compute/outputs.py +110 -0
pulumi_gcp/compute/region_backend_service.py +58 -51
pulumi_gcp/container/cluster.py +47 -0
pulumi_gcp/container/get_cluster.py +12 -1
pulumi_gcp/datacatalog/entry_group_iam_binding.py +34 -0
pulumi_gcp/datacatalog/entry_group_iam_member.py +34 -0
pulumi_gcp/datacatalog/entry_group_iam_policy.py +34 -0
pulumi_gcp/datacatalog/get_entry_group_iam_policy.py +8 -0
pulumi_gcp/datacatalog/get_tag_template_iam_policy.py +8 -0
pulumi_gcp/datacatalog/get_taxonomy_iam_policy.py +8 -0
pulumi_gcp/datacatalog/tag_template_iam_binding.py +34 -0
pulumi_gcp/datacatalog/tag_template_iam_member.py +34 -0
pulumi_gcp/datacatalog/tag_template_iam_policy.py +34 -0
pulumi_gcp/datacatalog/taxonomy_iam_binding.py +34 -0
pulumi_gcp/datacatalog/taxonomy_iam_member.py +34 -0
pulumi_gcp/datacatalog/taxonomy_iam_policy.py +34 -0
pulumi_gcp/dataplex/__init__.py +5 -0
pulumi_gcp/dataplex/_inputs.py +98 -0
pulumi_gcp/dataplex/aspect_type_iam_binding.py +13 -0
pulumi_gcp/dataplex/aspect_type_iam_member.py +13 -0
pulumi_gcp/dataplex/aspect_type_iam_policy.py +13 -0
pulumi_gcp/dataplex/asset_iam_binding.py +53 -0
pulumi_gcp/dataplex/asset_iam_member.py +53 -0
pulumi_gcp/dataplex/asset_iam_policy.py +53 -0
pulumi_gcp/dataplex/datascan_iam_binding.py +13 -0
pulumi_gcp/dataplex/datascan_iam_member.py +13 -0
pulumi_gcp/dataplex/datascan_iam_policy.py +13 -0
pulumi_gcp/dataplex/entry_group_iam_binding.py +13 -0
pulumi_gcp/dataplex/entry_group_iam_member.py +13 -0
pulumi_gcp/dataplex/entry_group_iam_policy.py +13 -0
pulumi_gcp/dataplex/entry_type_iam_binding.py +13 -0
pulumi_gcp/dataplex/entry_type_iam_member.py +13 -0
pulumi_gcp/dataplex/entry_type_iam_policy.py +13 -0
pulumi_gcp/dataplex/get_aspect_type_iam_policy.py +2 -0
pulumi_gcp/dataplex/get_asset_iam_policy.py +10 -0
pulumi_gcp/dataplex/get_datascan_iam_policy.py +2 -0
pulumi_gcp/dataplex/get_entry_group_iam_policy.py +2 -0
pulumi_gcp/dataplex/get_entry_type_iam_policy.py +2 -0
pulumi_gcp/dataplex/get_glossary_iam_policy.py +185 -0
pulumi_gcp/dataplex/get_lake_iam_policy.py +6 -0
pulumi_gcp/dataplex/get_task_iam_policy.py +2 -0
pulumi_gcp/dataplex/get_zone_iam_policy.py +8 -0
pulumi_gcp/dataplex/glossary.py +772 -0
pulumi_gcp/dataplex/glossary_iam_binding.py +837 -0
pulumi_gcp/dataplex/glossary_iam_member.py +837 -0
pulumi_gcp/dataplex/glossary_iam_policy.py +676 -0
pulumi_gcp/dataplex/lake_iam_binding.py +27 -0
pulumi_gcp/dataplex/lake_iam_member.py +27 -0
pulumi_gcp/dataplex/lake_iam_policy.py +27 -0
pulumi_gcp/dataplex/outputs.py +56 -0
pulumi_gcp/dataplex/task_iam_binding.py +13 -0
pulumi_gcp/dataplex/task_iam_member.py +13 -0
pulumi_gcp/dataplex/task_iam_policy.py +13 -0
pulumi_gcp/dataplex/zone_iam_binding.py +40 -0
pulumi_gcp/dataplex/zone_iam_member.py +40 -0
pulumi_gcp/dataplex/zone_iam_policy.py +40 -0
pulumi_gcp/dataproc/autoscaling_policy_iam_binding.py +4 -25
pulumi_gcp/dataproc/autoscaling_policy_iam_member.py +4 -25
pulumi_gcp/dataproc/autoscaling_policy_iam_policy.py +4 -25
pulumi_gcp/dataproc/get_autoscaling_policy_iam_policy.py +2 -8
pulumi_gcp/dataproc/get_metastore_database_iam_policy.py +8 -0
pulumi_gcp/dataproc/get_metastore_federation_iam_policy.py +2 -0
pulumi_gcp/dataproc/get_metastore_service_iam_policy.py +2 -0
pulumi_gcp/dataproc/get_metastore_table_iam_policy.py +10 -0
pulumi_gcp/dataproc/metastore_database_iam_binding.py +40 -0
pulumi_gcp/dataproc/metastore_database_iam_member.py +40 -0
pulumi_gcp/dataproc/metastore_database_iam_policy.py +40 -0
pulumi_gcp/dataproc/metastore_federation_iam_binding.py +13 -0
pulumi_gcp/dataproc/metastore_federation_iam_member.py +13 -0
pulumi_gcp/dataproc/metastore_federation_iam_policy.py +13 -0
pulumi_gcp/dataproc/metastore_service_iam_binding.py +13 -0
pulumi_gcp/dataproc/metastore_service_iam_member.py +13 -0
pulumi_gcp/dataproc/metastore_service_iam_policy.py +13 -0
pulumi_gcp/dataproc/metastore_table_iam_binding.py +53 -0
pulumi_gcp/dataproc/metastore_table_iam_member.py +53 -0
pulumi_gcp/dataproc/metastore_table_iam_policy.py +53 -0
pulumi_gcp/diagflow/_inputs.py +56 -0
pulumi_gcp/diagflow/cx_agent.py +60 -0
pulumi_gcp/diagflow/cx_flow.py +2 -0
pulumi_gcp/diagflow/entity_type.py +2 -2
pulumi_gcp/diagflow/outputs.py +35 -0
pulumi_gcp/edgecontainer/node_pool.py +2 -2
pulumi_gcp/endpoints/consumers_iam_binding.py +26 -0
pulumi_gcp/endpoints/consumers_iam_member.py +26 -0
pulumi_gcp/endpoints/consumers_iam_policy.py +26 -0
pulumi_gcp/endpoints/get_service_consumers_iam_policy.py +8 -0
pulumi_gcp/endpoints/get_service_iam_policy.py +6 -0
pulumi_gcp/endpoints/service_iam_binding.py +13 -0
pulumi_gcp/endpoints/service_iam_member.py +13 -0
pulumi_gcp/endpoints/service_iam_policy.py +13 -0
pulumi_gcp/firebase/__init__.py +3 -0
pulumi_gcp/firebase/_inputs.py +1527 -0
pulumi_gcp/firebase/app_hosting_backend.py +104 -0
pulumi_gcp/firebase/app_hosting_default_domain.py +721 -0
pulumi_gcp/firebase/app_hosting_domain.py +796 -0
pulumi_gcp/firebase/app_hosting_traffic.py +914 -0
pulumi_gcp/firebase/extensions_instance.py +4 -4
pulumi_gcp/firebase/outputs.py +1075 -0
pulumi_gcp/firestore/database.py +9 -0
pulumi_gcp/gemini/get_repository_group_iam_policy.py +4 -0
pulumi_gcp/gemini/repository_group_iam_binding.py +26 -0
pulumi_gcp/gemini/repository_group_iam_member.py +26 -0
pulumi_gcp/gemini/repository_group_iam_policy.py +26 -0
pulumi_gcp/gkebackup/backup_channel.py +9 -9
pulumi_gcp/gkebackup/restore_channel.py +9 -9
pulumi_gcp/gkehub/get_membership_iam_policy.py +2 -0
pulumi_gcp/gkehub/get_scope_iam_policy.py +2 -0
pulumi_gcp/gkehub/membership_iam_binding.py +13 -0
pulumi_gcp/gkehub/membership_iam_member.py +13 -0
pulumi_gcp/gkehub/membership_iam_policy.py +13 -0
pulumi_gcp/gkehub/scope_iam_binding.py +13 -0
pulumi_gcp/gkehub/scope_iam_member.py +13 -0
pulumi_gcp/gkehub/scope_iam_policy.py +13 -0
pulumi_gcp/iam/__init__.py +4 -0
pulumi_gcp/iam/_inputs.py +432 -0
pulumi_gcp/iam/get_workload_identity_pool.py +35 -1
pulumi_gcp/iam/get_workload_identity_pool_iam_policy.py +156 -0
pulumi_gcp/iam/oauth_client_credential.py +6 -0
pulumi_gcp/iam/outputs.py +510 -0
pulumi_gcp/iam/workload_identity_pool.py +446 -24
pulumi_gcp/iam/workload_identity_pool_iam_binding.py +539 -0
pulumi_gcp/iam/workload_identity_pool_iam_member.py +539 -0
pulumi_gcp/iam/workload_identity_pool_iam_policy.py +358 -0
pulumi_gcp/iap/app_engine_service_iam_binding.py +14 -14
pulumi_gcp/iap/app_engine_service_iam_member.py +14 -14
pulumi_gcp/iap/app_engine_service_iam_policy.py +14 -14
pulumi_gcp/iap/app_engine_version_iam_binding.py +14 -14
pulumi_gcp/iap/app_engine_version_iam_member.py +14 -14
pulumi_gcp/iap/app_engine_version_iam_policy.py +14 -14
pulumi_gcp/iap/get_app_engine_service_iam_policy.py +4 -4
pulumi_gcp/iap/get_app_engine_version_iam_policy.py +4 -4
pulumi_gcp/iap/get_tunnel_dest_group_iam_policy.py +2 -0
pulumi_gcp/iap/get_tunnel_instance_iam_policy.py +6 -0
pulumi_gcp/iap/get_web_region_backend_service_iam_policy.py +6 -0
pulumi_gcp/iap/get_web_type_app_engine_iam_policy.py +2 -2
pulumi_gcp/iap/tunnel_dest_group_iam_binding.py +13 -0
pulumi_gcp/iap/tunnel_dest_group_iam_member.py +13 -0
pulumi_gcp/iap/tunnel_dest_group_iam_policy.py +13 -0
pulumi_gcp/iap/tunnel_instance_iam_binding.py +27 -0
pulumi_gcp/iap/tunnel_instance_iam_member.py +27 -0
pulumi_gcp/iap/tunnel_instance_iam_policy.py +27 -0
pulumi_gcp/iap/web_region_backend_service_iam_binding.py +27 -0
pulumi_gcp/iap/web_region_backend_service_iam_member.py +27 -0
pulumi_gcp/iap/web_region_backend_service_iam_policy.py +27 -0
pulumi_gcp/iap/web_type_app_enging_iam_binding.py +7 -7
pulumi_gcp/iap/web_type_app_enging_iam_member.py +7 -7
pulumi_gcp/iap/web_type_app_enging_iam_policy.py +7 -7
pulumi_gcp/lustre/__init__.py +1 -0
pulumi_gcp/lustre/get_instance.py +280 -0
pulumi_gcp/lustre/instance.py +12 -0
pulumi_gcp/netapp/backup.py +2 -2
pulumi_gcp/networksecurity/intercept_deployment.py +10 -0
pulumi_gcp/networksecurity/intercept_deployment_group.py +8 -0
pulumi_gcp/networksecurity/intercept_endpoint_group.py +12 -0
pulumi_gcp/networksecurity/intercept_endpoint_group_association.py +16 -0
pulumi_gcp/pulumi-plugin.json +1 -1
pulumi_gcp/secretmanager/get_regional_secret_iam_policy.py +2 -0
pulumi_gcp/secretmanager/get_secret_iam_policy.py +2 -0
pulumi_gcp/secretmanager/regional_secret_iam_binding.py +13 -0
pulumi_gcp/secretmanager/regional_secret_iam_member.py +13 -0
pulumi_gcp/secretmanager/regional_secret_iam_policy.py +13 -0
pulumi_gcp/secretmanager/secret_iam_binding.py +13 -0
pulumi_gcp/secretmanager/secret_iam_member.py +13 -0
pulumi_gcp/secretmanager/secret_iam_policy.py +13 -0
pulumi_gcp/securesourcemanager/get_instance_iam_policy.py +2 -4
pulumi_gcp/securesourcemanager/get_repository_iam_policy.py +2 -4
pulumi_gcp/securesourcemanager/repository_iam_binding.py +4 -11
pulumi_gcp/securesourcemanager/repository_iam_member.py +4 -11
pulumi_gcp/securesourcemanager/repository_iam_policy.py +4 -11
pulumi_gcp/securitycenter/v2_organization_scc_big_query_export.py +2 -2
pulumi_gcp/securitycenter/v2_organization_scc_big_query_exports.py +2 -2
pulumi_gcp/vertex/ai_feature_online_store_featureview_iam_binding.py +13 -0
pulumi_gcp/vertex/ai_feature_online_store_featureview_iam_member.py +13 -0
pulumi_gcp/vertex/ai_feature_online_store_featureview_iam_policy.py +13 -0
pulumi_gcp/vertex/get_ai_feature_online_store_featureview_iam_policy.py +2 -0
pulumi_gcp/vmwareengine/external_address.py +4 -4
pulumi_gcp/workstations/get_workstation_config_iam_policy.py +6 -0
pulumi_gcp/workstations/get_workstation_iam_policy.py +10 -0
pulumi_gcp/workstations/workstation_config_iam_binding.py +33 -0
pulumi_gcp/workstations/workstation_config_iam_member.py +33 -0
pulumi_gcp/workstations/workstation_config_iam_policy.py +33 -0
pulumi_gcp/workstations/workstation_iam_binding.py +53 -0
pulumi_gcp/workstations/workstation_iam_member.py +53 -0
pulumi_gcp/workstations/workstation_iam_policy.py +53 -0
{pulumi_gcp-8.32.0a1747459264.dist-info → pulumi_gcp-8.32.1.dist-info}/METADATA +1 -1
{pulumi_gcp-8.32.0a1747459264.dist-info → pulumi_gcp-8.32.1.dist-info}/RECORD +256 -241
{pulumi_gcp-8.32.0a1747459264.dist-info → pulumi_gcp-8.32.1.dist-info}/WHEEL +1 -1
{pulumi_gcp-8.32.0a1747459264.dist-info → pulumi_gcp-8.32.1.dist-info}/top_level.txt +0 -0

pulumi_gcp/iam/workload_identity_pool.py CHANGED Viewed

@@ -14,6 +14,8 @@ if sys.version_info >= (3, 11):
 else:
     from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
+from . import outputs
+from ._inputs import *
 __all__ = ['WorkloadIdentityPoolArgs', 'WorkloadIdentityPool']
@@ -24,6 +26,9 @@ class WorkloadIdentityPoolArgs:
                  description: Optional[pulumi.Input[builtins.str]] = None,
                  disabled: Optional[pulumi.Input[builtins.bool]] = None,
                  display_name: Optional[pulumi.Input[builtins.str]] = None,
+                 inline_certificate_issuance_config: Optional[pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs']] = None,
+                 inline_trust_config: Optional[pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs']] = None,
+                 mode: Optional[pulumi.Input[builtins.str]] = None,
                  project: Optional[pulumi.Input[builtins.str]] = None):
         """
         The set of arguments for constructing a WorkloadIdentityPool resource.
@@ -38,6 +43,34 @@ class WorkloadIdentityPoolArgs:
                existing tokens to access resources. If the pool is re-enabled, existing tokens grant
                access again.
         :param pulumi.Input[builtins.str] display_name: A display name for the pool. Cannot exceed 32 characters.
+        :param pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs'] inline_certificate_issuance_config: Represents configuration for generating mutual TLS (mTLS) certificates for the identities
+               within this pool. Defines the Certificate Authority (CA) pool resources and configurations
+               required for issuance and rotation of mTLS workload certificates.
+               Structure is documented below.
+        :param pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs'] inline_trust_config: Represents config to add additional trusted trust domains. Defines configuration for extending
+               trust to additional trust domains. By establishing trust with another domain, the current
+               domain will recognize and accept certificates issued by entities within the trusted domains.
+               Note that a trust domain automatically trusts itself, eliminating the need for explicit
+               configuration.
+               Structure is documented below.
+        :param pulumi.Input[builtins.str] mode: The mode for the pool is operating in. Pools with an unspecified mode will operate as if they
+               are in `FEDERATION_ONLY` mode.
+               > **Note** This field cannot be changed after the Workload Identity Pool is created. While
+               `pulumi preview` may show an update if you change this field's value, `pulumi up`
+               **will fail with an API error** (such as `Error 400: Attempted to update an immutable field.`).
+               To specify a different `mode`, please create a new Workload Identity Pool resource.
+               * `FEDERATION_ONLY`: Pools can only be used for federating external workload identities into
+               Google Cloud. Unless otherwise noted, no structure or format constraints are applied to
+               workload identities in a `FEDERATION_ONLY` mode pool, and you may not create any resources
+               within the pool besides providers.
+               * `TRUST_DOMAIN`: Pools can be used to assign identities to Google Cloud workloads. All
+               identities within a `TRUST_DOMAIN` mode pool must consist of a single namespace and individual
+               workload identifier. The subject identifier for all identities must conform to the following
+               format: `ns/<namespace>/sa/<workload_identifier>`.
+               `iam.WorkloadIdentityPoolProvider`s cannot be created within `TRUST_DOMAIN`
+               mode pools.
+               Possible values are: `FEDERATION_ONLY`, `TRUST_DOMAIN`.
         :param pulumi.Input[builtins.str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         """
@@ -48,6 +81,12 @@ class WorkloadIdentityPoolArgs:
             pulumi.set(__self__, "disabled", disabled)
         if display_name is not None:
             pulumi.set(__self__, "display_name", display_name)
+        if inline_certificate_issuance_config is not None:
+            pulumi.set(__self__, "inline_certificate_issuance_config", inline_certificate_issuance_config)
+        if inline_trust_config is not None:
+            pulumi.set(__self__, "inline_trust_config", inline_trust_config)
+        if mode is not None:
+            pulumi.set(__self__, "mode", mode)
         if project is not None:
             pulumi.set(__self__, "project", project)
@@ -106,6 +145,67 @@ class WorkloadIdentityPoolArgs:
     def display_name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "display_name", value)
+    @property
+    @pulumi.getter(name="inlineCertificateIssuanceConfig")
+    def inline_certificate_issuance_config(self) -> Optional[pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs']]:
+        """
+        Represents configuration for generating mutual TLS (mTLS) certificates for the identities
+        within this pool. Defines the Certificate Authority (CA) pool resources and configurations
+        required for issuance and rotation of mTLS workload certificates.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "inline_certificate_issuance_config")
+    @inline_certificate_issuance_config.setter
+    def inline_certificate_issuance_config(self, value: Optional[pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs']]):
+        pulumi.set(self, "inline_certificate_issuance_config", value)
+    @property
+    @pulumi.getter(name="inlineTrustConfig")
+    def inline_trust_config(self) -> Optional[pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs']]:
+        """
+        Represents config to add additional trusted trust domains. Defines configuration for extending
+        trust to additional trust domains. By establishing trust with another domain, the current
+        domain will recognize and accept certificates issued by entities within the trusted domains.
+        Note that a trust domain automatically trusts itself, eliminating the need for explicit
+        configuration.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "inline_trust_config")
+    @inline_trust_config.setter
+    def inline_trust_config(self, value: Optional[pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs']]):
+        pulumi.set(self, "inline_trust_config", value)
+    @property
+    @pulumi.getter
+    def mode(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The mode for the pool is operating in. Pools with an unspecified mode will operate as if they
+        are in `FEDERATION_ONLY` mode.
+        > **Note** This field cannot be changed after the Workload Identity Pool is created. While
+        `pulumi preview` may show an update if you change this field's value, `pulumi up`
+        **will fail with an API error** (such as `Error 400: Attempted to update an immutable field.`).
+        To specify a different `mode`, please create a new Workload Identity Pool resource.
+        * `FEDERATION_ONLY`: Pools can only be used for federating external workload identities into
+        Google Cloud. Unless otherwise noted, no structure or format constraints are applied to
+        workload identities in a `FEDERATION_ONLY` mode pool, and you may not create any resources
+        within the pool besides providers.
+        * `TRUST_DOMAIN`: Pools can be used to assign identities to Google Cloud workloads. All
+        identities within a `TRUST_DOMAIN` mode pool must consist of a single namespace and individual
+        workload identifier. The subject identifier for all identities must conform to the following
+        format: `ns/<namespace>/sa/<workload_identifier>`.
+        `iam.WorkloadIdentityPoolProvider`s cannot be created within `TRUST_DOMAIN`
+        mode pools.
+        Possible values are: `FEDERATION_ONLY`, `TRUST_DOMAIN`.
+        """
+        return pulumi.get(self, "mode")
+    @mode.setter
+    def mode(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "mode", value)
     @property
     @pulumi.getter
     def project(self) -> Optional[pulumi.Input[builtins.str]]:
@@ -126,6 +226,9 @@ class _WorkloadIdentityPoolState:
                  description: Optional[pulumi.Input[builtins.str]] = None,
                  disabled: Optional[pulumi.Input[builtins.bool]] = None,
                  display_name: Optional[pulumi.Input[builtins.str]] = None,
+                 inline_certificate_issuance_config: Optional[pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs']] = None,
+                 inline_trust_config: Optional[pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs']] = None,
+                 mode: Optional[pulumi.Input[builtins.str]] = None,
                  name: Optional[pulumi.Input[builtins.str]] = None,
                  project: Optional[pulumi.Input[builtins.str]] = None,
                  state: Optional[pulumi.Input[builtins.str]] = None,
@@ -137,16 +240,44 @@ class _WorkloadIdentityPoolState:
                existing tokens to access resources. If the pool is re-enabled, existing tokens grant
                access again.
         :param pulumi.Input[builtins.str] display_name: A display name for the pool. Cannot exceed 32 characters.
+        :param pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs'] inline_certificate_issuance_config: Represents configuration for generating mutual TLS (mTLS) certificates for the identities
+               within this pool. Defines the Certificate Authority (CA) pool resources and configurations
+               required for issuance and rotation of mTLS workload certificates.
+               Structure is documented below.
+        :param pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs'] inline_trust_config: Represents config to add additional trusted trust domains. Defines configuration for extending
+               trust to additional trust domains. By establishing trust with another domain, the current
+               domain will recognize and accept certificates issued by entities within the trusted domains.
+               Note that a trust domain automatically trusts itself, eliminating the need for explicit
+               configuration.
+               Structure is documented below.
+        :param pulumi.Input[builtins.str] mode: The mode for the pool is operating in. Pools with an unspecified mode will operate as if they
+               are in `FEDERATION_ONLY` mode.
+               > **Note** This field cannot be changed after the Workload Identity Pool is created. While
+               `pulumi preview` may show an update if you change this field's value, `pulumi up`
+               **will fail with an API error** (such as `Error 400: Attempted to update an immutable field.`).
+               To specify a different `mode`, please create a new Workload Identity Pool resource.
+               * `FEDERATION_ONLY`: Pools can only be used for federating external workload identities into
+               Google Cloud. Unless otherwise noted, no structure or format constraints are applied to
+               workload identities in a `FEDERATION_ONLY` mode pool, and you may not create any resources
+               within the pool besides providers.
+               * `TRUST_DOMAIN`: Pools can be used to assign identities to Google Cloud workloads. All
+               identities within a `TRUST_DOMAIN` mode pool must consist of a single namespace and individual
+               workload identifier. The subject identifier for all identities must conform to the following
+               format: `ns/<namespace>/sa/<workload_identifier>`.
+               `iam.WorkloadIdentityPoolProvider`s cannot be created within `TRUST_DOMAIN`
+               mode pools.
+               Possible values are: `FEDERATION_ONLY`, `TRUST_DOMAIN`.
         :param pulumi.Input[builtins.str] name: The resource name of the pool as
                `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.
         :param pulumi.Input[builtins.str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         :param pulumi.Input[builtins.str] state: The state of the pool.
-               * STATE_UNSPECIFIED: State unspecified.
-               * ACTIVE: The pool is active, and may be used in Google Cloud policies.
-               * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
+               * `STATE_UNSPECIFIED`: State unspecified.
+               * `ACTIVE`: The pool is active, and may be used in Google Cloud policies.
+               * `DELETED`: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
                approximately 30 days. You can restore a soft-deleted pool using
-               UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
+               `UndeleteWorkloadIdentityPool`. You cannot reuse the ID of a soft-deleted pool until it is
                permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
                use existing tokens to access resources. If the pool is undeleted, existing tokens grant
                access again.
@@ -163,6 +294,12 @@ class _WorkloadIdentityPoolState:
             pulumi.set(__self__, "disabled", disabled)
         if display_name is not None:
             pulumi.set(__self__, "display_name", display_name)
+        if inline_certificate_issuance_config is not None:
+            pulumi.set(__self__, "inline_certificate_issuance_config", inline_certificate_issuance_config)
+        if inline_trust_config is not None:
+            pulumi.set(__self__, "inline_trust_config", inline_trust_config)
+        if mode is not None:
+            pulumi.set(__self__, "mode", mode)
         if name is not None:
             pulumi.set(__self__, "name", name)
         if project is not None:
@@ -210,6 +347,67 @@ class _WorkloadIdentityPoolState:
     def display_name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "display_name", value)
+    @property
+    @pulumi.getter(name="inlineCertificateIssuanceConfig")
+    def inline_certificate_issuance_config(self) -> Optional[pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs']]:
+        """
+        Represents configuration for generating mutual TLS (mTLS) certificates for the identities
+        within this pool. Defines the Certificate Authority (CA) pool resources and configurations
+        required for issuance and rotation of mTLS workload certificates.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "inline_certificate_issuance_config")
+    @inline_certificate_issuance_config.setter
+    def inline_certificate_issuance_config(self, value: Optional[pulumi.Input['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs']]):
+        pulumi.set(self, "inline_certificate_issuance_config", value)
+    @property
+    @pulumi.getter(name="inlineTrustConfig")
+    def inline_trust_config(self) -> Optional[pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs']]:
+        """
+        Represents config to add additional trusted trust domains. Defines configuration for extending
+        trust to additional trust domains. By establishing trust with another domain, the current
+        domain will recognize and accept certificates issued by entities within the trusted domains.
+        Note that a trust domain automatically trusts itself, eliminating the need for explicit
+        configuration.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "inline_trust_config")
+    @inline_trust_config.setter
+    def inline_trust_config(self, value: Optional[pulumi.Input['WorkloadIdentityPoolInlineTrustConfigArgs']]):
+        pulumi.set(self, "inline_trust_config", value)
+    @property
+    @pulumi.getter
+    def mode(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The mode for the pool is operating in. Pools with an unspecified mode will operate as if they
+        are in `FEDERATION_ONLY` mode.
+        > **Note** This field cannot be changed after the Workload Identity Pool is created. While
+        `pulumi preview` may show an update if you change this field's value, `pulumi up`
+        **will fail with an API error** (such as `Error 400: Attempted to update an immutable field.`).
+        To specify a different `mode`, please create a new Workload Identity Pool resource.
+        * `FEDERATION_ONLY`: Pools can only be used for federating external workload identities into
+        Google Cloud. Unless otherwise noted, no structure or format constraints are applied to
+        workload identities in a `FEDERATION_ONLY` mode pool, and you may not create any resources
+        within the pool besides providers.
+        * `TRUST_DOMAIN`: Pools can be used to assign identities to Google Cloud workloads. All
+        identities within a `TRUST_DOMAIN` mode pool must consist of a single namespace and individual
+        workload identifier. The subject identifier for all identities must conform to the following
+        format: `ns/<namespace>/sa/<workload_identifier>`.
+        `iam.WorkloadIdentityPoolProvider`s cannot be created within `TRUST_DOMAIN`
+        mode pools.
+        Possible values are: `FEDERATION_ONLY`, `TRUST_DOMAIN`.
+        """
+        return pulumi.get(self, "mode")
+    @mode.setter
+    def mode(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "mode", value)
     @property
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[builtins.str]]:
@@ -241,11 +439,11 @@ class _WorkloadIdentityPoolState:
     def state(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The state of the pool.
-        * STATE_UNSPECIFIED: State unspecified.
-        * ACTIVE: The pool is active, and may be used in Google Cloud policies.
-        * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
+        * `STATE_UNSPECIFIED`: State unspecified.
+        * `ACTIVE`: The pool is active, and may be used in Google Cloud policies.
+        * `DELETED`: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
         approximately 30 days. You can restore a soft-deleted pool using
-        UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
+        `UndeleteWorkloadIdentityPool`. You cannot reuse the ID of a soft-deleted pool until it is
         permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
         use existing tokens to access resources. If the pool is undeleted, existing tokens grant
         access again.
@@ -283,6 +481,9 @@ class WorkloadIdentityPool(pulumi.CustomResource):
                  description: Optional[pulumi.Input[builtins.str]] = None,
                  disabled: Optional[pulumi.Input[builtins.bool]] = None,
                  display_name: Optional[pulumi.Input[builtins.str]] = None,
+                 inline_certificate_issuance_config: Optional[pulumi.Input[Union['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs', 'WorkloadIdentityPoolInlineCertificateIssuanceConfigArgsDict']]] = None,
+                 inline_trust_config: Optional[pulumi.Input[Union['WorkloadIdentityPoolInlineTrustConfigArgs', 'WorkloadIdentityPoolInlineTrustConfigArgsDict']]] = None,
+                 mode: Optional[pulumi.Input[builtins.str]] = None,
                  project: Optional[pulumi.Input[builtins.str]] = None,
                  workload_identity_pool_id: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
@@ -294,6 +495,8 @@ class WorkloadIdentityPool(pulumi.CustomResource):
         * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools)
         * How-to Guides
+            * [Configure managed workload identity authentication for Compute Engine](https://cloud.google.com/iam/docs/create-managed-workload-identities)
+            * [Configure managed workload identity authentication for GKE](https://cloud.google.com/iam/docs/create-managed-workload-identities-gke)
             * [Managing workload identity pools](https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#pools)
         ## Example Usage
@@ -306,7 +509,7 @@ class WorkloadIdentityPool(pulumi.CustomResource):
         example = gcp.iam.WorkloadIdentityPool("example", workload_identity_pool_id="example-pool")
         ```
-        ### Iam Workload Identity Pool Full
+        ### Iam Workload Identity Pool Full Federation Only Mode
         ```python
         import pulumi
@@ -314,9 +517,59 @@ class WorkloadIdentityPool(pulumi.CustomResource):
         example = gcp.iam.WorkloadIdentityPool("example",
             workload_identity_pool_id="example-pool",
-            display_name="Name of pool",
-            description="Identity pool for automated test",
-            disabled=True)
+            display_name="Name of the pool",
+            description="Identity pool operates in FEDERATION_ONLY mode",
+            disabled=True,
+            mode="FEDERATION_ONLY")
+        ```
+        ### Iam Workload Identity Pool Full Trust Domain Mode
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        import pulumi_std as std
+        example = gcp.iam.WorkloadIdentityPool("example",
+            workload_identity_pool_id="example-pool",
+            display_name="Name of the pool",
+            description="Identity pool operates in TRUST_DOMAIN mode",
+            disabled=True,
+            mode="TRUST_DOMAIN",
+            inline_certificate_issuance_config={
+                "ca_pools": {
+                    "us-central1": "projects/project-bar/locations/us-central1/caPools/ca-pool-bar",
+                    "asia-east2": "projects/project-foo/locations/asia-east2/caPools/ca-pool-foo",
+                },
+                "lifetime": "86400s",
+                "rotation_window_percentage": 50,
+                "key_algorithm": "ECDSA_P256",
+            },
+            inline_trust_config={
+                "additional_trust_bundles": [
+                    {
+                        "trust_domain": "example.com",
+                        "trust_anchors": [
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_1.pem").result,
+                            },
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_2.pem").result,
+                            },
+                        ],
+                    },
+                    {
+                        "trust_domain": "example.net",
+                        "trust_anchors": [
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_3.pem").result,
+                            },
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_4.pem").result,
+                            },
+                        ],
+                    },
+                ],
+            })
         ```
         ## Import
@@ -350,6 +603,34 @@ class WorkloadIdentityPool(pulumi.CustomResource):
                existing tokens to access resources. If the pool is re-enabled, existing tokens grant
                access again.
         :param pulumi.Input[builtins.str] display_name: A display name for the pool. Cannot exceed 32 characters.
+        :param pulumi.Input[Union['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs', 'WorkloadIdentityPoolInlineCertificateIssuanceConfigArgsDict']] inline_certificate_issuance_config: Represents configuration for generating mutual TLS (mTLS) certificates for the identities
+               within this pool. Defines the Certificate Authority (CA) pool resources and configurations
+               required for issuance and rotation of mTLS workload certificates.
+               Structure is documented below.
+        :param pulumi.Input[Union['WorkloadIdentityPoolInlineTrustConfigArgs', 'WorkloadIdentityPoolInlineTrustConfigArgsDict']] inline_trust_config: Represents config to add additional trusted trust domains. Defines configuration for extending
+               trust to additional trust domains. By establishing trust with another domain, the current
+               domain will recognize and accept certificates issued by entities within the trusted domains.
+               Note that a trust domain automatically trusts itself, eliminating the need for explicit
+               configuration.
+               Structure is documented below.
+        :param pulumi.Input[builtins.str] mode: The mode for the pool is operating in. Pools with an unspecified mode will operate as if they
+               are in `FEDERATION_ONLY` mode.
+               > **Note** This field cannot be changed after the Workload Identity Pool is created. While
+               `pulumi preview` may show an update if you change this field's value, `pulumi up`
+               **will fail with an API error** (such as `Error 400: Attempted to update an immutable field.`).
+               To specify a different `mode`, please create a new Workload Identity Pool resource.
+               * `FEDERATION_ONLY`: Pools can only be used for federating external workload identities into
+               Google Cloud. Unless otherwise noted, no structure or format constraints are applied to
+               workload identities in a `FEDERATION_ONLY` mode pool, and you may not create any resources
+               within the pool besides providers.
+               * `TRUST_DOMAIN`: Pools can be used to assign identities to Google Cloud workloads. All
+               identities within a `TRUST_DOMAIN` mode pool must consist of a single namespace and individual
+               workload identifier. The subject identifier for all identities must conform to the following
+               format: `ns/<namespace>/sa/<workload_identifier>`.
+               `iam.WorkloadIdentityPoolProvider`s cannot be created within `TRUST_DOMAIN`
+               mode pools.
+               Possible values are: `FEDERATION_ONLY`, `TRUST_DOMAIN`.
         :param pulumi.Input[builtins.str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         :param pulumi.Input[builtins.str] workload_identity_pool_id: The ID to use for the pool, which becomes the final component of the resource name. This
@@ -373,6 +654,8 @@ class WorkloadIdentityPool(pulumi.CustomResource):
         * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools)
         * How-to Guides
+            * [Configure managed workload identity authentication for Compute Engine](https://cloud.google.com/iam/docs/create-managed-workload-identities)
+            * [Configure managed workload identity authentication for GKE](https://cloud.google.com/iam/docs/create-managed-workload-identities-gke)
             * [Managing workload identity pools](https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#pools)
         ## Example Usage
@@ -385,17 +668,67 @@ class WorkloadIdentityPool(pulumi.CustomResource):
         example = gcp.iam.WorkloadIdentityPool("example", workload_identity_pool_id="example-pool")
         ```
-        ### Iam Workload Identity Pool Full
+        ### Iam Workload Identity Pool Full Federation Only Mode
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        example = gcp.iam.WorkloadIdentityPool("example",
+            workload_identity_pool_id="example-pool",
+            display_name="Name of the pool",
+            description="Identity pool operates in FEDERATION_ONLY mode",
+            disabled=True,
+            mode="FEDERATION_ONLY")
+        ```
+        ### Iam Workload Identity Pool Full Trust Domain Mode
         ```python
         import pulumi
         import pulumi_gcp as gcp
+        import pulumi_std as std
         example = gcp.iam.WorkloadIdentityPool("example",
             workload_identity_pool_id="example-pool",
-            display_name="Name of pool",
-            description="Identity pool for automated test",
-            disabled=True)
+            display_name="Name of the pool",
+            description="Identity pool operates in TRUST_DOMAIN mode",
+            disabled=True,
+            mode="TRUST_DOMAIN",
+            inline_certificate_issuance_config={
+                "ca_pools": {
+                    "us-central1": "projects/project-bar/locations/us-central1/caPools/ca-pool-bar",
+                    "asia-east2": "projects/project-foo/locations/asia-east2/caPools/ca-pool-foo",
+                },
+                "lifetime": "86400s",
+                "rotation_window_percentage": 50,
+                "key_algorithm": "ECDSA_P256",
+            },
+            inline_trust_config={
+                "additional_trust_bundles": [
+                    {
+                        "trust_domain": "example.com",
+                        "trust_anchors": [
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_1.pem").result,
+                            },
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_2.pem").result,
+                            },
+                        ],
+                    },
+                    {
+                        "trust_domain": "example.net",
+                        "trust_anchors": [
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_3.pem").result,
+                            },
+                            {
+                                "pem_certificate": std.file(input="test-fixtures/trust_anchor_4.pem").result,
+                            },
+                        ],
+                    },
+                ],
+            })
         ```
         ## Import
@@ -440,6 +773,9 @@ class WorkloadIdentityPool(pulumi.CustomResource):
                  description: Optional[pulumi.Input[builtins.str]] = None,
                  disabled: Optional[pulumi.Input[builtins.bool]] = None,
                  display_name: Optional[pulumi.Input[builtins.str]] = None,
+                 inline_certificate_issuance_config: Optional[pulumi.Input[Union['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs', 'WorkloadIdentityPoolInlineCertificateIssuanceConfigArgsDict']]] = None,
+                 inline_trust_config: Optional[pulumi.Input[Union['WorkloadIdentityPoolInlineTrustConfigArgs', 'WorkloadIdentityPoolInlineTrustConfigArgsDict']]] = None,
+                 mode: Optional[pulumi.Input[builtins.str]] = None,
                  project: Optional[pulumi.Input[builtins.str]] = None,
                  workload_identity_pool_id: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
@@ -454,6 +790,9 @@ class WorkloadIdentityPool(pulumi.CustomResource):
             __props__.__dict__["description"] = description
             __props__.__dict__["disabled"] = disabled
             __props__.__dict__["display_name"] = display_name
+            __props__.__dict__["inline_certificate_issuance_config"] = inline_certificate_issuance_config
+            __props__.__dict__["inline_trust_config"] = inline_trust_config
+            __props__.__dict__["mode"] = mode
             __props__.__dict__["project"] = project
             if workload_identity_pool_id is None and not opts.urn:
                 raise TypeError("Missing required property 'workload_identity_pool_id'")
@@ -473,6 +812,9 @@ class WorkloadIdentityPool(pulumi.CustomResource):
             description: Optional[pulumi.Input[builtins.str]] = None,
             disabled: Optional[pulumi.Input[builtins.bool]] = None,
             display_name: Optional[pulumi.Input[builtins.str]] = None,
+            inline_certificate_issuance_config: Optional[pulumi.Input[Union['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs', 'WorkloadIdentityPoolInlineCertificateIssuanceConfigArgsDict']]] = None,
+            inline_trust_config: Optional[pulumi.Input[Union['WorkloadIdentityPoolInlineTrustConfigArgs', 'WorkloadIdentityPoolInlineTrustConfigArgsDict']]] = None,
+            mode: Optional[pulumi.Input[builtins.str]] = None,
             name: Optional[pulumi.Input[builtins.str]] = None,
             project: Optional[pulumi.Input[builtins.str]] = None,
             state: Optional[pulumi.Input[builtins.str]] = None,
@@ -489,16 +831,44 @@ class WorkloadIdentityPool(pulumi.CustomResource):
                existing tokens to access resources. If the pool is re-enabled, existing tokens grant
                access again.
         :param pulumi.Input[builtins.str] display_name: A display name for the pool. Cannot exceed 32 characters.
+        :param pulumi.Input[Union['WorkloadIdentityPoolInlineCertificateIssuanceConfigArgs', 'WorkloadIdentityPoolInlineCertificateIssuanceConfigArgsDict']] inline_certificate_issuance_config: Represents configuration for generating mutual TLS (mTLS) certificates for the identities
+               within this pool. Defines the Certificate Authority (CA) pool resources and configurations
+               required for issuance and rotation of mTLS workload certificates.
+               Structure is documented below.
+        :param pulumi.Input[Union['WorkloadIdentityPoolInlineTrustConfigArgs', 'WorkloadIdentityPoolInlineTrustConfigArgsDict']] inline_trust_config: Represents config to add additional trusted trust domains. Defines configuration for extending
+               trust to additional trust domains. By establishing trust with another domain, the current
+               domain will recognize and accept certificates issued by entities within the trusted domains.
+               Note that a trust domain automatically trusts itself, eliminating the need for explicit
+               configuration.
+               Structure is documented below.
+        :param pulumi.Input[builtins.str] mode: The mode for the pool is operating in. Pools with an unspecified mode will operate as if they
+               are in `FEDERATION_ONLY` mode.
+               > **Note** This field cannot be changed after the Workload Identity Pool is created. While
+               `pulumi preview` may show an update if you change this field's value, `pulumi up`
+               **will fail with an API error** (such as `Error 400: Attempted to update an immutable field.`).
+               To specify a different `mode`, please create a new Workload Identity Pool resource.
+               * `FEDERATION_ONLY`: Pools can only be used for federating external workload identities into
+               Google Cloud. Unless otherwise noted, no structure or format constraints are applied to
+               workload identities in a `FEDERATION_ONLY` mode pool, and you may not create any resources
+               within the pool besides providers.
+               * `TRUST_DOMAIN`: Pools can be used to assign identities to Google Cloud workloads. All
+               identities within a `TRUST_DOMAIN` mode pool must consist of a single namespace and individual
+               workload identifier. The subject identifier for all identities must conform to the following
+               format: `ns/<namespace>/sa/<workload_identifier>`.
+               `iam.WorkloadIdentityPoolProvider`s cannot be created within `TRUST_DOMAIN`
+               mode pools.
+               Possible values are: `FEDERATION_ONLY`, `TRUST_DOMAIN`.
         :param pulumi.Input[builtins.str] name: The resource name of the pool as
                `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`.
         :param pulumi.Input[builtins.str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         :param pulumi.Input[builtins.str] state: The state of the pool.
-               * STATE_UNSPECIFIED: State unspecified.
-               * ACTIVE: The pool is active, and may be used in Google Cloud policies.
-               * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
+               * `STATE_UNSPECIFIED`: State unspecified.
+               * `ACTIVE`: The pool is active, and may be used in Google Cloud policies.
+               * `DELETED`: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
                approximately 30 days. You can restore a soft-deleted pool using
-               UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
+               `UndeleteWorkloadIdentityPool`. You cannot reuse the ID of a soft-deleted pool until it is
                permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
                use existing tokens to access resources. If the pool is undeleted, existing tokens grant
                access again.
@@ -516,6 +886,9 @@ class WorkloadIdentityPool(pulumi.CustomResource):
         __props__.__dict__["description"] = description
         __props__.__dict__["disabled"] = disabled
         __props__.__dict__["display_name"] = display_name
+        __props__.__dict__["inline_certificate_issuance_config"] = inline_certificate_issuance_config
+        __props__.__dict__["inline_trust_config"] = inline_trust_config
+        __props__.__dict__["mode"] = mode
         __props__.__dict__["name"] = name
         __props__.__dict__["project"] = project
         __props__.__dict__["state"] = state
@@ -548,6 +921,55 @@ class WorkloadIdentityPool(pulumi.CustomResource):
         """
         return pulumi.get(self, "display_name")
+    @property
+    @pulumi.getter(name="inlineCertificateIssuanceConfig")
+    def inline_certificate_issuance_config(self) -> pulumi.Output[Optional['outputs.WorkloadIdentityPoolInlineCertificateIssuanceConfig']]:
+        """
+        Represents configuration for generating mutual TLS (mTLS) certificates for the identities
+        within this pool. Defines the Certificate Authority (CA) pool resources and configurations
+        required for issuance and rotation of mTLS workload certificates.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "inline_certificate_issuance_config")
+    @property
+    @pulumi.getter(name="inlineTrustConfig")
+    def inline_trust_config(self) -> pulumi.Output[Optional['outputs.WorkloadIdentityPoolInlineTrustConfig']]:
+        """
+        Represents config to add additional trusted trust domains. Defines configuration for extending
+        trust to additional trust domains. By establishing trust with another domain, the current
+        domain will recognize and accept certificates issued by entities within the trusted domains.
+        Note that a trust domain automatically trusts itself, eliminating the need for explicit
+        configuration.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "inline_trust_config")
+    @property
+    @pulumi.getter
+    def mode(self) -> pulumi.Output[Optional[builtins.str]]:
+        """
+        The mode for the pool is operating in. Pools with an unspecified mode will operate as if they
+        are in `FEDERATION_ONLY` mode.
+        > **Note** This field cannot be changed after the Workload Identity Pool is created. While
+        `pulumi preview` may show an update if you change this field's value, `pulumi up`
+        **will fail with an API error** (such as `Error 400: Attempted to update an immutable field.`).
+        To specify a different `mode`, please create a new Workload Identity Pool resource.
+        * `FEDERATION_ONLY`: Pools can only be used for federating external workload identities into
+        Google Cloud. Unless otherwise noted, no structure or format constraints are applied to
+        workload identities in a `FEDERATION_ONLY` mode pool, and you may not create any resources
+        within the pool besides providers.
+        * `TRUST_DOMAIN`: Pools can be used to assign identities to Google Cloud workloads. All
+        identities within a `TRUST_DOMAIN` mode pool must consist of a single namespace and individual
+        workload identifier. The subject identifier for all identities must conform to the following
+        format: `ns/<namespace>/sa/<workload_identifier>`.
+        `iam.WorkloadIdentityPoolProvider`s cannot be created within `TRUST_DOMAIN`
+        mode pools.
+        Possible values are: `FEDERATION_ONLY`, `TRUST_DOMAIN`.
+        """
+        return pulumi.get(self, "mode")
     @property
     @pulumi.getter
     def name(self) -> pulumi.Output[builtins.str]:
@@ -571,11 +993,11 @@ class WorkloadIdentityPool(pulumi.CustomResource):
     def state(self) -> pulumi.Output[builtins.str]:
         """
         The state of the pool.
-        * STATE_UNSPECIFIED: State unspecified.
-        * ACTIVE: The pool is active, and may be used in Google Cloud policies.
-        * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
+        * `STATE_UNSPECIFIED`: State unspecified.
+        * `ACTIVE`: The pool is active, and may be used in Google Cloud policies.
+        * `DELETED`: The pool is soft-deleted. Soft-deleted pools are permanently deleted after
         approximately 30 days. You can restore a soft-deleted pool using
-        UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is
+        `UndeleteWorkloadIdentityPool`. You cannot reuse the ID of a soft-deleted pool until it is
         permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or
         use existing tokens to access resources. If the pool is undeleted, existing tokens grant
         access again.

pulumi-gcp 8.32.0a1747459264__py3-none-any.whl → 8.32.1__py3-none-any.whl

pulumi-gcp 8.32.0a1747459264py3-none-any.whl → 8.32.1py3-none-any.whl