pulumi-pulumiservice 0.28.0a1736807230__tar.gz → 0.29.0__tar.gz

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pulumi_pulumiservice
-Version: 0.28.0a1736807230
+Version: 0.29.0
 Summary: A native Pulumi package for creating and managing Pulumi Cloud constructs
 License: Apache-2.0
 Project-URL: Homepage, https://pulumi.com

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pulumi_pulumiservice/__init__.py

@@ -13,6 +13,7 @@ from .deployment_settings import *
 from .drift_schedule import *
 from .environment import *
 from .environment_version_tag import *
+from .oidc_issuer import *
 from .org_access_token import *
 from .provider import *
 from .stack import *
@@ -49,6 +50,7 @@ _utilities.register(
    "pulumiservice:index:DriftSchedule": "DriftSchedule",
    "pulumiservice:index:Environment": "Environment",
    "pulumiservice:index:EnvironmentVersionTag": "EnvironmentVersionTag",
+   "pulumiservice:index:OidcIssuer": "OidcIssuer",
    "pulumiservice:index:OrgAccessToken": "OrgAccessToken",
    "pulumiservice:index:Stack": "Stack",
    "pulumiservice:index:StackTag": "StackTag",

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pulumi_pulumiservice/_enums.py

@@ -5,6 +5,9 @@
 from enum import Enum
 
 __all__ = [
+    'AuthPolicyDecision',
+    'AuthPolicyPermissionLevel',
+    'AuthPolicyTokenType',
     'EnvironmentPermission',
     'PulumiOperation',
     'TeamStackPermissionScope',
@@ -14,6 +17,47 @@ __all__ = [
 ]
 
 
+class AuthPolicyDecision(str, Enum):
+    DENY = "deny"
+    """
+    A deny rule for Oidc Issuer Policy.
+    """
+    ALLOW = "allow"
+    """
+    An allow rule for Oidc Issuer Policy.
+    """
+
+
+class AuthPolicyPermissionLevel(str, Enum):
+    STANDARD = "standard"
+    """
+    Standard level of permissions.
+    """
+    ADMIN = "admin"
+    """
+    Admin level of permissions.
+    """
+
+
+class AuthPolicyTokenType(str, Enum):
+    PERSONAL = "personal"
+    """
+    Personal Pulumi token. Requires userLogin field to be filled.
+    """
+    TEAM = "team"
+    """
+    Team Pulumi token. Requires teamName field to be filled.
+    """
+    ORGANIZATION = "organization"
+    """
+    Organization Pulumi token. Requires authorizedPermissions field to be filled.
+    """
+    RUNNER = "runner"
+    """
+    Deployment Runner Pulumi token. Requires runnerID field to be filled.
+    """
+
+
 class EnvironmentPermission(str, Enum):
     NONE = "none"
     """

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pulumi_pulumiservice/_inputs.py

@@ -18,6 +18,8 @@ from ._enums import *
 __all__ = [
     'AWSOIDCConfigurationArgs',
     'AWSOIDCConfigurationArgsDict',
+    'AuthPolicyDefinitionArgs',
+    'AuthPolicyDefinitionArgsDict',
     'AzureOIDCConfigurationArgs',
     'AzureOIDCConfigurationArgsDict',
     'DeploymentSettingsCacheOptionsArgs',
@@ -140,6 +142,155 @@ class AWSOIDCConfigurationArgs:
         pulumi.set(self, "policy_arns", value)
 
 
+if not MYPY:
+    class AuthPolicyDefinitionArgsDict(TypedDict):
+        decision: pulumi.Input['AuthPolicyDecision']
+        """
+        The rule type of this policy definition
+        """
+        rules: pulumi.Input[Mapping[str, pulumi.Input[str]]]
+        """
+        OIDC rules to set for this policy.
+        """
+        token_type: pulumi.Input['AuthPolicyTokenType']
+        """
+        The token type for this policy definition
+        """
+        authorized_permissions: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthPolicyPermissionLevel']]]]
+        """
+        The permission level for organization tokens.
+        """
+        runner_id: NotRequired[pulumi.Input[str]]
+        """
+        The runner ID for deployment runner tokens.
+        """
+        team_name: NotRequired[pulumi.Input[str]]
+        """
+        The team name for team tokens.
+        """
+        user_login: NotRequired[pulumi.Input[str]]
+        """
+        The user login for personal tokens.
+        """
+elif False:
+    AuthPolicyDefinitionArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class AuthPolicyDefinitionArgs:
+    def __init__(__self__, *,
+                 decision: pulumi.Input['AuthPolicyDecision'],
+                 rules: pulumi.Input[Mapping[str, pulumi.Input[str]]],
+                 token_type: pulumi.Input['AuthPolicyTokenType'],
+                 authorized_permissions: Optional[pulumi.Input[Sequence[pulumi.Input['AuthPolicyPermissionLevel']]]] = None,
+                 runner_id: Optional[pulumi.Input[str]] = None,
+                 team_name: Optional[pulumi.Input[str]] = None,
+                 user_login: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input['AuthPolicyDecision'] decision: The rule type of this policy definition
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] rules: OIDC rules to set for this policy.
+        :param pulumi.Input['AuthPolicyTokenType'] token_type: The token type for this policy definition
+        :param pulumi.Input[Sequence[pulumi.Input['AuthPolicyPermissionLevel']]] authorized_permissions: The permission level for organization tokens.
+        :param pulumi.Input[str] runner_id: The runner ID for deployment runner tokens.
+        :param pulumi.Input[str] team_name: The team name for team tokens.
+        :param pulumi.Input[str] user_login: The user login for personal tokens.
+        """
+        pulumi.set(__self__, "decision", decision)
+        pulumi.set(__self__, "rules", rules)
+        pulumi.set(__self__, "token_type", token_type)
+        if authorized_permissions is not None:
+            pulumi.set(__self__, "authorized_permissions", authorized_permissions)
+        if runner_id is not None:
+            pulumi.set(__self__, "runner_id", runner_id)
+        if team_name is not None:
+            pulumi.set(__self__, "team_name", team_name)
+        if user_login is not None:
+            pulumi.set(__self__, "user_login", user_login)
+
+    @property
+    @pulumi.getter
+    def decision(self) -> pulumi.Input['AuthPolicyDecision']:
+        """
+        The rule type of this policy definition
+        """
+        return pulumi.get(self, "decision")
+
+    @decision.setter
+    def decision(self, value: pulumi.Input['AuthPolicyDecision']):
+        pulumi.set(self, "decision", value)
+
+    @property
+    @pulumi.getter
+    def rules(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]:
+        """
+        OIDC rules to set for this policy.
+        """
+        return pulumi.get(self, "rules")
+
+    @rules.setter
+    def rules(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]):
+        pulumi.set(self, "rules", value)
+
+    @property
+    @pulumi.getter(name="tokenType")
+    def token_type(self) -> pulumi.Input['AuthPolicyTokenType']:
+        """
+        The token type for this policy definition
+        """
+        return pulumi.get(self, "token_type")
+
+    @token_type.setter
+    def token_type(self, value: pulumi.Input['AuthPolicyTokenType']):
+        pulumi.set(self, "token_type", value)
+
+    @property
+    @pulumi.getter(name="authorizedPermissions")
+    def authorized_permissions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthPolicyPermissionLevel']]]]:
+        """
+        The permission level for organization tokens.
+        """
+        return pulumi.get(self, "authorized_permissions")
+
+    @authorized_permissions.setter
+    def authorized_permissions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthPolicyPermissionLevel']]]]):
+        pulumi.set(self, "authorized_permissions", value)
+
+    @property
+    @pulumi.getter(name="runnerID")
+    def runner_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The runner ID for deployment runner tokens.
+        """
+        return pulumi.get(self, "runner_id")
+
+    @runner_id.setter
+    def runner_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "runner_id", value)
+
+    @property
+    @pulumi.getter(name="teamName")
+    def team_name(self) -> Optional[pulumi.Input[str]]:
+        """
+        The team name for team tokens.
+        """
+        return pulumi.get(self, "team_name")
+
+    @team_name.setter
+    def team_name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "team_name", value)
+
+    @property
+    @pulumi.getter(name="userLogin")
+    def user_login(self) -> Optional[pulumi.Input[str]]:
+        """
+        The user login for personal tokens.
+        """
+        return pulumi.get(self, "user_login")
+
+    @user_login.setter
+    def user_login(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "user_login", value)
+
+
 if not MYPY:
     class AzureOIDCConfigurationArgsDict(TypedDict):
         client_id: pulumi.Input[str]

pulumi_pulumiservice-0.29.0/pulumi_pulumiservice/oidc_issuer.py

@@ -0,0 +1,277 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+from . import outputs
+from ._enums import *
+from ._inputs import *
+
+__all__ = ['OidcIssuerArgs', 'OidcIssuer']
+
+@pulumi.input_type
+class OidcIssuerArgs:
+    def __init__(__self__, *,
+                 name: pulumi.Input[str],
+                 organization: pulumi.Input[str],
+                 url: pulumi.Input[str],
+                 max_expiration_seconds: Optional[pulumi.Input[int]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input['AuthPolicyDefinitionArgs']]]] = None,
+                 thumbprints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        The set of arguments for constructing a OidcIssuer resource.
+        :param pulumi.Input[str] name: Issuer name.
+        :param pulumi.Input[str] organization: Organization name.
+        :param pulumi.Input[str] url: The OIDC issuer URL.
+        :param pulumi.Input[int] max_expiration_seconds: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
+        :param pulumi.Input[Sequence[pulumi.Input['AuthPolicyDefinitionArgs']]] policies: The auth policies for this Oidc Issuer.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] thumbprints: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.
+        """
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "organization", organization)
+        pulumi.set(__self__, "url", url)
+        if max_expiration_seconds is not None:
+            pulumi.set(__self__, "max_expiration_seconds", max_expiration_seconds)
+        if policies is not None:
+            pulumi.set(__self__, "policies", policies)
+        if thumbprints is not None:
+            pulumi.set(__self__, "thumbprints", thumbprints)
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[str]:
+        """
+        Issuer name.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "name", value)
+
+    @property
+    @pulumi.getter
+    def organization(self) -> pulumi.Input[str]:
+        """
+        Organization name.
+        """
+        return pulumi.get(self, "organization")
+
+    @organization.setter
+    def organization(self, value: pulumi.Input[str]):
+        pulumi.set(self, "organization", value)
+
+    @property
+    @pulumi.getter
+    def url(self) -> pulumi.Input[str]:
+        """
+        The OIDC issuer URL.
+        """
+        return pulumi.get(self, "url")
+
+    @url.setter
+    def url(self, value: pulumi.Input[str]):
+        pulumi.set(self, "url", value)
+
+    @property
+    @pulumi.getter(name="maxExpirationSeconds")
+    def max_expiration_seconds(self) -> Optional[pulumi.Input[int]]:
+        """
+        The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
+        """
+        return pulumi.get(self, "max_expiration_seconds")
+
+    @max_expiration_seconds.setter
+    def max_expiration_seconds(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "max_expiration_seconds", value)
+
+    @property
+    @pulumi.getter
+    def policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthPolicyDefinitionArgs']]]]:
+        """
+        The auth policies for this Oidc Issuer.
+        """
+        return pulumi.get(self, "policies")
+
+    @policies.setter
+    def policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthPolicyDefinitionArgs']]]]):
+        pulumi.set(self, "policies", value)
+
+    @property
+    @pulumi.getter
+    def thumbprints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.
+        """
+        return pulumi.get(self, "thumbprints")
+
+    @thumbprints.setter
+    def thumbprints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "thumbprints", value)
+
+
+class OidcIssuer(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 max_expiration_seconds: Optional[pulumi.Input[int]] = None,
+                 name: Optional[pulumi.Input[str]] = None,
+                 organization: Optional[pulumi.Input[str]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthPolicyDefinitionArgs', 'AuthPolicyDefinitionArgsDict']]]]] = None,
+                 thumbprints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 url: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        An OIDC issuer registration with Pulumi.
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[int] max_expiration_seconds: The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
+        :param pulumi.Input[str] name: Issuer name.
+        :param pulumi.Input[str] organization: Organization name.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['AuthPolicyDefinitionArgs', 'AuthPolicyDefinitionArgsDict']]]] policies: The auth policies for this Oidc Issuer.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] thumbprints: The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.
+        :param pulumi.Input[str] url: The OIDC issuer URL.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: OidcIssuerArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        An OIDC issuer registration with Pulumi.
+
+        :param str resource_name: The name of the resource.
+        :param OidcIssuerArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(OidcIssuerArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 max_expiration_seconds: Optional[pulumi.Input[int]] = None,
+                 name: Optional[pulumi.Input[str]] = None,
+                 organization: Optional[pulumi.Input[str]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthPolicyDefinitionArgs', 'AuthPolicyDefinitionArgsDict']]]]] = None,
+                 thumbprints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 url: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = OidcIssuerArgs.__new__(OidcIssuerArgs)
+
+            __props__.__dict__["max_expiration_seconds"] = max_expiration_seconds
+            if name is None and not opts.urn:
+                raise TypeError("Missing required property 'name'")
+            __props__.__dict__["name"] = name
+            if organization is None and not opts.urn:
+                raise TypeError("Missing required property 'organization'")
+            __props__.__dict__["organization"] = organization
+            __props__.__dict__["policies"] = policies
+            __props__.__dict__["thumbprints"] = thumbprints
+            if url is None and not opts.urn:
+                raise TypeError("Missing required property 'url'")
+            __props__.__dict__["url"] = url
+        replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["organization", "url"])
+        opts = pulumi.ResourceOptions.merge(opts, replace_on_changes)
+        super(OidcIssuer, __self__).__init__(
+            'pulumiservice:index:OidcIssuer',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None) -> 'OidcIssuer':
+        """
+        Get an existing OidcIssuer resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = OidcIssuerArgs.__new__(OidcIssuerArgs)
+
+        __props__.__dict__["max_expiration_seconds"] = None
+        __props__.__dict__["name"] = None
+        __props__.__dict__["organization"] = None
+        __props__.__dict__["policies"] = None
+        __props__.__dict__["thumbprints"] = None
+        __props__.__dict__["url"] = None
+        return OidcIssuer(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter(name="maxExpirationSeconds")
+    def max_expiration_seconds(self) -> pulumi.Output[Optional[int]]:
+        """
+        The maximum duration of the Pulumi access token working after an exchange, specified in seconds.
+        """
+        return pulumi.get(self, "max_expiration_seconds")
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Output[str]:
+        """
+        Issuer name.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter
+    def organization(self) -> pulumi.Output[str]:
+        """
+        Organization name.
+        """
+        return pulumi.get(self, "organization")
+
+    @property
+    @pulumi.getter
+    def policies(self) -> pulumi.Output[Sequence['outputs.AuthPolicyDefinition']]:
+        """
+        The authorization policies for this Oidc Issuer.
+        """
+        return pulumi.get(self, "policies")
+
+    @property
+    @pulumi.getter
+    def thumbprints(self) -> pulumi.Output[Sequence[str]]:
+        """
+        The thumbprints of issuer's TLS certificates. By default, Pulumi will store the thumbprint of the certificate used to serve the OpenID configuration. If the provider uses multiple certificates to serve content, it is required to manually configure these.
+        """
+        return pulumi.get(self, "thumbprints")
+
+    @property
+    @pulumi.getter
+    def url(self) -> pulumi.Output[str]:
+        """
+        The OIDC issuer URL.
+        """
+        return pulumi.get(self, "url")
+

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pulumi_pulumiservice/outputs.py

@@ -18,6 +18,7 @@ from ._enums import *
 
 __all__ = [
     'AWSOIDCConfiguration',
+    'AuthPolicyDefinition',
     'AzureOIDCConfiguration',
     'DeploymentSettingsCacheOptions',
     'DeploymentSettingsExecutorContext',
@@ -108,6 +109,119 @@ class AWSOIDCConfiguration(dict):
         return pulumi.get(self, "policy_arns")
 
 
+@pulumi.output_type
+class AuthPolicyDefinition(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "tokenType":
+            suggest = "token_type"
+        elif key == "authorizedPermissions":
+            suggest = "authorized_permissions"
+        elif key == "runnerID":
+            suggest = "runner_id"
+        elif key == "teamName":
+            suggest = "team_name"
+        elif key == "userLogin":
+            suggest = "user_login"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in AuthPolicyDefinition. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        AuthPolicyDefinition.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        AuthPolicyDefinition.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 decision: 'AuthPolicyDecision',
+                 rules: Mapping[str, str],
+                 token_type: 'AuthPolicyTokenType',
+                 authorized_permissions: Optional[Sequence['AuthPolicyPermissionLevel']] = None,
+                 runner_id: Optional[str] = None,
+                 team_name: Optional[str] = None,
+                 user_login: Optional[str] = None):
+        """
+        :param 'AuthPolicyDecision' decision: The rule type of this policy definition
+        :param Mapping[str, str] rules: OIDC rules to set for this policy.
+        :param 'AuthPolicyTokenType' token_type: The token type for this policy definition
+        :param Sequence['AuthPolicyPermissionLevel'] authorized_permissions: The permission level for organization tokens.
+        :param str runner_id: The runner ID for deployment runner tokens.
+        :param str team_name: The team name for team tokens.
+        :param str user_login: The user login for personal tokens.
+        """
+        pulumi.set(__self__, "decision", decision)
+        pulumi.set(__self__, "rules", rules)
+        pulumi.set(__self__, "token_type", token_type)
+        if authorized_permissions is not None:
+            pulumi.set(__self__, "authorized_permissions", authorized_permissions)
+        if runner_id is not None:
+            pulumi.set(__self__, "runner_id", runner_id)
+        if team_name is not None:
+            pulumi.set(__self__, "team_name", team_name)
+        if user_login is not None:
+            pulumi.set(__self__, "user_login", user_login)
+
+    @property
+    @pulumi.getter
+    def decision(self) -> 'AuthPolicyDecision':
+        """
+        The rule type of this policy definition
+        """
+        return pulumi.get(self, "decision")
+
+    @property
+    @pulumi.getter
+    def rules(self) -> Mapping[str, str]:
+        """
+        OIDC rules to set for this policy.
+        """
+        return pulumi.get(self, "rules")
+
+    @property
+    @pulumi.getter(name="tokenType")
+    def token_type(self) -> 'AuthPolicyTokenType':
+        """
+        The token type for this policy definition
+        """
+        return pulumi.get(self, "token_type")
+
+    @property
+    @pulumi.getter(name="authorizedPermissions")
+    def authorized_permissions(self) -> Optional[Sequence['AuthPolicyPermissionLevel']]:
+        """
+        The permission level for organization tokens.
+        """
+        return pulumi.get(self, "authorized_permissions")
+
+    @property
+    @pulumi.getter(name="runnerID")
+    def runner_id(self) -> Optional[str]:
+        """
+        The runner ID for deployment runner tokens.
+        """
+        return pulumi.get(self, "runner_id")
+
+    @property
+    @pulumi.getter(name="teamName")
+    def team_name(self) -> Optional[str]:
+        """
+        The team name for team tokens.
+        """
+        return pulumi.get(self, "team_name")
+
+    @property
+    @pulumi.getter(name="userLogin")
+    def user_login(self) -> Optional[str]:
+        """
+        The user login for personal tokens.
+        """
+        return pulumi.get(self, "user_login")
+
+
 @pulumi.output_type
 class AzureOIDCConfiguration(dict):
     @staticmethod

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pulumi_pulumiservice/pulumi-plugin.json

@@ -1,5 +1,5 @@
 {
   "resource": true,
   "name": "pulumiservice",
-  "version": "0.28.0-alpha.1736807230"
+  "version": "0.29.0"
 }

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pulumi_pulumiservice.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pulumi_pulumiservice
-Version: 0.28.0a1736807230
+Version: 0.29.0
 Summary: A native Pulumi package for creating and managing Pulumi Cloud constructs
 License: Apache-2.0
 Project-URL: Homepage, https://pulumi.com

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pulumi_pulumiservice.egg-info/SOURCES.txt

@@ -11,6 +11,7 @@ pulumi_pulumiservice/deployment_settings.py
 pulumi_pulumiservice/drift_schedule.py
 pulumi_pulumiservice/environment.py
 pulumi_pulumiservice/environment_version_tag.py
+pulumi_pulumiservice/oidc_issuer.py
 pulumi_pulumiservice/org_access_token.py
 pulumi_pulumiservice/outputs.py
 pulumi_pulumiservice/provider.py

{pulumi_pulumiservice-0.28.0a1736807230 → pulumi_pulumiservice-0.29.0}/pyproject.toml

@@ -5,7 +5,7 @@
   keywords = ["pulumi", "kind/native", "category/infrastructure"]
   readme = "README.md"
   requires-python = ">=3.8"
-  version = "0.28.0a1736807230"
+  version = "0.29.0"
   [project.license]
     text = "Apache-2.0"
   [project.urls]