import * as pulumi from "@pulumi/pulumi"; /** * Represents a SCIM Token for a Workforce Pool Provider Scim Tenant. * The SCIM Token is used for authenticating SCIM provisioning requests during the synchronization of user/group identities from external identity provider into Google Cloud using the System for Cross-domain Identity Management (SCIM) protocol. This needs to be provided in the Secret (Long Lived) Token field when configuring SCIM on an IdP. * * To get more information about WorkforcePoolProviderScimToken, see: * * * [API documentation](https://docs.cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers.scimTenants.tokens) * * How-to Guides * * [Create a SCIM Token for the SCIM Tenant](https://cloud.google.com/iam/docs/workforce-sign-in-microsoft-entra-id-scalable-groups?group_type=extended#extended-attributes) * * ## Example Usage * * ### Iam Workforce Pool Provider Scim Token Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const pool = new gcp.iam.WorkforcePool("pool", { * workforcePoolId: "example-pool", * parent: "organizations/123456789", * location: "global", * }); * const provider = new gcp.iam.WorkforcePoolProvider("provider", { * location: "global", * workforcePoolId: pool.workforcePoolId, * providerId: "example-prvdr", * attributeMapping: { * "google.subject": "assertion.sub", * }, * oidc: { * issuerUri: "https://accounts.thirdparty.com", * clientId: "client-id", * clientSecret: { * value: { * plainText: "client-secret", * }, * }, * webSsoConfig: { * responseType: "CODE", * assertionClaimsBehavior: "MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS", * additionalScopes: [ * "groups", * "roles", * ], * }, * }, * displayName: "Display name", * description: "A sample OIDC workforce pool provider.", * disabled: false, * attributeCondition: "true", * }); * const tenant = new gcp.iam.WorkforcePoolProviderScimTenant("tenant", { * location: "global", * workforcePoolId: pool.workforcePoolId, * providerId: provider.providerId, * scimTenantId: "example-tenant", * displayName: "SCIM Tenant display Name", * description: "A SCIM Tenant for IAM Workforce Pool Provider", * claimMapping: { * "google.subject": "user.externalId", * "google.group": "group.externalId", * }, * hardDelete: true, * }); * const example = new gcp.iam.WorkforcePoolProviderScimToken("example", { * location: "global", * workforcePoolId: pool.workforcePoolId, * providerId: provider.providerId, * scimTenantId: tenant.scimTenantId, * scimTokenId: "example-scim-token", * displayName: "SCIM Token display Name", * }); * ``` * * ## Import * * WorkforcePoolProviderScimToken can be imported using any of these accepted formats: * * * `locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/scimTenants/{{scim_tenant_id}}/tokens/{{scim_token_id}}` * * `{{location}}/{{workforce_pool_id}}/{{provider_id}}/{{scim_tenant_id}}/{{scim_token_id}}` * * When using the `pulumi import` command, WorkforcePoolProviderScimToken can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/workforcePoolProviderScimToken:WorkforcePoolProviderScimToken default locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}}/scimTenants/{{scim_tenant_id}}/tokens/{{scim_token_id}} * $ pulumi import gcp:iam/workforcePoolProviderScimToken:WorkforcePoolProviderScimToken default {{location}}/{{workforce_pool_id}}/{{provider_id}}/{{scim_tenant_id}}/{{scim_token_id}} * ``` */ export declare class WorkforcePoolProviderScimToken extends pulumi.CustomResource { /** * Get an existing WorkforcePoolProviderScimToken resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: WorkforcePoolProviderScimTokenState, opts?: pulumi.CustomResourceOptions): WorkforcePoolProviderScimToken; /** * Returns true if the given object is an instance of WorkforcePoolProviderScimToken. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is WorkforcePoolProviderScimToken; /** * A user-specified display name for the scim token. Cannot exceed 32 characters. */ readonly displayName: pulumi.Output; /** * The location for the resource. */ readonly location: pulumi.Output; /** * Identifier. The resource name of the scim token. * Format: `locations/{location}/workforcePools/{workforce_pool}/providers/{workforce_pool_provider}/scimTenants/{scim_tenant_id}/tokens/{scim_token_id}` */ readonly name: pulumi.Output; /** * The ID of the Provider. */ readonly providerId: pulumi.Output; /** * The ID of the SCIM Tenant. */ readonly scimTenantId: pulumi.Output; /** * The ID to use for the SCIM Token, which becomes the final component of the resource name. This value should be 4-32 characters and follow the pattern: `(a-z)`. */ readonly scimTokenId: pulumi.Output; /** * The token string provided to the IdP for authentication and will be set only during creation. */ readonly securityToken: pulumi.Output; /** * The current state of the scim token. * * ACTIVE: The token is active and may be used to provision users and groups. * * DELETED: The token is soft-deleted. Soft-deleted tokens are permanently deleted after approximately 30 days. */ readonly state: pulumi.Output; /** * The ID of the Workforce Pool. */ readonly workforcePoolId: pulumi.Output; /** * Create a WorkforcePoolProviderScimToken resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkforcePoolProviderScimTokenArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering WorkforcePoolProviderScimToken resources. */ export interface WorkforcePoolProviderScimTokenState { /** * A user-specified display name for the scim token. Cannot exceed 32 characters. */ displayName?: pulumi.Input; /** * The location for the resource. */ location?: pulumi.Input; /** * Identifier. The resource name of the scim token. * Format: `locations/{location}/workforcePools/{workforce_pool}/providers/{workforce_pool_provider}/scimTenants/{scim_tenant_id}/tokens/{scim_token_id}` */ name?: pulumi.Input; /** * The ID of the Provider. */ providerId?: pulumi.Input; /** * The ID of the SCIM Tenant. */ scimTenantId?: pulumi.Input; /** * The ID to use for the SCIM Token, which becomes the final component of the resource name. This value should be 4-32 characters and follow the pattern: `(a-z)`. */ scimTokenId?: pulumi.Input; /** * The token string provided to the IdP for authentication and will be set only during creation. */ securityToken?: pulumi.Input; /** * The current state of the scim token. * * ACTIVE: The token is active and may be used to provision users and groups. * * DELETED: The token is soft-deleted. Soft-deleted tokens are permanently deleted after approximately 30 days. */ state?: pulumi.Input; /** * The ID of the Workforce Pool. */ workforcePoolId?: pulumi.Input; } /** * The set of arguments for constructing a WorkforcePoolProviderScimToken resource. */ export interface WorkforcePoolProviderScimTokenArgs { /** * A user-specified display name for the scim token. Cannot exceed 32 characters. */ displayName?: pulumi.Input; /** * The location for the resource. */ location: pulumi.Input; /** * The ID of the Provider. */ providerId: pulumi.Input; /** * The ID of the SCIM Tenant. */ scimTenantId: pulumi.Input; /** * The ID to use for the SCIM Token, which becomes the final component of the resource name. This value should be 4-32 characters and follow the pattern: `(a-z)`. */ scimTokenId: pulumi.Input; /** * The ID of the Workforce Pool. */ workforcePoolId: pulumi.Input; }