Skip to main content

Retrieving the Data Source

This data source can be retrieved by one of ID or name.
Retrieve by ID
To retrieve by ID, fill in only the id field: 
data ... {
    id = "your-ID"
}
Retrieve by Name
To retrieve by name, fill in only the name and parent_id fields: 
data ... {
    name      = "your name"
    parent_id = "data-source-parent-id"
}

Schema

Optional

  • id (String) Identifier for the resource, unique for its resource type.
  • name (String) Human readable name for the resource.
  • parent_id (String) Identifier of the parent resource to which the resource belongs.

Read-Only

  • created_at (String) : Timestamp indicating when the resource was created. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM
  • federated_subject_id (String) Federated subject ID.For oidc_provider subject will be calculated based on the “sub” claim of the JWT federation token.
  • labels (Map of String) : Labels associated with the resource.
  • metadata (Attributes) :

    Inner value description

    Common resource metadata. (see below for nested schema)
  • oidc_provider (Attributes) (see below for nested schema)
  • resource_version (Number) : Version of the resource for safe concurrent modifications and consistent reads. Positive and monotonically increases on each resource spec change (but not on each change of the resource’s container(s) or status). Service allows zero value or current.
  • status (Attributes) (see below for nested schema)
  • subject_id (String) IAM subject, in which federated subject will be impersonated to. E.g. for workload identities it will be IAM service account.
  • updated_at (String) : Timestamp indicating when the resource was last updated. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM

Nested Schema for metadata

Nested Schema for oidc_provider

Read-Only:
  • issuer_url (String) : It’s not required provider OIDC issuer should be real OIDC provider, but should expose OIDC configuration with “/.well-known/openid-configuration” endpoint. Configuration should contains the “jwks_uri” endpoint where the JSON Web Key Set (JWKS) can be found; this set contains public keys used to verify JSON Web Tokens (JWTs) issued by an identity provider. Limitations for external OIDC providers:
    • token service limits the number of handled keys by 50. If your JWKS return more than 50, the only first 50 will be used for signature verifying.
    • response size for jwks_uri and “/.well-known/openid-configuration limited by 100KB.
  • jwk_set_json (String) : Literally json, which represents JWKS with public keys for JWT verification. It worth mentioned that in a case of adding/rotating keys the jwk_set_json also should be updated here. Besides, the “issuer” parameter should be set even if the JWKS will be resolved locally.

Nested Schema for status