certificate_identity_pools
Creates, updates, deletes, gets or lists a certificate_identity_pools resource.
Overview
| Name | certificate_identity_pools |
| Type | Resource |
| Id | confluent.iam.certificate_identity_pools |
Fields
The following fields are returned by SELECT queries:
- get_iam_v2_certificate_identity_pool
- list_iam_v2_certificate_identity_pools
Certificate Identity Pool.
| Name | Datatype | Description |
|---|---|---|
id | string | ID is the "natural identifier" for an object within its scope/namespace; it is normally unique across time but not space. That is, you can assume that the ID will not be reclaimed and reused after an object is deleted ("time"); however, it may collide with IDs for other object kinds or objects of the same kind within a different scope/namespace ("space"). (example: dlz-f3a90de) |
display_name | string | The name of the IdentityPool. (example: My Identity Pool) |
api_version | string | APIVersion defines the schema version of this representation of a resource. (iam/v2) |
description | string | A description of how this IdentityPool is used (example: Prod Access to Kafka clusters to Release Engineering) |
external_identifier | string | The certificate field that will be used to represent the pool's external identifier for audit logging. (example: UID) |
filter | string | A filter expression in Supported Common Expression Language (CEL) that specifies which identities can authenticate using your certificate identity pool (see CEL filter for mTLS for more details). (example: C=='Canada' && O=='Confluent') |
kind | string | Kind defines the object this REST resource represents. (CertificateIdentityPool) |
metadata | object | ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. |
principal | string | Represents the federated identity associated with this pool. (example: pool-abc) |
state | string | The current state of the identity pool (example: ENABLED) |
Certificate Identity Pool.
| Name | Datatype | Description |
|---|---|---|
id | string | ID is the "natural identifier" for an object within its scope/namespace; it is normally unique across time but not space. That is, you can assume that the ID will not be reclaimed and reused after an object is deleted ("time"); however, it may collide with IDs for other object kinds or objects of the same kind within a different scope/namespace ("space"). (example: dlz-f3a90de) |
display_name | string | The name of the IdentityPool. (example: My Identity Pool) |
api_version | string | APIVersion defines the schema version of this representation of a resource. (iam/v2) |
description | string | A description of how this IdentityPool is used (example: Prod Access to Kafka clusters to Release Engineering) |
external_identifier | string | The certificate field that will be used to represent the pool's external identifier for audit logging. (example: UID) |
filter | string | A filter expression in Supported Common Expression Language (CEL) that specifies which identities can authenticate using your certificate identity pool (see CEL filter for mTLS for more details). (example: C=='Canada' && O=='Confluent') |
kind | string | Kind defines the object this REST resource represents. (CertificateIdentityPool) |
metadata | object | ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. |
principal | string | Represents the federated identity associated with this pool. (example: pool-abc) |
state | string | The current state of the identity pool (example: ENABLED) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_iam_v2_certificate_identity_pool | select | certificate_authority_id, id | Make a request to read a certificate identity pool. | |
list_iam_v2_certificate_identity_pools | select | certificate_authority_id | page_size, page_token | Retrieve a sorted, filtered, paginated list of all certificate identity pools. |
create_iam_v2_certificate_identity_pool | insert | certificate_authority_id, display_name, description, external_identifier, filter | assigned_resource_owner | Make a request to create a certificate identity pool. |
update_iam_v2_certificate_identity_pool | replace | certificate_authority_id, id | Make a request to update a certificate identity pool. | |
delete_iam_v2_certificate_identity_pool | delete | certificate_authority_id, id | Make a request to delete a certificate identity pool. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
certificate_authority_id | string | The Certificate Authority |
id | string | The unique identifier for the certificate identity pool. |
assigned_resource_owner | string | The resource_id of the principal who will be assigned resource owner on the created certificate identity pool. Principal can be group-mapping (group-xxx), user (u-xxx), service-account (sa-xxx) or identity-pool (pool-xxx). (example: u-a83k9b) |
page_size | integer | A pagination size for collection requests. |
page_token | string | An opaque pagination token for collection requests. |
SELECT examples
- get_iam_v2_certificate_identity_pool
- list_iam_v2_certificate_identity_pools
Make a request to read a certificate identity pool.
SELECT
id,
display_name,
api_version,
description,
external_identifier,
filter,
kind,
metadata,
principal,
state
FROM confluent.iam.certificate_identity_pools
WHERE certificate_authority_id = '{{ certificate_authority_id }}' -- required
AND id = '{{ id }}' -- required
;
Retrieve a sorted, filtered, paginated list of all certificate identity pools.
SELECT
id,
display_name,
api_version,
description,
external_identifier,
filter,
kind,
metadata,
principal,
state
FROM confluent.iam.certificate_identity_pools
WHERE certificate_authority_id = '{{ certificate_authority_id }}' -- required
AND page_size = '{{ page_size }}'
AND page_token = '{{ page_token }}'
;
INSERT examples
- create_iam_v2_certificate_identity_pool
- Manifest
Make a request to create a certificate identity pool.
INSERT INTO confluent.iam.certificate_identity_pools (
display_name,
description,
external_identifier,
filter,
certificate_authority_id,
assigned_resource_owner
)
SELECT
'{{ display_name }}' /* required */,
'{{ description }}' /* required */,
'{{ external_identifier }}' /* required */,
'{{ filter }}' /* required */,
'{{ certificate_authority_id }}',
'{{ assigned_resource_owner }}'
RETURNING
id,
display_name,
api_version,
description,
external_identifier,
filter,
kind,
metadata,
principal,
state
;
# Description fields are for documentation purposes
- name: certificate_identity_pools
props:
- name: certificate_authority_id
value: "{{ certificate_authority_id }}"
description: Required parameter for the certificate_identity_pools resource.
- name: display_name
value: "{{ display_name }}"
description: |
The name of the `IdentityPool`.
- name: description
value: "{{ description }}"
description: |
A description of how this `IdentityPool` is used
- name: external_identifier
value: "{{ external_identifier }}"
description: |
The certificate field that will be used to represent the
pool's external identifier for audit logging.
- name: filter
value: "{{ filter }}"
description: |
A filter expression in [Supported Common Expression Language (CEL)](https://docs.confluent.io/cloud/current/access-management/authenticate/mtls/cel-filters.html) that specifies which identities can authenticate using your certificate identity pool (see [CEL filter for mTLS](https://docs.confluent.io/cloud/current/access-management/authenticate/mtls/cel-filters.html) for more details).
- name: assigned_resource_owner
value: "{{ assigned_resource_owner }}"
description: The resource_id of the principal who will be assigned resource owner on the created certificate identity pool. Principal can be group-mapping (group-xxx), user (u-xxx), service-account (sa-xxx) or identity-pool (pool-xxx). (example: u-a83k9b)
description: The resource_id of the principal who will be assigned resource owner on the created certificate identity pool. Principal can be group-mapping (group-xxx), user (u-xxx), service-account (sa-xxx) or identity-pool (pool-xxx). (example: u-a83k9b)
REPLACE examples
- update_iam_v2_certificate_identity_pool
Make a request to update a certificate identity pool.
REPLACE confluent.iam.certificate_identity_pools
SET
display_name = '{{ display_name }}',
description = '{{ description }}',
external_identifier = '{{ external_identifier }}',
filter = '{{ filter }}'
WHERE
certificate_authority_id = '{{ certificate_authority_id }}' --required
AND id = '{{ id }}' --required
RETURNING
id,
display_name,
api_version,
description,
external_identifier,
filter,
kind,
metadata,
principal,
state;
DELETE examples
- delete_iam_v2_certificate_identity_pool
Make a request to delete a certificate identity pool.
DELETE FROM confluent.iam.certificate_identity_pools
WHERE certificate_authority_id = '{{ certificate_authority_id }}' --required
AND id = '{{ id }}' --required
;