identity_pools
Creates, updates, deletes, gets or lists an identity_pools resource.
Overview
| Name | identity_pools |
| Type | Resource |
| Id | confluent.iam.identity_pools |
Fields
The following fields are returned by SELECT queries:
- get_iam_v2_identity_pool
- list_iam_v2_identity_pools
Identity Pool.
| Name | Datatype | Description |
|---|---|---|
id | string | ID is the "natural identifier" for an object within its scope/namespace; it is normally unique across time but not space. That is, you can assume that the ID will not be reclaimed and reused after an object is deleted ("time"); however, it may collide with IDs for other object kinds or objects of the same kind within a different scope/namespace ("space"). (example: dlz-f3a90de) |
display_name | string | The name of the IdentityPool. (example: My Identity Pool) |
api_version | string | APIVersion defines the schema version of this representation of a resource. (iam/v2) |
description | string | A description of how this IdentityPool is used (example: Prod Access to Kafka clusters to Release Engineering) |
filter | string | A filter expression in Supported Common Expression Language (CEL) that specifies which identities can authenticate using your identity pool (see Set identity pool filters for more details). (example: claims.aud=="confluent" && claims.group!="invalid_group") |
identity_claim | string | The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from (see Registered Claim Names for more details). This appears in the audit log records, showing, for example, that "identity Z used identity pool X to access topic A". (example: claims.sub) |
kind | string | Kind defines the object this REST resource represents. (IdentityPool) |
metadata | object | ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. |
principal | string | Represents the federated identity associated with this pool. (example: pool-abc) |
state | string | The current state of the identity pool (example: ENABLED) |
Identity Pool.
| Name | Datatype | Description |
|---|---|---|
id | string | ID is the "natural identifier" for an object within its scope/namespace; it is normally unique across time but not space. That is, you can assume that the ID will not be reclaimed and reused after an object is deleted ("time"); however, it may collide with IDs for other object kinds or objects of the same kind within a different scope/namespace ("space"). (example: dlz-f3a90de) |
display_name | string | The name of the IdentityPool. (example: My Identity Pool) |
api_version | string | APIVersion defines the schema version of this representation of a resource. (iam/v2) |
description | string | A description of how this IdentityPool is used (example: Prod Access to Kafka clusters to Release Engineering) |
filter | string | A filter expression in Supported Common Expression Language (CEL) that specifies which identities can authenticate using your identity pool (see Set identity pool filters for more details). (example: claims.aud=="confluent" && claims.group!="invalid_group") |
identity_claim | string | The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from (see Registered Claim Names for more details). This appears in the audit log records, showing, for example, that "identity Z used identity pool X to access topic A". (example: claims.sub) |
kind | string | Kind defines the object this REST resource represents. (IdentityPool) |
metadata | object | ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. |
principal | string | Represents the federated identity associated with this pool. (example: pool-abc) |
state | string | The current state of the identity pool (example: ENABLED) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_iam_v2_identity_pool | select | provider_id, id | Make a request to read an identity pool. | |
list_iam_v2_identity_pools | select | provider_id | page_size, page_token | Retrieve a sorted, filtered, paginated list of all identity pools. |
create_iam_v2_identity_pool | insert | provider_id, display_name, description, identity_claim, filter | assigned_resource_owner | Make a request to create an identity pool. |
update_iam_v2_identity_pool | update | provider_id, id | Make a request to update an identity pool. | |
delete_iam_v2_identity_pool | delete | provider_id, id | Make a request to delete an identity pool. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
id | string | The unique identifier for the identity pool. |
provider_id | string | The Provider |
assigned_resource_owner | string | The resource_id of the principal who will be assigned resource owner on the created identity pool. Principal can be group-mapping (group-xxx), user (u-xxx), service-account (sa-xxx) or identity-pool (pool-xxx). (example: u-a83k9b) |
page_size | integer | A pagination size for collection requests. |
page_token | string | An opaque pagination token for collection requests. |
SELECT examples
- get_iam_v2_identity_pool
- list_iam_v2_identity_pools
Make a request to read an identity pool.
SELECT
id,
display_name,
api_version,
description,
filter,
identity_claim,
kind,
metadata,
principal,
state
FROM confluent.iam.identity_pools
WHERE provider_id = '{{ provider_id }}' -- required
AND id = '{{ id }}' -- required
;
Retrieve a sorted, filtered, paginated list of all identity pools.
SELECT
id,
display_name,
api_version,
description,
filter,
identity_claim,
kind,
metadata,
principal,
state
FROM confluent.iam.identity_pools
WHERE provider_id = '{{ provider_id }}' -- required
AND page_size = '{{ page_size }}'
AND page_token = '{{ page_token }}'
;
INSERT examples
- create_iam_v2_identity_pool
- Manifest
Make a request to create an identity pool.
INSERT INTO confluent.iam.identity_pools (
display_name,
description,
identity_claim,
filter,
provider_id,
assigned_resource_owner
)
SELECT
'{{ display_name }}' /* required */,
'{{ description }}' /* required */,
'{{ identity_claim }}' /* required */,
'{{ filter }}' /* required */,
'{{ provider_id }}',
'{{ assigned_resource_owner }}'
RETURNING
id,
display_name,
api_version,
description,
filter,
identity_claim,
kind,
metadata,
principal,
state
;
# Description fields are for documentation purposes
- name: identity_pools
props:
- name: provider_id
value: "{{ provider_id }}"
description: Required parameter for the identity_pools resource.
- name: display_name
value: "{{ display_name }}"
description: |
The name of the `IdentityPool`.
- name: description
value: "{{ description }}"
description: |
A description of how this `IdentityPool` is used
- name: identity_claim
value: "{{ identity_claim }}"
description: |
The JSON Web Token (JWT) claim to extract the authenticating identity to Confluent resources from
(see [Registered Claim Names](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1) for more details).
This appears in the audit log records, showing, for example, that "identity Z used identity pool X to access
topic A".
- name: filter
value: "{{ filter }}"
description: |
A filter expression in [Supported Common Expression Language (CEL)](https://docs.confluent.io/cloud/current/access-management/authenticate/oauth/identity-pools.html#supported-common-expression-language-cel-filters) that specifies which identities can authenticate using your identity pool (see [Set identity pool filters](https://docs.confluent.io/cloud/current/access-management/authenticate/oauth/identity-pools.html#set-identity-pool-filters) for more details).
- name: assigned_resource_owner
value: "{{ assigned_resource_owner }}"
description: The resource_id of the principal who will be assigned resource owner on the created identity pool. Principal can be group-mapping (group-xxx), user (u-xxx), service-account (sa-xxx) or identity-pool (pool-xxx). (example: u-a83k9b)
description: The resource_id of the principal who will be assigned resource owner on the created identity pool. Principal can be group-mapping (group-xxx), user (u-xxx), service-account (sa-xxx) or identity-pool (pool-xxx). (example: u-a83k9b)
UPDATE examples
- update_iam_v2_identity_pool
Make a request to update an identity pool.
UPDATE confluent.iam.identity_pools
SET
display_name = '{{ display_name }}',
description = '{{ description }}',
identity_claim = '{{ identity_claim }}',
filter = '{{ filter }}'
WHERE
provider_id = '{{ provider_id }}' --required
AND id = '{{ id }}' --required
RETURNING
id,
display_name,
api_version,
description,
filter,
identity_claim,
kind,
metadata,
principal,
state;
DELETE examples
- delete_iam_v2_identity_pool
Make a request to delete an identity pool.
DELETE FROM confluent.iam.identity_pools
WHERE provider_id = '{{ provider_id }}' --required
AND id = '{{ id }}' --required
;