identitytoolkit.v2.DefaultSupportedIdpConfig requires tenent_id to be set to empty string. It should except None

[voxelbee]

What happened?

When using the python bindings with identitytoolkit.v2.DefaultSupportedIdpConfig the property of tenent_id should accept a type value of None as it's not required. However when this property is set to None it throws. The Google Classic provider has the same problem.

If I set tenant_id to an empty string it causes another error to be thrown. (In Google Cloud Classic provider setting it to an empty string works. This could be because I'm trying to use the apple_sign_in_config). I need this to work because I can't specify apple_sign_in_config in the Google Cloud Classic provider only in the Native provider but it currently throws an error because of the tenant_id.

Example

gcn.identitytoolkit.v2.DefaultSupportedIdpConfig(
    "apple-idp-config",
    apple_sign_in_config=gcn.identitytoolkit.v2.GoogleCloudIdentitytoolkitAdminV2AppleSignInConfigArgs(
        bundle_ids=[ios_app.bundle_id],
    ),
    project=project.project_id,
    client_id=iap_client.client_id,
    client_secret=iap_client.secret,
    # tenant_id="",  NOTE: Report the bug that this is required. Should except tenant_id=None
    enabled=True,
    idp_id="apple.com",
    opts=pulumi.ResourceOptions(depends_on=services, provider=gcp_provider),
)

The above code when run throws the following error:

raise TypeError("Missing required property 'tenant_id'")
    TypeError: Missing required property 'tenant_id'

gcn.identitytoolkit.v2.DefaultSupportedIdpConfig(
    "apple-idp-config",
    apple_sign_in_config=gcn.identitytoolkit.v2.GoogleCloudIdentitytoolkitAdminV2AppleSignInConfigArgs(
        bundle_ids=[ios_app.bundle_id],
    ),
    project=project.project_id,
    client_id=iap_client.client_id,
    client_secret=iap_client.secret,
    tenant_id="", #  NOTE: Report the bug that this is required. Should except tenant_id=None
    enabled=True,
    idp_id="apple.com",
    opts=pulumi.ResourceOptions(depends_on=services, provider=gcp_provider),
)

Updating the code to supply tenant_id with empty string fails with the following error:

 __self__._internal_init(resource_name, *args, **kwargs)
    TypeError: DefaultSupportedIdpConfig._internal_init() got an unexpected keyword argument 'tenant_id'

Output of pulumi about

CLI
Version 3.96.1
Go Version go1.21.4
Go Compiler gc

Plugins
NAME VERSION
command 0.9.2
docker 4.4.5
gcp 7.1.1
google-native 0.31.1
python unknown
random 4.14.0

Host
OS darwin
Version 14.0
Arch arm64

This project is written in python: executable='/Users/peytonhammersley/src/ponderosa/infra/venv/bin/python3' version='3.11.3'

Current Stack: ponderosa/ponderosa/dev

TYPE URN
pulumi:pulumi:Stack urn:pulumi:dev::ponderosa::pulumi:pulumi:Stack::ponderosa-dev
infra:Services urn:pulumi:dev::ponderosa::infra:Services::base-services
infra:ServiceAccountFile urn:pulumi:dev::ponderosa::infra:ServiceAccountFile::service-account-file
pulumi:providers:random urn:pulumi:dev::ponderosa::pulumi:providers:random::default_4_14_0
random:index/randomUuid:RandomUuid urn:pulumi:dev::ponderosa::random:index/randomUuid:RandomUuid::random-uuid
pulumi:providers:gcp urn:pulumi:dev::ponderosa::pulumi:providers:gcp::default_7_1_1
gcp:organizations/project:Project urn:pulumi:dev::ponderosa::gcp:organizations/project:Project::project
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudbilling.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::serviceusage.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudresourcemanager.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::iam.googleapis.com
gcp:serviceaccount/account:Account urn:pulumi:dev::ponderosa::gcp:serviceaccount/account:Account::pulumi-service-account
gcp:projects/iAMBinding:IAMBinding urn:pulumi:dev::ponderosa::gcp:projects/iAMBinding:IAMBinding::admin-account-iam
gcp:serviceaccount/key:Key urn:pulumi:dev::ponderosa::gcp:serviceaccount/key:Key::pulumi-service-account-key
pulumi:providers:command urn:pulumi:dev::ponderosa::pulumi:providers:command::default_0_9_2
command:local:Command urn:pulumi:dev::ponderosa::infra:ServiceAccountFile$command:local:Command::write-pulumi-service-account-key
pulumi:providers:gcp urn:pulumi:dev::ponderosa::pulumi:providers:gcp::gcp-provider
infra:Services urn:pulumi:dev::ponderosa::infra:Services::required-services
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::run.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::firebase.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::artifactregistry.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::eventarc.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::aiplatform.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudfunctions.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::pubsub.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::secretmanager.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::firestore.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudbuild.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::storage.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::iap.googleapis.com
gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::identitytoolkit.googleapis.com
gcp:firebase/project:Project urn:pulumi:dev::ponderosa::gcp:firebase/project:Project::firebase-project
pulumi:providers:google-native urn:pulumi:dev::ponderosa::pulumi:providers:google-native::default_0_31_1
gcp:identityplatform/config:Config urn:pulumi:dev::ponderosa::gcp:identityplatform/config:Config::idp-config
gcp:firebase/appleApp:AppleApp urn:pulumi:dev::ponderosa::gcp:firebase/appleApp:AppleApp::ios-app
google-native:iap/v1:Brand urn:pulumi:dev::ponderosa::google-native:iap/v1:Brand::iap-brand
gcp:iap/client:Client urn:pulumi:dev::ponderosa::gcp:iap/client:Client::google-iap-client
gcp:identityplatform/defaultSupportedIdpConfig:DefaultSupportedIdpConfig urn:pulumi:dev::ponderosa::gcp:identityplatform/defaultSupportedIdpConfig:DefaultSupportedIdpConfig::google-idp-config

Found no pending operations associated with dev

Backend
Name pulumi.com
URL https://app.pulumi.com/voxelbee
User voxelbee
Organizations voxelbee, ponderosa
Token type personal

Dependencies:
NAME VERSION
pip 23.3.1
pulumi-command 0.9.2
pulumi-docker 4.4.5
pulumi-gcp 7.1.1
pulumi-google-native 0.31.1
pulumi-random 4.14.0
setuptools 69.0.1
wheel 0.41.3

Pulumi locates its logs in /var/folders/s3/d09v32t578q99gt_tfkrb55c0000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[mjeffryes]

Thanks for reporting this issue @voxelbee. It sounds like you may have found a workaround in the GCP (google classic), so I'd recommend that as you best path forward in the near term.

[voxelbee]

@mjeffryes I can't use that as a workaround for this deployment as the GCP (google classic) doesn't contain apple_sign_in_config in the deployment config. It works for other sign in configs such as google sign in.