`identitytoolkit.v2.DefaultSupportedIdpConfig` requires `tenent_id` to be set to empty string. It should except `None`

[voxelbee]

What happened?

When using the python bindings with identitytoolkit.v2.DefaultSupportedIdpConfig the property of tenent_id should accept a type value of None as it's not required. However when this property is set to None it throws. The Google Classic provider has the same problem.

If I set tenant_id to an empty string it causes another error to be thrown. (In Google Cloud Classic provider setting it to an empty string works. This could be because I'm trying to use the apple_sign_in_config). I need this to work because I can't specify apple_sign_in_config in the Google Cloud Classic provider only in the Native provider but it currently throws an error because of the tenant_id.

Example

gcn.identitytoolkit.v2.DefaultSupportedIdpConfig(
    "apple-idp-config",
    apple_sign_in_config=gcn.identitytoolkit.v2.GoogleCloudIdentitytoolkitAdminV2AppleSignInConfigArgs(
        bundle_ids=[ios_app.bundle_id],
    ),
    project=project.project_id,
    client_id=iap_client.client_id,
    client_secret=iap_client.secret,
    # tenant_id="",  NOTE: Report the bug that this is required. Should except tenant_id=None
    enabled=True,
    idp_id="apple.com",
    opts=pulumi.ResourceOptions(depends_on=services, provider=gcp_provider),
)

The above code when run throws the following error:

raise TypeError("Missing required property 'tenant_id'")
    TypeError: Missing required property 'tenant_id'

gcn.identitytoolkit.v2.DefaultSupportedIdpConfig(
    "apple-idp-config",
    apple_sign_in_config=gcn.identitytoolkit.v2.GoogleCloudIdentitytoolkitAdminV2AppleSignInConfigArgs(
        bundle_ids=[ios_app.bundle_id],
    ),
    project=project.project_id,
    client_id=iap_client.client_id,
    client_secret=iap_client.secret,
    tenant_id="", #  NOTE: Report the bug that this is required. Should except tenant_id=None
    enabled=True,
    idp_id="apple.com",
    opts=pulumi.ResourceOptions(depends_on=services, provider=gcp_provider),
)

Updating the code to supply tenant_id with empty string fails with the following error:

 __self__._internal_init(resource_name, *args, **kwargs)
    TypeError: DefaultSupportedIdpConfig._internal_init() got an unexpected keyword argument 'tenant_id'

Output of pulumi about

CLI
Version 3.96.1 Go Version go1.21.4 Go Compiler gc

Plugins NAME VERSION command 0.9.2 docker 4.4.5 gcp 7.1.1 google-native 0.31.1 python unknown random 4.14.0

Host
OS darwin Version 14.0 Arch arm64

This project is written in python: executable='/Users/peytonhammersley/src/ponderosa/infra/venv/bin/python3' version='3.11.3'

Current Stack: ponderosa/ponderosa/dev

TYPE URN pulumi:pulumi:Stack urn:pulumi:dev::ponderosa::pulumi:pulumi:Stack::ponderosa-dev infra:Services urn:pulumi:dev::ponderosa::infra:Services::base-services infra:ServiceAccountFile urn:pulumi:dev::ponderosa::infra:ServiceAccountFile::service-account-file pulumi:providers:random urn:pulumi:dev::ponderosa::pulumi:providers:random::default_4_14_0 random:index/randomUuid:RandomUuid urn:pulumi:dev::ponderosa::random:index/randomUuid:RandomUuid::random-uuid pulumi:providers:gcp urn:pulumi:dev::ponderosa::pulumi:providers:gcp::default_7_1_1 gcp:organizations/project:Project urn:pulumi:dev::ponderosa::gcp:organizations/project:Project::project gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudbilling.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::serviceusage.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudresourcemanager.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::iam.googleapis.com gcp:serviceaccount/account:Account urn:pulumi:dev::ponderosa::gcp:serviceaccount/account:Account::pulumi-service-account gcp:projects/iAMBinding:IAMBinding urn:pulumi:dev::ponderosa::gcp:projects/iAMBinding:IAMBinding::admin-account-iam gcp:serviceaccount/key:Key urn:pulumi:dev::ponderosa::gcp:serviceaccount/key:Key::pulumi-service-account-key pulumi:providers:command urn:pulumi:dev::ponderosa::pulumi:providers:command::default_0_9_2 command:local:Command urn:pulumi:dev::ponderosa::infra:ServiceAccountFile$command:local:Command::write-pulumi-service-account-key pulumi:providers:gcp urn:pulumi:dev::ponderosa::pulumi:providers:gcp::gcp-provider infra:Services urn:pulumi:dev::ponderosa::infra:Services::required-services gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::run.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::firebase.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::artifactregistry.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::eventarc.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::aiplatform.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudfunctions.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::pubsub.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::secretmanager.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::firestore.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::cloudbuild.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::storage.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::iap.googleapis.com gcp:projects/service:Service urn:pulumi:dev::ponderosa::infra:Services$gcp:projects/service:Service::identitytoolkit.googleapis.com gcp:firebase/project:Project urn:pulumi:dev::ponderosa::gcp:firebase/project:Project::firebase-project pulumi:providers:google-native urn:pulumi:dev::ponderosa::pulumi:providers:google-native::default_0_31_1 gcp:identityplatform/config:Config urn:pulumi:dev::ponderosa::gcp:identityplatform/config:Config::idp-config gcp:firebase/appleApp:AppleApp urn:pulumi:dev::ponderosa::gcp:firebase/appleApp:AppleApp::ios-app google-native:iap/v1:Brand urn:pulumi:dev::ponderosa::google-native:iap/v1:Brand::iap-brand gcp:iap/client:Client urn:pulumi:dev::ponderosa::gcp:iap/client:Client::google-iap-client gcp:identityplatform/defaultSupportedIdpConfig:DefaultSupportedIdpConfig urn:pulumi:dev::ponderosa::gcp:identityplatform/defaultSupportedIdpConfig:DefaultSupportedIdpConfig::google-idp-config

Found no pending operations associated with dev

Backend
Name pulumi.com URL https://app.pulumi.com/voxelbee User voxelbee Organizations voxelbee, ponderosa Token type personal

Dependencies: NAME VERSION pip 23.3.1 pulumi-command 0.9.2 pulumi-docker 4.4.5 pulumi-gcp 7.1.1 pulumi-google-native 0.31.1 pulumi-random 4.14.0 setuptools 69.0.1 wheel 0.41.3

Pulumi locates its logs in /var/folders/s3/d09v32t578q99gt_tfkrb55c0000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[mjeffryes]

Thanks for reporting this issue @voxelbee. It sounds like you may have found a workaround in the GCP (google classic), so I'd recommend that as you best path forward in the near term.

[voxelbee]

@mjeffryes I can't use that as a workaround for this deployment as the GCP (google classic) doesn't contain apple_sign_in_config in the deployment config. It works for other sign in configs such as google sign in.