1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. iam
  5. WorkforcePool
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.iam.WorkforcePool

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.

    To get more information about WorkforcePool, see:

    Note: Ask your Google Cloud account team to request access to workforce identity federation for your billing/quota project. The account team notifies you when the project is granted access.

    Example Usage

    Iam Workforce Pool Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const example = new gcp.iam.WorkforcePool("example", {
        workforcePoolId: "example-pool",
        parent: "organizations/123456789",
        location: "global",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    example = gcp.iam.WorkforcePool("example",
        workforce_pool_id="example-pool",
        parent="organizations/123456789",
        location="global")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
    			WorkforcePoolId: pulumi.String("example-pool"),
    			Parent:          pulumi.String("organizations/123456789"),
    			Location:        pulumi.String("global"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Gcp.Iam.WorkforcePool("example", new()
        {
            WorkforcePoolId = "example-pool",
            Parent = "organizations/123456789",
            Location = "global",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.iam.WorkforcePool;
    import com.pulumi.gcp.iam.WorkforcePoolArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new WorkforcePool("example", WorkforcePoolArgs.builder()
                .workforcePoolId("example-pool")
                .parent("organizations/123456789")
                .location("global")
                .build());
    
        }
    }
    
    resources:
      example:
        type: gcp:iam:WorkforcePool
        properties:
          workforcePoolId: example-pool
          parent: organizations/123456789
          location: global
    

    Iam Workforce Pool Full

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const example = new gcp.iam.WorkforcePool("example", {
        workforcePoolId: "example-pool",
        parent: "organizations/123456789",
        location: "global",
        displayName: "Display name",
        description: "A sample workforce pool.",
        disabled: false,
        sessionDuration: "7200s",
        accessRestrictions: {
            allowedServices: [{
                domain: "backstory.chronicle.security",
            }],
            disableProgrammaticSignin: false,
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    example = gcp.iam.WorkforcePool("example",
        workforce_pool_id="example-pool",
        parent="organizations/123456789",
        location="global",
        display_name="Display name",
        description="A sample workforce pool.",
        disabled=False,
        session_duration="7200s",
        access_restrictions={
            "allowed_services": [{
                "domain": "backstory.chronicle.security",
            }],
            "disable_programmatic_signin": False,
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
    			WorkforcePoolId: pulumi.String("example-pool"),
    			Parent:          pulumi.String("organizations/123456789"),
    			Location:        pulumi.String("global"),
    			DisplayName:     pulumi.String("Display name"),
    			Description:     pulumi.String("A sample workforce pool."),
    			Disabled:        pulumi.Bool(false),
    			SessionDuration: pulumi.String("7200s"),
    			AccessRestrictions: &iam.WorkforcePoolAccessRestrictionsArgs{
    				AllowedServices: iam.WorkforcePoolAccessRestrictionsAllowedServiceArray{
    					&iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs{
    						Domain: pulumi.String("backstory.chronicle.security"),
    					},
    				},
    				DisableProgrammaticSignin: pulumi.Bool(false),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Gcp.Iam.WorkforcePool("example", new()
        {
            WorkforcePoolId = "example-pool",
            Parent = "organizations/123456789",
            Location = "global",
            DisplayName = "Display name",
            Description = "A sample workforce pool.",
            Disabled = false,
            SessionDuration = "7200s",
            AccessRestrictions = new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsArgs
            {
                AllowedServices = new[]
                {
                    new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsAllowedServiceArgs
                    {
                        Domain = "backstory.chronicle.security",
                    },
                },
                DisableProgrammaticSignin = false,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.iam.WorkforcePool;
    import com.pulumi.gcp.iam.WorkforcePoolArgs;
    import com.pulumi.gcp.iam.inputs.WorkforcePoolAccessRestrictionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new WorkforcePool("example", WorkforcePoolArgs.builder()
                .workforcePoolId("example-pool")
                .parent("organizations/123456789")
                .location("global")
                .displayName("Display name")
                .description("A sample workforce pool.")
                .disabled(false)
                .sessionDuration("7200s")
                .accessRestrictions(WorkforcePoolAccessRestrictionsArgs.builder()
                    .allowedServices(WorkforcePoolAccessRestrictionsAllowedServiceArgs.builder()
                        .domain("backstory.chronicle.security")
                        .build())
                    .disableProgrammaticSignin(false)
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: gcp:iam:WorkforcePool
        properties:
          workforcePoolId: example-pool
          parent: organizations/123456789
          location: global
          displayName: Display name
          description: A sample workforce pool.
          disabled: false
          sessionDuration: 7200s
          accessRestrictions:
            allowedServices:
              - domain: backstory.chronicle.security
            disableProgrammaticSignin: false
    

    Create WorkforcePool Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new WorkforcePool(name: string, args: WorkforcePoolArgs, opts?: CustomResourceOptions);
    @overload
    def WorkforcePool(resource_name: str,
                      args: WorkforcePoolArgs,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def WorkforcePool(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      location: Optional[str] = None,
                      parent: Optional[str] = None,
                      workforce_pool_id: Optional[str] = None,
                      access_restrictions: Optional[WorkforcePoolAccessRestrictionsArgs] = None,
                      description: Optional[str] = None,
                      disabled: Optional[bool] = None,
                      display_name: Optional[str] = None,
                      session_duration: Optional[str] = None)
    func NewWorkforcePool(ctx *Context, name string, args WorkforcePoolArgs, opts ...ResourceOption) (*WorkforcePool, error)
    public WorkforcePool(string name, WorkforcePoolArgs args, CustomResourceOptions? opts = null)
    public WorkforcePool(String name, WorkforcePoolArgs args)
    public WorkforcePool(String name, WorkforcePoolArgs args, CustomResourceOptions options)
    
    type: gcp:iam:WorkforcePool
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args WorkforcePoolArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WorkforcePoolArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WorkforcePoolArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WorkforcePoolArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WorkforcePoolArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var workforcePoolResource = new Gcp.Iam.WorkforcePool("workforcePoolResource", new()
    {
        Location = "string",
        Parent = "string",
        WorkforcePoolId = "string",
        AccessRestrictions = new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsArgs
        {
            AllowedServices = new[]
            {
                new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsAllowedServiceArgs
                {
                    Domain = "string",
                },
            },
            DisableProgrammaticSignin = false,
        },
        Description = "string",
        Disabled = false,
        DisplayName = "string",
        SessionDuration = "string",
    });
    
    example, err := iam.NewWorkforcePool(ctx, "workforcePoolResource", &iam.WorkforcePoolArgs{
    	Location:        pulumi.String("string"),
    	Parent:          pulumi.String("string"),
    	WorkforcePoolId: pulumi.String("string"),
    	AccessRestrictions: &iam.WorkforcePoolAccessRestrictionsArgs{
    		AllowedServices: iam.WorkforcePoolAccessRestrictionsAllowedServiceArray{
    			&iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs{
    				Domain: pulumi.String("string"),
    			},
    		},
    		DisableProgrammaticSignin: pulumi.Bool(false),
    	},
    	Description:     pulumi.String("string"),
    	Disabled:        pulumi.Bool(false),
    	DisplayName:     pulumi.String("string"),
    	SessionDuration: pulumi.String("string"),
    })
    
    var workforcePoolResource = new WorkforcePool("workforcePoolResource", WorkforcePoolArgs.builder()
        .location("string")
        .parent("string")
        .workforcePoolId("string")
        .accessRestrictions(WorkforcePoolAccessRestrictionsArgs.builder()
            .allowedServices(WorkforcePoolAccessRestrictionsAllowedServiceArgs.builder()
                .domain("string")
                .build())
            .disableProgrammaticSignin(false)
            .build())
        .description("string")
        .disabled(false)
        .displayName("string")
        .sessionDuration("string")
        .build());
    
    workforce_pool_resource = gcp.iam.WorkforcePool("workforcePoolResource",
        location="string",
        parent="string",
        workforce_pool_id="string",
        access_restrictions={
            "allowed_services": [{
                "domain": "string",
            }],
            "disable_programmatic_signin": False,
        },
        description="string",
        disabled=False,
        display_name="string",
        session_duration="string")
    
    const workforcePoolResource = new gcp.iam.WorkforcePool("workforcePoolResource", {
        location: "string",
        parent: "string",
        workforcePoolId: "string",
        accessRestrictions: {
            allowedServices: [{
                domain: "string",
            }],
            disableProgrammaticSignin: false,
        },
        description: "string",
        disabled: false,
        displayName: "string",
        sessionDuration: "string",
    });
    
    type: gcp:iam:WorkforcePool
    properties:
        accessRestrictions:
            allowedServices:
                - domain: string
            disableProgrammaticSignin: false
        description: string
        disabled: false
        displayName: string
        location: string
        parent: string
        sessionDuration: string
        workforcePoolId: string
    

    WorkforcePool Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The WorkforcePool resource accepts the following input properties:

    Location string
    The location for the resource.
    Parent string
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    WorkforcePoolId string
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    AccessRestrictions WorkforcePoolAccessRestrictions
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    Description string
    A user-specified description of the pool. Cannot exceed 256 characters.
    Disabled bool
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    DisplayName string
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    SessionDuration string
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    Location string
    The location for the resource.
    Parent string
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    WorkforcePoolId string
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    AccessRestrictions WorkforcePoolAccessRestrictionsArgs
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    Description string
    A user-specified description of the pool. Cannot exceed 256 characters.
    Disabled bool
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    DisplayName string
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    SessionDuration string
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    location String
    The location for the resource.
    parent String
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    workforcePoolId String
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    accessRestrictions WorkforcePoolAccessRestrictions
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description String
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled Boolean
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    displayName String
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    sessionDuration String
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    location string
    The location for the resource.
    parent string
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    workforcePoolId string
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    accessRestrictions WorkforcePoolAccessRestrictions
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description string
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled boolean
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    displayName string
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    sessionDuration string
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    location str
    The location for the resource.
    parent str
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    workforce_pool_id str
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    access_restrictions WorkforcePoolAccessRestrictionsArgs
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description str
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled bool
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    display_name str
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    session_duration str
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    location String
    The location for the resource.
    parent String
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    workforcePoolId String
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    accessRestrictions Property Map
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description String
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled Boolean
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    displayName String
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    sessionDuration String
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

    Outputs

    All input properties are implicitly available as output properties. Additionally, the WorkforcePool resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    State string
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    State string
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    state String
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    state string
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    state str
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    state String
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

    Look up Existing WorkforcePool Resource

    Get an existing WorkforcePool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WorkforcePoolState, opts?: CustomResourceOptions): WorkforcePool
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_restrictions: Optional[WorkforcePoolAccessRestrictionsArgs] = None,
            description: Optional[str] = None,
            disabled: Optional[bool] = None,
            display_name: Optional[str] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            parent: Optional[str] = None,
            session_duration: Optional[str] = None,
            state: Optional[str] = None,
            workforce_pool_id: Optional[str] = None) -> WorkforcePool
    func GetWorkforcePool(ctx *Context, name string, id IDInput, state *WorkforcePoolState, opts ...ResourceOption) (*WorkforcePool, error)
    public static WorkforcePool Get(string name, Input<string> id, WorkforcePoolState? state, CustomResourceOptions? opts = null)
    public static WorkforcePool get(String name, Output<String> id, WorkforcePoolState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessRestrictions WorkforcePoolAccessRestrictions
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    Description string
    A user-specified description of the pool. Cannot exceed 256 characters.
    Disabled bool
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    DisplayName string
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    Location string
    The location for the resource.
    Name string
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    Parent string
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    SessionDuration string
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    State string
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    WorkforcePoolId string
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    AccessRestrictions WorkforcePoolAccessRestrictionsArgs
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    Description string
    A user-specified description of the pool. Cannot exceed 256 characters.
    Disabled bool
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    DisplayName string
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    Location string
    The location for the resource.
    Name string
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    Parent string
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    SessionDuration string
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    State string
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    WorkforcePoolId string
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    accessRestrictions WorkforcePoolAccessRestrictions
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description String
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled Boolean
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    displayName String
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    location String
    The location for the resource.
    name String
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    parent String
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    sessionDuration String
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    state String
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    workforcePoolId String
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    accessRestrictions WorkforcePoolAccessRestrictions
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description string
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled boolean
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    displayName string
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    location string
    The location for the resource.
    name string
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    parent string
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    sessionDuration string
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    state string
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    workforcePoolId string
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    access_restrictions WorkforcePoolAccessRestrictionsArgs
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description str
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled bool
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    display_name str
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    location str
    The location for the resource.
    name str
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    parent str
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    session_duration str
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    state str
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    workforce_pool_id str
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.
    accessRestrictions Property Map
    Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
    description String
    A user-specified description of the pool. Cannot exceed 256 characters.
    disabled Boolean
    Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
    displayName String
    A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
    location String
    The location for the resource.
    name String
    Output only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforcePoolId}
    parent String
    Immutable. The resource name of the parent. Format: organizations/{org-id}.


    sessionDuration String
    Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
    state String
    Output only. The state of the pool.

    • STATE_UNSPECIFIED: State unspecified.
    • ACTIVE: The pool is active, and may be used in Google Cloud policies.
    • DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
    workforcePoolId String
    The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.

    Supporting Types

    WorkforcePoolAccessRestrictions, WorkforcePoolAccessRestrictionsArgs

    AllowedServices List<WorkforcePoolAccessRestrictionsAllowedService>
    Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
    DisableProgrammaticSignin bool
    Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
    AllowedServices []WorkforcePoolAccessRestrictionsAllowedService
    Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
    DisableProgrammaticSignin bool
    Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
    allowedServices List<WorkforcePoolAccessRestrictionsAllowedService>
    Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
    disableProgrammaticSignin Boolean
    Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
    allowedServices WorkforcePoolAccessRestrictionsAllowedService[]
    Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
    disableProgrammaticSignin boolean
    Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
    allowed_services Sequence[WorkforcePoolAccessRestrictionsAllowedService]
    Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
    disable_programmatic_signin bool
    Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
    allowedServices List<Property Map>
    Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
    disableProgrammaticSignin Boolean
    Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.

    WorkforcePoolAccessRestrictionsAllowedService, WorkforcePoolAccessRestrictionsAllowedServiceArgs

    Domain string
    Domain name of the service. Example: console.cloud.google
    Domain string
    Domain name of the service. Example: console.cloud.google
    domain String
    Domain name of the service. Example: console.cloud.google
    domain string
    Domain name of the service. Example: console.cloud.google
    domain str
    Domain name of the service. Example: console.cloud.google
    domain String
    Domain name of the service. Example: console.cloud.google

    Import

    WorkforcePool can be imported using any of these accepted formats:

    • locations/{{location}}/workforcePools/{{workforce_pool_id}}

    • {{location}}/{{workforce_pool_id}}

    When using the pulumi import command, WorkforcePool can be imported using one of the formats above. For example:

    $ pulumi import gcp:iam/workforcePool:WorkforcePool default locations/{{location}}/workforcePools/{{workforce_pool_id}}
    
    $ pulumi import gcp:iam/workforcePool:WorkforcePool default {{location}}/{{workforce_pool_id}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi