gcp.iam.WorkforcePool
Explore with Pulumi AI
Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.
To get more information about WorkforcePool, see:
- API documentation
- How-to Guides
Note: Ask your Google Cloud account team to request access to workforce identity federation for your billing/quota project. The account team notifies you when the project is granted access.
Example Usage
Iam Workforce Pool Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const example = new gcp.iam.WorkforcePool("example", {
workforcePoolId: "example-pool",
parent: "organizations/123456789",
location: "global",
});
import pulumi
import pulumi_gcp as gcp
example = gcp.iam.WorkforcePool("example",
workforce_pool_id="example-pool",
parent="organizations/123456789",
location="global")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
WorkforcePoolId: pulumi.String("example-pool"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var example = new Gcp.Iam.WorkforcePool("example", new()
{
WorkforcePoolId = "example-pool",
Parent = "organizations/123456789",
Location = "global",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.WorkforcePool;
import com.pulumi.gcp.iam.WorkforcePoolArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WorkforcePool("example", WorkforcePoolArgs.builder()
.workforcePoolId("example-pool")
.parent("organizations/123456789")
.location("global")
.build());
}
}
resources:
example:
type: gcp:iam:WorkforcePool
properties:
workforcePoolId: example-pool
parent: organizations/123456789
location: global
Iam Workforce Pool Full
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const example = new gcp.iam.WorkforcePool("example", {
workforcePoolId: "example-pool",
parent: "organizations/123456789",
location: "global",
displayName: "Display name",
description: "A sample workforce pool.",
disabled: false,
sessionDuration: "7200s",
accessRestrictions: {
allowedServices: [{
domain: "backstory.chronicle.security",
}],
disableProgrammaticSignin: false,
},
});
import pulumi
import pulumi_gcp as gcp
example = gcp.iam.WorkforcePool("example",
workforce_pool_id="example-pool",
parent="organizations/123456789",
location="global",
display_name="Display name",
description="A sample workforce pool.",
disabled=False,
session_duration="7200s",
access_restrictions={
"allowed_services": [{
"domain": "backstory.chronicle.security",
}],
"disable_programmatic_signin": False,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
WorkforcePoolId: pulumi.String("example-pool"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
DisplayName: pulumi.String("Display name"),
Description: pulumi.String("A sample workforce pool."),
Disabled: pulumi.Bool(false),
SessionDuration: pulumi.String("7200s"),
AccessRestrictions: &iam.WorkforcePoolAccessRestrictionsArgs{
AllowedServices: iam.WorkforcePoolAccessRestrictionsAllowedServiceArray{
&iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs{
Domain: pulumi.String("backstory.chronicle.security"),
},
},
DisableProgrammaticSignin: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var example = new Gcp.Iam.WorkforcePool("example", new()
{
WorkforcePoolId = "example-pool",
Parent = "organizations/123456789",
Location = "global",
DisplayName = "Display name",
Description = "A sample workforce pool.",
Disabled = false,
SessionDuration = "7200s",
AccessRestrictions = new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsArgs
{
AllowedServices = new[]
{
new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsAllowedServiceArgs
{
Domain = "backstory.chronicle.security",
},
},
DisableProgrammaticSignin = false,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.WorkforcePool;
import com.pulumi.gcp.iam.WorkforcePoolArgs;
import com.pulumi.gcp.iam.inputs.WorkforcePoolAccessRestrictionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WorkforcePool("example", WorkforcePoolArgs.builder()
.workforcePoolId("example-pool")
.parent("organizations/123456789")
.location("global")
.displayName("Display name")
.description("A sample workforce pool.")
.disabled(false)
.sessionDuration("7200s")
.accessRestrictions(WorkforcePoolAccessRestrictionsArgs.builder()
.allowedServices(WorkforcePoolAccessRestrictionsAllowedServiceArgs.builder()
.domain("backstory.chronicle.security")
.build())
.disableProgrammaticSignin(false)
.build())
.build());
}
}
resources:
example:
type: gcp:iam:WorkforcePool
properties:
workforcePoolId: example-pool
parent: organizations/123456789
location: global
displayName: Display name
description: A sample workforce pool.
disabled: false
sessionDuration: 7200s
accessRestrictions:
allowedServices:
- domain: backstory.chronicle.security
disableProgrammaticSignin: false
Create WorkforcePool Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WorkforcePool(name: string, args: WorkforcePoolArgs, opts?: CustomResourceOptions);
@overload
def WorkforcePool(resource_name: str,
args: WorkforcePoolArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WorkforcePool(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[str] = None,
parent: Optional[str] = None,
workforce_pool_id: Optional[str] = None,
access_restrictions: Optional[WorkforcePoolAccessRestrictionsArgs] = None,
description: Optional[str] = None,
disabled: Optional[bool] = None,
display_name: Optional[str] = None,
session_duration: Optional[str] = None)
func NewWorkforcePool(ctx *Context, name string, args WorkforcePoolArgs, opts ...ResourceOption) (*WorkforcePool, error)
public WorkforcePool(string name, WorkforcePoolArgs args, CustomResourceOptions? opts = null)
public WorkforcePool(String name, WorkforcePoolArgs args)
public WorkforcePool(String name, WorkforcePoolArgs args, CustomResourceOptions options)
type: gcp:iam:WorkforcePool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WorkforcePoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkforcePoolArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkforcePoolArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkforcePoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkforcePoolArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var workforcePoolResource = new Gcp.Iam.WorkforcePool("workforcePoolResource", new()
{
Location = "string",
Parent = "string",
WorkforcePoolId = "string",
AccessRestrictions = new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsArgs
{
AllowedServices = new[]
{
new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsAllowedServiceArgs
{
Domain = "string",
},
},
DisableProgrammaticSignin = false,
},
Description = "string",
Disabled = false,
DisplayName = "string",
SessionDuration = "string",
});
example, err := iam.NewWorkforcePool(ctx, "workforcePoolResource", &iam.WorkforcePoolArgs{
Location: pulumi.String("string"),
Parent: pulumi.String("string"),
WorkforcePoolId: pulumi.String("string"),
AccessRestrictions: &iam.WorkforcePoolAccessRestrictionsArgs{
AllowedServices: iam.WorkforcePoolAccessRestrictionsAllowedServiceArray{
&iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs{
Domain: pulumi.String("string"),
},
},
DisableProgrammaticSignin: pulumi.Bool(false),
},
Description: pulumi.String("string"),
Disabled: pulumi.Bool(false),
DisplayName: pulumi.String("string"),
SessionDuration: pulumi.String("string"),
})
var workforcePoolResource = new WorkforcePool("workforcePoolResource", WorkforcePoolArgs.builder()
.location("string")
.parent("string")
.workforcePoolId("string")
.accessRestrictions(WorkforcePoolAccessRestrictionsArgs.builder()
.allowedServices(WorkforcePoolAccessRestrictionsAllowedServiceArgs.builder()
.domain("string")
.build())
.disableProgrammaticSignin(false)
.build())
.description("string")
.disabled(false)
.displayName("string")
.sessionDuration("string")
.build());
workforce_pool_resource = gcp.iam.WorkforcePool("workforcePoolResource",
location="string",
parent="string",
workforce_pool_id="string",
access_restrictions={
"allowed_services": [{
"domain": "string",
}],
"disable_programmatic_signin": False,
},
description="string",
disabled=False,
display_name="string",
session_duration="string")
const workforcePoolResource = new gcp.iam.WorkforcePool("workforcePoolResource", {
location: "string",
parent: "string",
workforcePoolId: "string",
accessRestrictions: {
allowedServices: [{
domain: "string",
}],
disableProgrammaticSignin: false,
},
description: "string",
disabled: false,
displayName: "string",
sessionDuration: "string",
});
type: gcp:iam:WorkforcePool
properties:
accessRestrictions:
allowedServices:
- domain: string
disableProgrammaticSignin: false
description: string
disabled: false
displayName: string
location: string
parent: string
sessionDuration: string
workforcePoolId: string
WorkforcePool Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WorkforcePool resource accepts the following input properties:
- Location string
- The location for the resource.
- Parent string
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - Workforce
Pool stringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified. - Access
Restrictions WorkforcePool Access Restrictions - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- Description string
- A user-specified description of the pool. Cannot exceed 256 characters.
- Disabled bool
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- Display
Name string - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- Session
Duration string - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
".
- Location string
- The location for the resource.
- Parent string
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - Workforce
Pool stringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified. - Access
Restrictions WorkforcePool Access Restrictions Args - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- Description string
- A user-specified description of the pool. Cannot exceed 256 characters.
- Disabled bool
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- Display
Name string - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- Session
Duration string - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
".
- location String
- The location for the resource.
- parent String
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - workforce
Pool StringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified. - access
Restrictions WorkforcePool Access Restrictions - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description String
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled Boolean
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display
Name String - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- session
Duration String - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
".
- location string
- The location for the resource.
- parent string
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - workforce
Pool stringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified. - access
Restrictions WorkforcePool Access Restrictions - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description string
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled boolean
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display
Name string - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- session
Duration string - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
".
- location str
- The location for the resource.
- parent str
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - workforce_
pool_ strid - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified. - access_
restrictions WorkforcePool Access Restrictions Args - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description str
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled bool
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display_
name str - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- session_
duration str - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
".
- location String
- The location for the resource.
- parent String
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - workforce
Pool StringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified. - access
Restrictions Property Map - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description String
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled Boolean
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display
Name String - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- session
Duration String - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
".
Outputs
All input properties are implicitly available as output properties. Additionally, the WorkforcePool resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- State string
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- State string
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- state String
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- state string
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- state str
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- state String
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
Look up Existing WorkforcePool Resource
Get an existing WorkforcePool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkforcePoolState, opts?: CustomResourceOptions): WorkforcePool
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_restrictions: Optional[WorkforcePoolAccessRestrictionsArgs] = None,
description: Optional[str] = None,
disabled: Optional[bool] = None,
display_name: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
parent: Optional[str] = None,
session_duration: Optional[str] = None,
state: Optional[str] = None,
workforce_pool_id: Optional[str] = None) -> WorkforcePool
func GetWorkforcePool(ctx *Context, name string, id IDInput, state *WorkforcePoolState, opts ...ResourceOption) (*WorkforcePool, error)
public static WorkforcePool Get(string name, Input<string> id, WorkforcePoolState? state, CustomResourceOptions? opts = null)
public static WorkforcePool get(String name, Output<String> id, WorkforcePoolState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Restrictions WorkforcePool Access Restrictions - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- Description string
- A user-specified description of the pool. Cannot exceed 256 characters.
- Disabled bool
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- Display
Name string - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- Location string
- The location for the resource.
- Name string
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- Parent string
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - Session
Duration string - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
". - State string
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- Workforce
Pool stringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified.
- Access
Restrictions WorkforcePool Access Restrictions Args - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- Description string
- A user-specified description of the pool. Cannot exceed 256 characters.
- Disabled bool
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- Display
Name string - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- Location string
- The location for the resource.
- Name string
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- Parent string
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - Session
Duration string - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
". - State string
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- Workforce
Pool stringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified.
- access
Restrictions WorkforcePool Access Restrictions - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description String
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled Boolean
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display
Name String - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- location String
- The location for the resource.
- name String
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- parent String
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - session
Duration String - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
". - state String
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- workforce
Pool StringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified.
- access
Restrictions WorkforcePool Access Restrictions - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description string
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled boolean
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display
Name string - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- location string
- The location for the resource.
- name string
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- parent string
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - session
Duration string - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
". - state string
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- workforce
Pool stringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified.
- access_
restrictions WorkforcePool Access Restrictions Args - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description str
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled bool
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display_
name str - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- location str
- The location for the resource.
- name str
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- parent str
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - session_
duration str - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
". - state str
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- workforce_
pool_ strid - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified.
- access
Restrictions Property Map - Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
- description String
- A user-specified description of the pool. Cannot exceed 256 characters.
- disabled Boolean
- Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
- display
Name String - A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
- location String
- The location for the resource.
- name String
- Output only. The resource name of the pool.
Format:
locations/{location}/workforcePools/{workforcePoolId}
- parent String
- Immutable. The resource name of the parent. Format:
organizations/{org-id}
. - session
Duration String - Duration that the Google Cloud access tokens, console sign-in sessions,
and
gcloud
sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). IfsessionDuration
is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's
'. Example: "3.5s
". - state String
- Output only. The state of the pool.
- STATE_UNSPECIFIED: State unspecified.
- ACTIVE: The pool is active, and may be used in Google Cloud policies.
- DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
- workforce
Pool StringId - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
The prefix
gcp-
is reserved for use by Google, and may not be specified.
Supporting Types
WorkforcePoolAccessRestrictions, WorkforcePoolAccessRestrictionsArgs
- Allowed
Services List<WorkforcePool Access Restrictions Allowed Service> - Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
- Disable
Programmatic boolSignin - Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
- Allowed
Services []WorkforcePool Access Restrictions Allowed Service - Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
- Disable
Programmatic boolSignin - Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
- allowed
Services List<WorkforcePool Access Restrictions Allowed Service> - Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
- disable
Programmatic BooleanSignin - Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
- allowed
Services WorkforcePool Access Restrictions Allowed Service[] - Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
- disable
Programmatic booleanSignin - Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
- allowed_
services Sequence[WorkforcePool Access Restrictions Allowed Service] - Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
- disable_
programmatic_ boolsignin - Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
- allowed
Services List<Property Map> - Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. Structure is documented below.
- disable
Programmatic BooleanSignin - Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.
WorkforcePoolAccessRestrictionsAllowedService, WorkforcePoolAccessRestrictionsAllowedServiceArgs
- Domain string
- Domain name of the service. Example: console.cloud.google
- Domain string
- Domain name of the service. Example: console.cloud.google
- domain String
- Domain name of the service. Example: console.cloud.google
- domain string
- Domain name of the service. Example: console.cloud.google
- domain str
- Domain name of the service. Example: console.cloud.google
- domain String
- Domain name of the service. Example: console.cloud.google
Import
WorkforcePool can be imported using any of these accepted formats:
locations/{{location}}/workforcePools/{{workforce_pool_id}}
{{location}}/{{workforce_pool_id}}
When using the pulumi import
command, WorkforcePool can be imported using one of the formats above. For example:
$ pulumi import gcp:iam/workforcePool:WorkforcePool default locations/{{location}}/workforcePools/{{workforce_pool_id}}
$ pulumi import gcp:iam/workforcePool:WorkforcePool default {{location}}/{{workforce_pool_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.