Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.iam/v1.WorkforcePool

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

Create WorkforcePool Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new WorkforcePool(name: string, args?: WorkforcePoolArgs, opts?: CustomResourceOptions);

@overload
def WorkforcePool(resource_name: str,
                  args: Optional[WorkforcePoolArgs] = None,
                  opts: Optional[ResourceOptions] = None)

@overload
def WorkforcePool(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  access_restrictions: Optional[AccessRestrictionsArgs] = None,
                  description: Optional[str] = None,
                  disabled: Optional[bool] = None,
                  display_name: Optional[str] = None,
                  location: Optional[str] = None,
                  parent: Optional[str] = None,
                  session_duration: Optional[str] = None,
                  workforce_pool_id: Optional[str] = None)

func NewWorkforcePool(ctx *Context, name string, args *WorkforcePoolArgs, opts ...ResourceOption) (*WorkforcePool, error)

public WorkforcePool(string name, WorkforcePoolArgs? args = null, CustomResourceOptions? opts = null)

public WorkforcePool(String name, WorkforcePoolArgs args)
public WorkforcePool(String name, WorkforcePoolArgs args, CustomResourceOptions options)

type: google-native:iam/v1:WorkforcePool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args WorkforcePoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WorkforcePoolArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WorkforcePoolArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WorkforcePoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WorkforcePoolArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var workforcePoolResource = new GoogleNative.IAM.V1.WorkforcePool("workforcePoolResource", new()
{
    AccessRestrictions = new GoogleNative.IAM.V1.Inputs.AccessRestrictionsArgs
    {
        AllowedServices = new[]
        {
            new GoogleNative.IAM.V1.Inputs.ServiceConfigArgs
            {
                Domain = "string",
            },
        },
        DisableProgrammaticSignin = false,
    },
    Description = "string",
    Disabled = false,
    DisplayName = "string",
    Location = "string",
    Parent = "string",
    SessionDuration = "string",
    WorkforcePoolId = "string",
});

example, err := iam.NewWorkforcePool(ctx, "workforcePoolResource", &iam.WorkforcePoolArgs{
	AccessRestrictions: &iam.AccessRestrictionsArgs{
		AllowedServices: iam.ServiceConfigArray{
			&iam.ServiceConfigArgs{
				Domain: pulumi.String("string"),
			},
		},
		DisableProgrammaticSignin: pulumi.Bool(false),
	},
	Description:     pulumi.String("string"),
	Disabled:        pulumi.Bool(false),
	DisplayName:     pulumi.String("string"),
	Location:        pulumi.String("string"),
	Parent:          pulumi.String("string"),
	SessionDuration: pulumi.String("string"),
	WorkforcePoolId: pulumi.String("string"),
})

var workforcePoolResource = new WorkforcePool("workforcePoolResource", WorkforcePoolArgs.builder()
    .accessRestrictions(AccessRestrictionsArgs.builder()
        .allowedServices(ServiceConfigArgs.builder()
            .domain("string")
            .build())
        .disableProgrammaticSignin(false)
        .build())
    .description("string")
    .disabled(false)
    .displayName("string")
    .location("string")
    .parent("string")
    .sessionDuration("string")
    .workforcePoolId("string")
    .build());

workforce_pool_resource = google_native.iam.v1.WorkforcePool("workforcePoolResource",
    access_restrictions={
        "allowed_services": [{
            "domain": "string",
        }],
        "disable_programmatic_signin": False,
    },
    description="string",
    disabled=False,
    display_name="string",
    location="string",
    parent="string",
    session_duration="string",
    workforce_pool_id="string")

const workforcePoolResource = new google_native.iam.v1.WorkforcePool("workforcePoolResource", {
    accessRestrictions: {
        allowedServices: [{
            domain: "string",
        }],
        disableProgrammaticSignin: false,
    },
    description: "string",
    disabled: false,
    displayName: "string",
    location: "string",
    parent: "string",
    sessionDuration: "string",
    workforcePoolId: "string",
});

type: google-native:iam/v1:WorkforcePool
properties:
    accessRestrictions:
        allowedServices:
            - domain: string
        disableProgrammaticSignin: false
    description: string
    disabled: false
    displayName: string
    location: string
    parent: string
    sessionDuration: string
    workforcePoolId: string

WorkforcePool Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The WorkforcePool resource accepts the following input properties:

AccessRestrictions Pulumi.GoogleNative.IAM.V1.Inputs.AccessRestrictions: Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
Description string: A user-specified description of the pool. Cannot exceed 256 characters.
Disabled bool: Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
DisplayName string: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
Location string
Parent string: Immutable. The resource name of the parent. Format: organizations/{org-id}.
SessionDuration string: Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If session_duration is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the session_duration and the SessionNotOnOrAfter claim in the SAML assertion.
WorkforcePoolId string: The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.

AccessRestrictions AccessRestrictionsArgs: Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
Description string: A user-specified description of the pool. Cannot exceed 256 characters.
Disabled bool: Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
DisplayName string: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
Location string
Parent string: Immutable. The resource name of the parent. Format: organizations/{org-id}.
SessionDuration string: Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If session_duration is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the session_duration and the SessionNotOnOrAfter claim in the SAML assertion.
WorkforcePoolId string: The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.

accessRestrictions AccessRestrictions: Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
description String: A user-specified description of the pool. Cannot exceed 256 characters.
disabled Boolean: Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
displayName String: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
location String
parent String: Immutable. The resource name of the parent. Format: organizations/{org-id}.
sessionDuration String: Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If session_duration is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the session_duration and the SessionNotOnOrAfter claim in the SAML assertion.
workforcePoolId String: The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.

accessRestrictions AccessRestrictions: Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
description string: A user-specified description of the pool. Cannot exceed 256 characters.
disabled boolean: Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
displayName string: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
location string
parent string: Immutable. The resource name of the parent. Format: organizations/{org-id}.
sessionDuration string: Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If session_duration is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the session_duration and the SessionNotOnOrAfter claim in the SAML assertion.
workforcePoolId string: The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.

access_restrictions AccessRestrictionsArgs: Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
description str: A user-specified description of the pool. Cannot exceed 256 characters.
disabled bool: Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
display_name str: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
location str
parent str: Immutable. The resource name of the parent. Format: organizations/{org-id}.
session_duration str: Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If session_duration is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the session_duration and the SessionNotOnOrAfter claim in the SAML assertion.
workforce_pool_id str: The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.

accessRestrictions Property Map: Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
description String: A user-specified description of the pool. Cannot exceed 256 characters.
disabled Boolean: Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
displayName String: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
location String
parent String: Immutable. The resource name of the parent. Format: organizations/{org-id}.
sessionDuration String: Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If session_duration is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the session_duration and the SessionNotOnOrAfter claim in the SAML assertion.
workforcePoolId String: The ID to use for the pool, which becomes the final component of the resource name. The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.

Outputs

All input properties are implicitly available as output properties. Additionally, the WorkforcePool resource produces the following output properties:

ExpireTime string: Time after which the workforce pool will be permanently purged and cannot be recovered.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The resource name of the pool. Format: locations/{location}/workforcePools/{workforce_pool_id}
State string: The state of the pool.

ExpireTime string: Time after which the workforce pool will be permanently purged and cannot be recovered.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The resource name of the pool. Format: locations/{location}/workforcePools/{workforce_pool_id}
State string: The state of the pool.

expireTime String: Time after which the workforce pool will be permanently purged and cannot be recovered.
id String: The provider-assigned unique ID for this managed resource.
name String: The resource name of the pool. Format: locations/{location}/workforcePools/{workforce_pool_id}
state String: The state of the pool.

expireTime string: Time after which the workforce pool will be permanently purged and cannot be recovered.
id string: The provider-assigned unique ID for this managed resource.
name string: The resource name of the pool. Format: locations/{location}/workforcePools/{workforce_pool_id}
state string: The state of the pool.

expire_time str: Time after which the workforce pool will be permanently purged and cannot be recovered.
id str: The provider-assigned unique ID for this managed resource.
name str: The resource name of the pool. Format: locations/{location}/workforcePools/{workforce_pool_id}
state str: The state of the pool.

expireTime String: Time after which the workforce pool will be permanently purged and cannot be recovered.
id String: The provider-assigned unique ID for this managed resource.
name String: The resource name of the pool. Format: locations/{location}/workforcePools/{workforce_pool_id}
state String: The state of the pool.

Supporting Types

AccessRestrictions, AccessRestrictionsArgs

AllowedServices List<Pulumi.GoogleNative.IAM.V1.Inputs.ServiceConfig>: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
DisableProgrammaticSignin bool: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

AllowedServices []ServiceConfig: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
DisableProgrammaticSignin bool: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowedServices List<ServiceConfig>: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disableProgrammaticSignin Boolean: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowedServices ServiceConfig[]: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disableProgrammaticSignin boolean: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowed_services Sequence[ServiceConfig]: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disable_programmatic_signin bool: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowedServices List<Property Map>: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disableProgrammaticSignin Boolean: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

AccessRestrictionsResponse, AccessRestrictionsResponseArgs

AllowedServices List<Pulumi.GoogleNative.IAM.V1.Inputs.ServiceConfigResponse>: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
DisableProgrammaticSignin bool: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

AllowedServices []ServiceConfigResponse: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
DisableProgrammaticSignin bool: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowedServices List<ServiceConfigResponse>: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disableProgrammaticSignin Boolean: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowedServices ServiceConfigResponse[]: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disableProgrammaticSignin boolean: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowed_services Sequence[ServiceConfigResponse]: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disable_programmatic_signin bool: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

allowedServices List<Property Map>: Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
disableProgrammaticSignin Boolean: Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).

ServiceConfig, ServiceConfigArgs

Domain string: Optional. Domain name of the service. Example: console.cloud.google

Domain string: Optional. Domain name of the service. Example: console.cloud.google

domain String: Optional. Domain name of the service. Example: console.cloud.google

domain string: Optional. Domain name of the service. Example: console.cloud.google

domain str: Optional. Domain name of the service. Example: console.cloud.google

domain String: Optional. Domain name of the service. Example: console.cloud.google

ServiceConfigResponse, ServiceConfigResponseArgs

Domain string: Optional. Domain name of the service. Example: console.cloud.google

Domain string: Optional. Domain name of the service. Example: console.cloud.google

domain String: Optional. Domain name of the service. Example: console.cloud.google

domain string: Optional. Domain name of the service. Example: console.cloud.google

domain str: Optional. Domain name of the service. Example: console.cloud.google

domain String: Optional. Domain name of the service. Example: console.cloud.google

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.iam/v1.WorkforcePool

On this page

On this page

Create WorkforcePool Resource

Constructor syntax

Parameters

Constructor example

WorkforcePool Resource Properties

Inputs

Outputs

Supporting Types

AccessRestrictions, AccessRestrictionsArgs

AccessRestrictionsResponse, AccessRestrictionsResponseArgs

ServiceConfig, ServiceConfigArgs

ServiceConfigResponse, ServiceConfigResponseArgs

Package Details

On this page

On this page