Workforce
data class WorkforcePoolArgs(val accessRestrictions: Output<WorkforcePoolAccessRestrictionsArgs>? = null, val description: Output<String>? = null, val disabled: Output<Boolean>? = null, val displayName: Output<String>? = null, val location: Output<String>? = null, val parent: Output<String>? = null, val sessionDuration: Output<String>? = null, val workforcePoolId: Output<String>? = null) : ConvertibleToJava<WorkforcePoolArgs>
Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies. To get more information about WorkforcePool, see:
How-to Guides
Note: Ask your Google Cloud account team to request access to workforce identity federation for your billing/quota project. The account team notifies you when the project is granted access.
Example Usage
Iam Workforce Pool Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const example = new gcp.iam.WorkforcePool("example", {
workforcePoolId: "example-pool",
parent: "organizations/123456789",
location: "global",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
example = gcp.iam.WorkforcePool("example",
workforce_pool_id="example-pool",
parent="organizations/123456789",
location="global")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var example = new Gcp.Iam.WorkforcePool("example", new()
{
WorkforcePoolId = "example-pool",
Parent = "organizations/123456789",
Location = "global",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
WorkforcePoolId: pulumi.String("example-pool"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.WorkforcePool;
import com.pulumi.gcp.iam.WorkforcePoolArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WorkforcePool("example", WorkforcePoolArgs.builder()
.workforcePoolId("example-pool")
.parent("organizations/123456789")
.location("global")
.build());
}
}Content copied to clipboard
resources:
example:
type: gcp:iam:WorkforcePool
properties:
workforcePoolId: example-pool
parent: organizations/123456789
location: globalContent copied to clipboard
Iam Workforce Pool Full
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const example = new gcp.iam.WorkforcePool("example", {
workforcePoolId: "example-pool",
parent: "organizations/123456789",
location: "global",
displayName: "Display name",
description: "A sample workforce pool.",
disabled: false,
sessionDuration: "7200s",
accessRestrictions: {
allowedServices: [{
domain: "backstory.chronicle.security",
}],
disableProgrammaticSignin: false,
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
example = gcp.iam.WorkforcePool("example",
workforce_pool_id="example-pool",
parent="organizations/123456789",
location="global",
display_name="Display name",
description="A sample workforce pool.",
disabled=False,
session_duration="7200s",
access_restrictions={
"allowed_services": [{
"domain": "backstory.chronicle.security",
}],
"disable_programmatic_signin": False,
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var example = new Gcp.Iam.WorkforcePool("example", new()
{
WorkforcePoolId = "example-pool",
Parent = "organizations/123456789",
Location = "global",
DisplayName = "Display name",
Description = "A sample workforce pool.",
Disabled = false,
SessionDuration = "7200s",
AccessRestrictions = new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsArgs
{
AllowedServices = new[]
{
new Gcp.Iam.Inputs.WorkforcePoolAccessRestrictionsAllowedServiceArgs
{
Domain = "backstory.chronicle.security",
},
},
DisableProgrammaticSignin = false,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.NewWorkforcePool(ctx, "example", &iam.WorkforcePoolArgs{
WorkforcePoolId: pulumi.String("example-pool"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
DisplayName: pulumi.String("Display name"),
Description: pulumi.String("A sample workforce pool."),
Disabled: pulumi.Bool(false),
SessionDuration: pulumi.String("7200s"),
AccessRestrictions: &iam.WorkforcePoolAccessRestrictionsArgs{
AllowedServices: iam.WorkforcePoolAccessRestrictionsAllowedServiceArray{
&iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs{
Domain: pulumi.String("backstory.chronicle.security"),
},
},
DisableProgrammaticSignin: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.WorkforcePool;
import com.pulumi.gcp.iam.WorkforcePoolArgs;
import com.pulumi.gcp.iam.inputs.WorkforcePoolAccessRestrictionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WorkforcePool("example", WorkforcePoolArgs.builder()
.workforcePoolId("example-pool")
.parent("organizations/123456789")
.location("global")
.displayName("Display name")
.description("A sample workforce pool.")
.disabled(false)
.sessionDuration("7200s")
.accessRestrictions(WorkforcePoolAccessRestrictionsArgs.builder()
.allowedServices(WorkforcePoolAccessRestrictionsAllowedServiceArgs.builder()
.domain("backstory.chronicle.security")
.build())
.disableProgrammaticSignin(false)
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: gcp:iam:WorkforcePool
properties:
workforcePoolId: example-pool
parent: organizations/123456789
location: global
displayName: Display name
description: A sample workforce pool.
disabled: false
sessionDuration: 7200s
accessRestrictions:
allowedServices:
- domain: backstory.chronicle.security
disableProgrammaticSignin: falseContent copied to clipboard
Import
WorkforcePool can be imported using any of these accepted formats:
locations/{{location}}/workforcePools/{{workforce_pool_id}}{{location}}/{{workforce_pool_id}}When using thepulumi importcommand, WorkforcePool can be imported using one of the formats above. For example:
$ pulumi import gcp:iam/workforcePool:WorkforcePool default locations/{{location}}/workforcePools/{{workforce_pool_id}}Content copied to clipboard
$ pulumi import gcp:iam/workforcePool:WorkforcePool default {{location}}/{{workforce_pool_id}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(accessRestrictions: Output<WorkforcePoolAccessRestrictionsArgs>? = null, description: Output<String>? = null, disabled: Output<Boolean>? = null, displayName: Output<String>? = null, location: Output<String>? = null, parent: Output<String>? = null, sessionDuration: Output<String>? = null, workforcePoolId: Output<String>? = null)
Properties
Link copied to clipboard
Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. Structure is documented below.
Link copied to clipboard
A user-specified description of the pool. Cannot exceed 256 characters.
Link copied to clipboard
A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
Link copied to clipboard
Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".
Link copied to clipboard
The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. The prefix gcp- is reserved for use by Google, and may not be specified.