Resource: WorkforcePool
Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.
| JSON representation |
|---|
{ "name" : string , "parent" : string , "displayName" : string , "description" : string , "state" : enum ( |
| Fields | |
|---|---|
name
|
Identifier. The resource name of the pool. Format: |
parent
|
Immutable. The resource name of the parent. Format: |
displayName
|
Optional. A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. |
description
|
Optional. A user-specified description of the pool. Cannot exceed 256 characters. |
state
|
Output only. The state of the pool. |
disabled
|
Optional. Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. |
sessionDuration
|
Optional. Duration that the Google Cloud access tokens, console sign-in sessions, and Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If For SAML providers, the lifetime of the token is the minimum of the A duration in seconds with up to nine fractional digits, ending with ' |
expireTime
|
Output only. Time after which the workforce pool will be permanently purged and cannot be recovered. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
accessRestrictions
|
Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. |
State
The current state of the pool.
| Enums | |
|---|---|
STATE_UNSPECIFIED
|
State unspecified. |
ACTIVE
|
The pool is active and may be used in Google Cloud policies. |
DELETED
|
The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again. |
AccessRestrictions
Access related restrictions on the workforce pool.
| JSON representation |
|---|
{
"allowedServices"
:
[
{
object (
|
| Fields | |
|---|---|
allowedServices[]
|
Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions. |
disableProgrammaticSignin
|
Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API . |
ServiceConfig
Configuration for a service.
| JSON representation |
|---|
{ "domain" : string } |
| Fields | |
|---|---|
domain
|
Optional. Domain name of the service. Example: console.cloud.google |
Methods |
|
|---|---|
|
Creates a new WorkforcePool
. |
|
Deletes a WorkforcePool
. |
|
Gets an individual WorkforcePool
. |
|
Gets IAM policies on a WorkforcePool
. |
|
Lists all non-deleted WorkforcePool
s under the specified parent. |
|
Updates an existing WorkforcePool
. |
|
Sets IAM policies on a WorkforcePool
. |
|
Returns the caller's permissions on the WorkforcePool
. |
|
Undeletes a WorkforcePool
, as long as it was deleted fewer than 30 days ago. |
