@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Represents a collection of external workforces. Provides namespaces for * federated users that can be referenced in IAM policies. * * To get more information about WorkforcePool, see: * * * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools) * * How-to Guides * * [Manage pools](https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#manage_pools) * * > **Note:** Ask your Google Cloud account team to request access to workforce identity federation for * your billing/quota project. The account team notifies you when the project is granted access. * * ## Example Usage * * ### Iam Workforce Pool Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const example = new gcp.iam.WorkforcePool("example", { * workforcePoolId: "example-pool", * parent: "organizations/123456789", * location: "global", * }); * ``` * ### Iam Workforce Pool Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const example = new gcp.iam.WorkforcePool("example", { * workforcePoolId: "example-pool", * parent: "organizations/123456789", * location: "global", * displayName: "Display name", * description: "A sample workforce pool.", * disabled: false, * sessionDuration: "7200s", * accessRestrictions: { * allowedServices: [{ * domain: "backstory.chronicle.security", * }], * disableProgrammaticSignin: false, * }, * }); * ``` * * ## Import * * WorkforcePool can be imported using any of these accepted formats: * * * `locations/{{location}}/workforcePools/{{workforce_pool_id}}` * * * `{{location}}/{{workforce_pool_id}}` * * When using the `pulumi import` command, WorkforcePool can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:iam/workforcePool:WorkforcePool default locations/{{location}}/workforcePools/{{workforce_pool_id}} * ``` * * ```sh * $ pulumi import gcp:iam/workforcePool:WorkforcePool default {{location}}/{{workforce_pool_id}} * ``` */ export declare class WorkforcePool extends pulumi.CustomResource { /** * Get an existing WorkforcePool resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkforcePoolState, opts?: pulumi.CustomResourceOptions): WorkforcePool; /** * Returns true if the given object is an instance of WorkforcePool. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is WorkforcePool; /** * Configure access restrictions on the workforce pool users. This is an optional field. If specified web * sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. * Structure is documented below. */ readonly accessRestrictions: pulumi.Output<outputs.iam.WorkforcePoolAccessRestrictions | undefined>; /** * A user-specified description of the pool. Cannot exceed 256 characters. */ readonly description: pulumi.Output<string | undefined>; /** * Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, * or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. */ readonly disabled: pulumi.Output<boolean | undefined>; /** * A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. */ readonly displayName: pulumi.Output<string | undefined>; /** * The location for the resource. */ readonly location: pulumi.Output<string>; /** * Output only. The resource name of the pool. * Format: `locations/{location}/workforcePools/{workforcePoolId}` */ readonly name: pulumi.Output<string>; /** * Immutable. The resource name of the parent. Format: `organizations/{org-id}`. */ readonly parent: pulumi.Output<string>; /** * Duration that the Google Cloud access tokens, console sign-in sessions, * and `gcloud` sign-in sessions from this pool are valid. * Must be greater than 15 minutes (900s) and less than 12 hours (43200s). * If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). * A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`". */ readonly sessionDuration: pulumi.Output<string | undefined>; /** * Output only. The state of the pool. * * STATE_UNSPECIFIED: State unspecified. * * ACTIVE: The pool is active, and may be used in Google Cloud policies. * * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted * after approximately 30 days. You can restore a soft-deleted pool using * [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool). * You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. * While a pool is deleted, you cannot use it to exchange tokens, or use * existing tokens to access resources. If the pool is undeleted, existing * tokens grant access again. */ readonly state: pulumi.Output<string>; /** * The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, * digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. * The prefix `gcp-` is reserved for use by Google, and may not be specified. */ readonly workforcePoolId: pulumi.Output<string>; /** * Create a WorkforcePool resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkforcePoolArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering WorkforcePool resources. */ export interface WorkforcePoolState { /** * Configure access restrictions on the workforce pool users. This is an optional field. If specified web * sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. * Structure is documented below. */ accessRestrictions?: pulumi.Input<inputs.iam.WorkforcePoolAccessRestrictions>; /** * A user-specified description of the pool. Cannot exceed 256 characters. */ description?: pulumi.Input<string>; /** * Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, * or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. */ disabled?: pulumi.Input<boolean>; /** * A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. */ displayName?: pulumi.Input<string>; /** * The location for the resource. */ location?: pulumi.Input<string>; /** * Output only. The resource name of the pool. * Format: `locations/{location}/workforcePools/{workforcePoolId}` */ name?: pulumi.Input<string>; /** * Immutable. The resource name of the parent. Format: `organizations/{org-id}`. */ parent?: pulumi.Input<string>; /** * Duration that the Google Cloud access tokens, console sign-in sessions, * and `gcloud` sign-in sessions from this pool are valid. * Must be greater than 15 minutes (900s) and less than 12 hours (43200s). * If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). * A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`". */ sessionDuration?: pulumi.Input<string>; /** * Output only. The state of the pool. * * STATE_UNSPECIFIED: State unspecified. * * ACTIVE: The pool is active, and may be used in Google Cloud policies. * * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted * after approximately 30 days. You can restore a soft-deleted pool using * [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool). * You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. * While a pool is deleted, you cannot use it to exchange tokens, or use * existing tokens to access resources. If the pool is undeleted, existing * tokens grant access again. */ state?: pulumi.Input<string>; /** * The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, * digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. * The prefix `gcp-` is reserved for use by Google, and may not be specified. */ workforcePoolId?: pulumi.Input<string>; } /** * The set of arguments for constructing a WorkforcePool resource. */ export interface WorkforcePoolArgs { /** * Configure access restrictions on the workforce pool users. This is an optional field. If specified web * sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users. * Structure is documented below. */ accessRestrictions?: pulumi.Input<inputs.iam.WorkforcePoolAccessRestrictions>; /** * A user-specified description of the pool. Cannot exceed 256 characters. */ description?: pulumi.Input<string>; /** * Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, * or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. */ disabled?: pulumi.Input<boolean>; /** * A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. */ displayName?: pulumi.Input<string>; /** * The location for the resource. */ location: pulumi.Input<string>; /** * Immutable. The resource name of the parent. Format: `organizations/{org-id}`. */ parent: pulumi.Input<string>; /** * Duration that the Google Cloud access tokens, console sign-in sessions, * and `gcloud` sign-in sessions from this pool are valid. * Must be greater than 15 minutes (900s) and less than 12 hours (43200s). * If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). * A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`". */ sessionDuration?: pulumi.Input<string>; /** * The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, * digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. * The prefix `gcp-` is reserved for use by Google, and may not be specified. */ workforcePoolId: pulumi.Input<string>; }