Skip to main content

workforce_pools

Creates, updates, deletes, gets or lists a workforce_pools resource.

Overview

Nameworkforce_pools
TypeResource
Idgoogle.iam.workforce_pools

Fields

NameDatatypeDescription
namestringOutput only. The resource name of the pool. Format: locations/{location}/workforcePools/{workforce_pool_id}
descriptionstringA user-specified description of the pool. Cannot exceed 256 characters.
accessRestrictionsobjectAccess related restrictions on the workforce pool.
disabledbooleanDisables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
displayNamestringA user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
expireTimestringOutput only. Time after which the workforce pool will be permanently purged and cannot be recovered.
parentstringImmutable. The resource name of the parent. Format: organizations/{org-id}.
sessionDurationstringDuration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If session_duration is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the session_duration and the SessionNotOnOrAfter claim in the SAML assertion.
statestringOutput only. The state of the pool.

Methods

NameAccessible byRequired ParamsDescription
getSELECTlocationsId, workforcePoolsIdGets an individual WorkforcePool.
listSELECTlocationsIdLists all non-deleted WorkforcePools under the specified parent. If show_deleted is set to true, then deleted pools are also listed.
createINSERTlocationsIdCreates a new WorkforcePool. You cannot reuse the name of a deleted pool until 30 days after deletion.
deleteDELETElocationsId, workforcePoolsIdDeletes a WorkforcePool. You cannot use a deleted WorkforcePool to exchange external credentials for Google Cloud credentials. However, deletion does not revoke credentials that have already been issued. Credentials issued for a deleted pool do not grant access to resources. If the pool is undeleted, and the credentials are not expired, they grant access again. You can undelete a pool for 30 days. After 30 days, deletion is permanent. You cannot update deleted pools. However, you can view and list them.
patchUPDATElocationsId, workforcePoolsIdUpdates an existing WorkforcePool.
undeleteEXEClocationsId, workforcePoolsIdUndeletes a WorkforcePool, as long as it was deleted fewer than 30 days ago.

SELECT examples

Lists all non-deleted WorkforcePools under the specified parent. If show_deleted is set to true, then deleted pools are also listed.

SELECT
name,
description,
accessRestrictions,
disabled,
displayName,
expireTime,
parent,
sessionDuration,
state
FROM google.iam.workforce_pools
WHERE locationsId = '{{ locationsId }}';

INSERT example

Use the following StackQL query and manifest file to create a new workforce_pools resource.

/*+ create */
INSERT INTO google.iam.workforce_pools (
locationsId,
parent,
displayName,
description,
disabled,
sessionDuration,
accessRestrictions
)
SELECT 
'{{ locationsId }}',
'{{ parent }}',
'{{ displayName }}',
'{{ description }}',
{{ disabled }},
'{{ sessionDuration }}',
'{{ accessRestrictions }}'
;

UPDATE example

Updates a workforce_pools resource.

/*+ update */
UPDATE google.iam.workforce_pools
SET 
parent = '{{ parent }}',
displayName = '{{ displayName }}',
description = '{{ description }}',
disabled = true|false,
sessionDuration = '{{ sessionDuration }}',
accessRestrictions = '{{ accessRestrictions }}'
WHERE 
locationsId = '{{ locationsId }}'
AND workforcePoolsId = '{{ workforcePoolsId }}';

DELETE example

Deletes the specified workforce_pools resource.

/*+ delete */
DELETE FROM google.iam.workforce_pools
WHERE locationsId = '{{ locationsId }}'
AND workforcePoolsId = '{{ workforcePoolsId }}';