workload_identity_pools
Creates, updates, deletes, gets or lists a workload_identity_pools resource.
Overview
| Name | workload_identity_pools |
| Type | Resource |
| Id | google.iam.workload_identity_pools |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the pool. |
description | string | A description of the pool. Cannot exceed 256 characters. |
disabled | boolean | Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. |
displayName | string | A display name for the pool. Cannot exceed 32 characters. |
expireTime | string | Output only. Time after which the workload identity pool will be permanently purged and cannot be recovered. |
state | string | Output only. The state of the pool. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | locationsId, projectsId, workloadIdentityPoolsId | Gets an individual WorkloadIdentityPool. |
list | SELECT | locationsId, projectsId | Lists all non-deleted WorkloadIdentityPools in a project. If show_deleted is set to true, then deleted pools are also listed. |
create | INSERT | locationsId, projectsId | Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted pool until 30 days after deletion. |
delete | DELETE | locationsId, projectsId, workloadIdentityPoolsId | Deletes a WorkloadIdentityPool. You cannot use a deleted pool to exchange external credentials for Google Cloud credentials. However, deletion does not revoke credentials that have already been issued. Credentials issued for a deleted pool do not grant access to resources. If the pool is undeleted, and the credentials are not expired, they grant access again. You can undelete a pool for 30 days. After 30 days, deletion is permanent. You cannot update deleted pools. However, you can view and list them. |
patch | UPDATE | locationsId, projectsId, workloadIdentityPoolsId | Updates an existing WorkloadIdentityPool. |
undelete | EXEC | locationsId, projectsId, workloadIdentityPoolsId | Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago. |
SELECT examples
Lists all non-deleted WorkloadIdentityPools in a project. If show_deleted is set to true, then deleted pools are also listed.
SELECT
name,
description,
disabled,
displayName,
expireTime,
state
FROM google.iam.workload_identity_pools
WHERE locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';
INSERT example
Use the following StackQL query and manifest file to create a new workload_identity_pools resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO google.iam.workload_identity_pools (
locationsId,
projectsId,
displayName,
description,
disabled
)
SELECT
'{{ locationsId }}',
'{{ projectsId }}',
'{{ displayName }}',
'{{ description }}',
{{ disabled }}
;
- name: your_resource_model_name
props:
- name: name
value: string
- name: displayName
value: string
- name: description
value: string
- name: state
value: string
- name: disabled
value: boolean
- name: expireTime
value: string
UPDATE example
Updates a workload_identity_pools resource.
/*+ update */
UPDATE google.iam.workload_identity_pools
SET
displayName = '{{ displayName }}',
description = '{{ description }}',
disabled = true|false
WHERE
locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}'
AND workloadIdentityPoolsId = '{{ workloadIdentityPoolsId }}';
DELETE example
Deletes the specified workload_identity_pools resource.
/*+ delete */
DELETE FROM google.iam.workload_identity_pools
WHERE locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}'
AND workloadIdentityPoolsId = '{{ workloadIdentityPoolsId }}';