workstation_configs
Creates, updates, deletes, gets or lists a workstation_configs
resource.
Overview
Name | workstation_configs |
Type | Resource |
Id | google.workstations.workstation_configs |
Fields
Name | Datatype | Description |
---|---|---|
name | string | Identifier. Full name of this workstation configuration. |
allowedPorts | array | Optional. A list of PortRanges specifying single ports or ranges of ports that are externally accessible in the workstation. Allowed ports must be one of 22, 80, or within range 1024-65535. If not specified defaults to ports 22, 80, and ports 1024-65535. |
annotations | object | Optional. Client-specified annotations. |
conditions | array | Output only. Status conditions describing the current resource state. |
container | object | A Docker container. |
createTime | string | Output only. Time when this workstation configuration was created. |
degraded | boolean | Output only. Whether this resource is degraded, in which case it may require user action to restore full functionality. See also the conditions field. |
deleteTime | string | Output only. Time when this workstation configuration was soft-deleted. |
disableTcpConnections | boolean | Optional. Disables support for plain TCP connections in the workstation. By default the service supports TCP connections through a websocket relay. Setting this option to true disables that relay, which prevents the usage of services that require plain TCP connections, such as SSH. When enabled, all communication must occur over HTTPS or WSS. |
displayName | string | Optional. Human-readable name for this workstation configuration. |
enableAuditAgent | boolean | Optional. Whether to enable Linux auditd logging on the workstation. When enabled, a service_account must also be specified that has roles/logging.logWriter and roles/monitoring.metricWriter on the project. Operating system audit logging is distinct from Cloud Audit Logs and Container output logging. Operating system audit logs are available in the Cloud Logging console by querying: resource.type="gce_instance" log_name:"/logs/linux-auditd" |
encryptionKey | object | A customer-managed encryption key (CMEK) for the Compute Engine resources of the associated workstation configuration. Specify the name of your Cloud KMS encryption key and the default service account. We recommend that you use a separate service account and follow Cloud KMS best practices. |
ephemeralDirectories | array | Optional. Ephemeral directories which won't persist across workstation sessions. |
etag | string | Optional. Checksum computed by the server. May be sent on update and delete requests to make sure that the client has an up-to-date value before proceeding. |
grantWorkstationAdminRoleOnCreate | boolean | Optional. Grant creator of a workstation roles/workstations.policyAdmin role along with roles/workstations.user role on the workstation created by them. This allows workstation users to share access to either their entire workstation, or individual ports. Defaults to false. |
host | object | Runtime host for a workstation. |
idleTimeout | string | Optional. Number of seconds to wait before automatically stopping a workstation after it last received user traffic. A value of "0s" indicates that Cloud Workstations VMs created with this configuration should never time out due to idleness. Provide duration terminated by s for seconds—for example, "7200s" (2 hours). The default is "1200s" (20 minutes). |
labels | object | Optional. Labels that are applied to the workstation configuration and that are also propagated to the underlying Compute Engine resources. |
maxUsableWorkstations | integer | Optional. Maximum number of workstations under this configuration a user can have workstations.workstation.use permission on. Only enforced on CreateWorkstation API calls on the user issuing the API request. Can be overridden by: - granting a user workstations.workstationConfigs.exemptMaxUsableWorkstationLimit permission, or - having a user with that permission create a workstation and granting another user workstations.workstation.use permission on that workstation. If not specified, defaults to 0 , which indicates unlimited. |
persistentDirectories | array | Optional. Directories to persist across workstation sessions. |
readinessChecks | array | Optional. Readiness checks to perform when starting a workstation using this workstation configuration. Mark a workstation as running only after all specified readiness checks return 200 status codes. |
reconciling | boolean | Output only. Indicates whether this workstation configuration is currently being updated to match its intended state. |
replicaZones | array | Optional. Immutable. Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, ['us-central1-a', 'us-central1-f'] . If this field is empty, two default zones within the region are used. Immutable after the workstation configuration is created. |
runningTimeout | string | Optional. Number of seconds that a workstation can run until it is automatically shut down. We recommend that workstations be shut down daily to reduce costs and so that security updates can be applied upon restart. The idle_timeout and running_timeout fields are independent of each other. Note that the running_timeout field shuts down VMs after the specified time, regardless of whether or not the VMs are idle. Provide duration terminated by s for seconds—for example, "54000s" (15 hours). Defaults to "43200s" (12 hours). A value of "0s" indicates that workstations using this configuration should never time out. If encryption_key is set, it must be greater than "0s" and less than "86400s" (24 hours). Warning: A value of "0s" indicates that Cloud Workstations VMs created with this configuration have no maximum running time. This is strongly discouraged because you incur costs and will not pick up security updates. |
uid | string | Output only. A system-assigned unique identifier for this workstation configuration. |
updateTime | string | Output only. Time when this workstation configuration was most recently updated. |
Methods
Name | Accessible by | Required Params | Description |
---|---|---|---|
get | SELECT | locationsId, projectsId, workstationClustersId, workstationConfigsId | Returns the requested workstation configuration. |
list | SELECT | locationsId, projectsId, workstationClustersId | Returns all workstation configurations in the specified cluster. |
create | INSERT | locationsId, projectsId, workstationClustersId | Creates a new workstation configuration. |
delete | DELETE | locationsId, projectsId, workstationClustersId, workstationConfigsId | Deletes the specified workstation configuration. |
patch | UPDATE | locationsId, projectsId, workstationClustersId, workstationConfigsId | Updates an existing workstation configuration. |
SELECT
examples
Returns all workstation configurations in the specified cluster.
SELECT
name,
allowedPorts,
annotations,
conditions,
container,
createTime,
degraded,
deleteTime,
disableTcpConnections,
displayName,
enableAuditAgent,
encryptionKey,
ephemeralDirectories,
etag,
grantWorkstationAdminRoleOnCreate,
host,
idleTimeout,
labels,
maxUsableWorkstations,
persistentDirectories,
readinessChecks,
reconciling,
replicaZones,
runningTimeout,
uid,
updateTime
FROM google.workstations.workstation_configs
WHERE locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}'
AND workstationClustersId = '{{ workstationClustersId }}';
INSERT
example
Use the following StackQL query and manifest file to create a new workstation_configs
resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO google.workstations.workstation_configs (
locationsId,
projectsId,
workstationClustersId,
name,
displayName,
annotations,
labels,
etag,
idleTimeout,
runningTimeout,
maxUsableWorkstations,
host,
persistentDirectories,
ephemeralDirectories,
container,
encryptionKey,
readinessChecks,
replicaZones,
enableAuditAgent,
disableTcpConnections,
allowedPorts,
grantWorkstationAdminRoleOnCreate
)
SELECT
'{{ locationsId }}',
'{{ projectsId }}',
'{{ workstationClustersId }}',
'{{ name }}',
'{{ displayName }}',
'{{ annotations }}',
'{{ labels }}',
'{{ etag }}',
'{{ idleTimeout }}',
'{{ runningTimeout }}',
'{{ maxUsableWorkstations }}',
'{{ host }}',
'{{ persistentDirectories }}',
'{{ ephemeralDirectories }}',
'{{ container }}',
'{{ encryptionKey }}',
'{{ readinessChecks }}',
'{{ replicaZones }}',
{{ enableAuditAgent }},
{{ disableTcpConnections }},
'{{ allowedPorts }}',
{{ grantWorkstationAdminRoleOnCreate }}
;
- name: your_resource_model_name
props:
- name: name
value: string
- name: displayName
value: string
- name: uid
value: string
- name: reconciling
value: boolean
- name: annotations
value: object
- name: labels
value: object
- name: createTime
value: string
- name: updateTime
value: string
- name: deleteTime
value: string
- name: etag
value: string
- name: idleTimeout
value: string
- name: runningTimeout
value: string
- name: maxUsableWorkstations
value: integer
- name: host
value:
- name: gceInstance
value:
- name: machineType
value: string
- name: serviceAccount
value: string
- name: serviceAccountScopes
value:
- string
- name: tags
value:
- string
- name: poolSize
value: integer
- name: pooledInstances
value: integer
- name: disablePublicIpAddresses
value: boolean
- name: enableNestedVirtualization
value: boolean
- name: shieldedInstanceConfig
value:
- name: enableSecureBoot
value: boolean
- name: enableVtpm
value: boolean
- name: enableIntegrityMonitoring
value: boolean
- name: confidentialInstanceConfig
value:
- name: enableConfidentialCompute
value: boolean
- name: bootDiskSizeGb
value: integer
- name: accelerators
value:
- - name: type
value: string
- name: count
value: integer
- name: disableSsh
value: boolean
- name: vmTags
value: object
- name: persistentDirectories
value:
- - name: gcePd
value:
- name: sizeGb
value: integer
- name: fsType
value: string
- name: diskType
value: string
- name: sourceSnapshot
value: string
- name: reclaimPolicy
value: string
- name: mountPath
value: string
- name: ephemeralDirectories
value:
- - name: gcePd
value:
- name: diskType
value: string
- name: sourceSnapshot
value: string
- name: sourceImage
value: string
- name: readOnly
value: boolean
- name: mountPath
value: string
- name: container
value:
- name: image
value: string
- name: command
value:
- string
- name: args
value:
- string
- name: env
value: object
- name: workingDir
value: string
- name: runAsUser
value: integer
- name: encryptionKey
value:
- name: kmsKey
value: string
- name: kmsKeyServiceAccount
value: string
- name: readinessChecks
value:
- - name: path
value: string
- name: port
value: integer
- name: replicaZones
value:
- string
- name: degraded
value: boolean
- name: conditions
value:
- - name: code
value: integer
- name: message
value: string
- name: details
value:
- object
- name: enableAuditAgent
value: boolean
- name: disableTcpConnections
value: boolean
- name: allowedPorts
value:
- - name: first
value: integer
- name: last
value: integer
- name: grantWorkstationAdminRoleOnCreate
value: boolean
UPDATE
example
Updates a workstation_configs
resource.
/*+ update */
UPDATE google.workstations.workstation_configs
SET
name = '{{ name }}',
displayName = '{{ displayName }}',
annotations = '{{ annotations }}',
labels = '{{ labels }}',
etag = '{{ etag }}',
idleTimeout = '{{ idleTimeout }}',
runningTimeout = '{{ runningTimeout }}',
maxUsableWorkstations = '{{ maxUsableWorkstations }}',
host = '{{ host }}',
persistentDirectories = '{{ persistentDirectories }}',
ephemeralDirectories = '{{ ephemeralDirectories }}',
container = '{{ container }}',
encryptionKey = '{{ encryptionKey }}',
readinessChecks = '{{ readinessChecks }}',
replicaZones = '{{ replicaZones }}',
enableAuditAgent = true|false,
disableTcpConnections = true|false,
allowedPorts = '{{ allowedPorts }}',
grantWorkstationAdminRoleOnCreate = true|false
WHERE
locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}'
AND workstationClustersId = '{{ workstationClustersId }}'
AND workstationConfigsId = '{{ workstationConfigsId }}';
DELETE
example
Deletes the specified workstation_configs
resource.
/*+ delete */
DELETE FROM google.workstations.workstation_configs
WHERE locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}'
AND workstationClustersId = '{{ workstationClustersId }}'
AND workstationConfigsId = '{{ workstationConfigsId }}';