Deletes a WorkforcePoolSubject
.
Subject must not already be in a deleted state.
A WorkforcePoolSubject
is automatically created the first time an external credential is exchanged for a Google Cloud credential using a mapped google.subject
attribute. There is no endpoint to manually create a WorkforcePoolSubject
.
For 30 days after a WorkforcePoolSubject
is deleted, using the same google.subject
attribute in token exchanges with Google Cloud STS fails.
Call subjects.undelete
to undelete a WorkforcePoolSubject
that has been deleted, within within 30 days of deleting it.
After 30 days, the WorkforcePoolSubject
is permanently deleted. At this point, a token exchange with Google Cloud STS that uses the same mapped google.subject
attribute automatically creates a new WorkforcePoolSubject
that is unrelated to the previously deleted WorkforcePoolSubject
but has the same google.subject
value.
HTTP request
DELETE https://iam.googleapis.com/v1/{name=locations/*/workforcePools/*/subjects/*}
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The resource name of the Format: |
Request body
The request body must be empty.
Response body
If successful, the response body contains an instance of Operation
.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/iam
For more information, see the Authentication Overview.