REST Resource: locations.workforcePools

Resource: WorkforcePool

Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.

JSON representation
{
  "name": string,
  "parent": string,
  "displayName": string,
  "description": string,
  "state": enum (State),
  "disabled": boolean,
  "sessionDuration": string,
  "expireTime": string,
  "accessRestrictions": {
    object (AccessRestrictions)
  }
}
Fields
name

string

Output only. The resource name of the pool.

Format: locations/{location}/workforcePools/{workforcePoolId}

parent

string

Immutable. The resource name of the parent.

Format: organizations/{org-id}.

displayName

string

A user-specified display name of the pool in Google Cloud Console.

Cannot exceed 32 characters.

description

string

A user-specified description of the pool.

Cannot exceed 256 characters.

state

enum (State)

Output only. The state of the pool.

disabled

boolean

Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

sessionDuration

string (Duration format)

Duration that the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid.

Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If sessionDuration is not configured, minted credentials have a default duration of one hour (3600s).

For SAML providers, the lifetime of the token is the minimum of the sessionDuration and the SessionNotOnOrAfter claim in the SAML assertion.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

expireTime

string (Timestamp format)

Output only. Time after which the workforce pool will be permanently purged and cannot be recovered.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

accessRestrictions

object (AccessRestrictions)

Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.

State

The current state of the pool.

Enums
STATE_UNSPECIFIED State unspecified.
ACTIVE The pool is active and may be used in Google Cloud policies.
DELETED

The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete.

You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.

While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

AccessRestrictions

Access related restrictions on the workforce pool.

JSON representation
{
  "allowedServices": [
    {
      object (ServiceConfig)
    }
  ],
  "disableProgrammaticSignin": boolean
}
Fields
allowedServices[]

object (ServiceConfig)

Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.

disableProgrammaticSignin

boolean

Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.

ServiceConfig

Configuration for a service.

JSON representation
{
  "domain": string
}
Fields
domain

string

Optional. Domain name of the service.

Example: console.cloud.google

Methods

create

Creates a new WorkforcePool.

delete

Deletes a WorkforcePool.

get

Gets an individual WorkforcePool.

getIamPolicy

Gets IAM policies on a WorkforcePool.

list

Lists all non-deleted WorkforcePools under the specified parent.

patch

Updates an existing WorkforcePool.

setIamPolicy

Sets IAM policies on a WorkforcePool.

testIamPermissions

Returns the caller's permissions on the WorkforcePool.

undelete

Undeletes a WorkforcePool, as long as it was deleted fewer than 30 days ago.