REST Resource: locations.workforcePools

Resource: WorkforcePool
- JSON representation
State
AccessRestrictions
- JSON representation
ServiceConfig
- JSON representation
Methods

Resource: WorkforcePool

Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.

JSON representation

JSON representation
{ "name": string, "parent": string, "displayName": string, "description": string, "state": enum (`State`), "disabled": boolean, "sessionDuration": string, "expireTime": string, "accessRestrictions": { object (`AccessRestrictions`) } }

{
  "name": string,
  "parent": string,
  "displayName": string,
  "description": string,
  "state": enum (State),
  "disabled": boolean,
  "sessionDuration": string,
  "expireTime": string,
  "accessRestrictions": {
    object (AccessRestrictions)
  }
}

Fields
`name`	`string` Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforcePoolId}`
`parent`	`string` Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
`displayName`	`string` A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
`description`	`string` A user-specified description of the pool. Cannot exceed 256 characters.
`state`	`enum (State)` Output only. The state of the pool.
`disabled`	`boolean` Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
`sessionDuration`	`string (Duration format)` Duration that the Google Cloud access tokens, console sign-in sessions, and `gcloud` sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). For SAML providers, the lifetime of the token is the minimum of the `sessionDuration` and the `SessionNotOnOrAfter` claim in the SAML assertion. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.
`expireTime`	`string (Timestamp format)` Output only. Time after which the workforce pool will be permanently purged and cannot be recovered. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`accessRestrictions`	`object (AccessRestrictions)` Optional. Configure access restrictions on the workforce pool users. This is an optional field. If specified web sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.

State

The current state of the pool.

Enums

STATE_UNSPECIFIED State unspecified.

ACTIVE The pool is active and may be used in Google Cloud policies.

Enums
`STATE_UNSPECIFIED`	State unspecified.
`ACTIVE`	The pool is active and may be used in Google Cloud policies.
`DELETED`	The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using `workforcePools.undelete`. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

DELETED

The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using workforcePools.undelete.

You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.

While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

AccessRestrictions

Access related restrictions on the workforce pool.

JSON representation
{ "allowedServices": [ { object (`ServiceConfig`) } ], "disableProgrammaticSignin": boolean }

Fields

Fields
`allowedServices[]`	`object (ServiceConfig)` Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
`disableProgrammaticSignin`	`boolean` Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.

allowedServices[]

object (ServiceConfig)

Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.

disableProgrammaticSignin

boolean

Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See Security Token Service API.

ServiceConfig

Configuration for a service.

JSON representation
{ "domain": string }

Fields

Fields
`domain`	`string` Optional. Domain name of the service. Example: console.cloud.google

domain

string

Optional. Domain name of the service.

Example: console.cloud.google

Methods
`create`	Creates a new `WorkforcePool`.
`delete`	Deletes a `WorkforcePool`.
`get`	Gets an individual `WorkforcePool`.
`getIamPolicy`	Gets IAM policies on a `WorkforcePool`.
`list`	Lists all non-deleted `WorkforcePool`s under the specified parent.
`patch`	Updates an existing `WorkforcePool`.
`setIamPolicy`	Sets IAM policies on a `WorkforcePool`.
`testIamPermissions`	Returns the caller's permissions on the `WorkforcePool`.
`undelete`	Undeletes a `WorkforcePool`, as long as it was deleted fewer than 30 days ago.

REST Resource: locations.workforcePools

Resource: WorkforcePool

State

AccessRestrictions

ServiceConfig

Methods

`create`

`delete`

`get`

`getIamPolicy`

`list`

`patch`

`setIamPolicy`

`testIamPermissions`

`undelete`