WorkloadIdentityPool

Represents a collection of external workload identities. You can define IAM policies to grant these identities access to Google Cloud resources.

To get more information about WorkloadIdentityPool, see:

Example Usage

Iam Workload Identity Pool Basic

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Gcp.Iam.WorkloadIdentityPool("example", new Gcp.Iam.WorkloadIdentityPoolArgs
        {
            WorkloadIdentityPoolId = "example-pool",
        }, new CustomResourceOptions
        {
            Provider = google_beta,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_gcp as gcp

example = gcp.iam.WorkloadIdentityPool("example", workload_identity_pool_id="example-pool",
opts=pulumi.ResourceOptions(provider=google_beta))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const example = new gcp.iam.WorkloadIdentityPool("example", {workloadIdentityPoolId: "example-pool"}, {
    provider: google_beta,
});

Iam Workload Identity Pool Full

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Gcp.Iam.WorkloadIdentityPool("example", new Gcp.Iam.WorkloadIdentityPoolArgs
        {
            WorkloadIdentityPoolId = "example-pool",
            DisplayName = "Name of pool",
            Description = "Identity pool for automated test",
            Disabled = true,
        }, new CustomResourceOptions
        {
            Provider = google_beta,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewWorkloadIdentityPool(ctx, "example", &iam.WorkloadIdentityPoolArgs{
			WorkloadIdentityPoolId: pulumi.String("example-pool"),
			DisplayName:            pulumi.String("Name of pool"),
			Description:            pulumi.String("Identity pool for automated test"),
			Disabled:               pulumi.Bool(true),
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_gcp as gcp

example = gcp.iam.WorkloadIdentityPool("example",
    workload_identity_pool_id="example-pool",
    display_name="Name of pool",
    description="Identity pool for automated test",
    disabled=True,
    opts=pulumi.ResourceOptions(provider=google_beta))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const example = new gcp.iam.WorkloadIdentityPool("example", {
    workloadIdentityPoolId: "example-pool",
    displayName: "Name of pool",
    description: "Identity pool for automated test",
    disabled: true,
}, {
    provider: google_beta,
});

Create a WorkloadIdentityPool Resource

new WorkloadIdentityPool(name: string, args: WorkloadIdentityPoolArgs, opts?: CustomResourceOptions);
@overload
def WorkloadIdentityPool(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         description: Optional[str] = None,
                         disabled: Optional[bool] = None,
                         display_name: Optional[str] = None,
                         project: Optional[str] = None,
                         workload_identity_pool_id: Optional[str] = None)
@overload
def WorkloadIdentityPool(resource_name: str,
                         args: WorkloadIdentityPoolArgs,
                         opts: Optional[ResourceOptions] = None)
func NewWorkloadIdentityPool(ctx *Context, name string, args WorkloadIdentityPoolArgs, opts ...ResourceOption) (*WorkloadIdentityPool, error)
public WorkloadIdentityPool(string name, WorkloadIdentityPoolArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args WorkloadIdentityPoolArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args WorkloadIdentityPoolArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args WorkloadIdentityPoolArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args WorkloadIdentityPoolArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

WorkloadIdentityPool Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The WorkloadIdentityPool resource accepts the following input properties:

WorkloadIdentityPoolId string
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.
Description string
A description of the pool. Cannot exceed 256 characters.
Disabled bool
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
DisplayName string
A display name for the pool. Cannot exceed 32 characters.
Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
WorkloadIdentityPoolId string
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.
Description string
A description of the pool. Cannot exceed 256 characters.
Disabled bool
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
DisplayName string
A display name for the pool. Cannot exceed 32 characters.
Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
workloadIdentityPoolId string
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.
description string
A description of the pool. Cannot exceed 256 characters.
disabled boolean
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
displayName string
A display name for the pool. Cannot exceed 32 characters.
project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
workload_identity_pool_id str
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.
description str
A description of the pool. Cannot exceed 256 characters.
disabled bool
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
display_name str
A display name for the pool. Cannot exceed 32 characters.
project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Outputs

All input properties are implicitly available as output properties. Additionally, the WorkloadIdentityPool resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Name string
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
State string
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
Id string
The provider-assigned unique ID for this managed resource.
Name string
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
State string
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
id string
The provider-assigned unique ID for this managed resource.
name string
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
state string
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
id str
The provider-assigned unique ID for this managed resource.
name str
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
state str
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.

Look up an Existing WorkloadIdentityPool Resource

Get an existing WorkloadIdentityPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WorkloadIdentityPoolState, opts?: CustomResourceOptions): WorkloadIdentityPool
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        disabled: Optional[bool] = None,
        display_name: Optional[str] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        state: Optional[str] = None,
        workload_identity_pool_id: Optional[str] = None) -> WorkloadIdentityPool
func GetWorkloadIdentityPool(ctx *Context, name string, id IDInput, state *WorkloadIdentityPoolState, opts ...ResourceOption) (*WorkloadIdentityPool, error)
public static WorkloadIdentityPool Get(string name, Input<string> id, WorkloadIdentityPoolState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string
A description of the pool. Cannot exceed 256 characters.
Disabled bool
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
DisplayName string
A display name for the pool. Cannot exceed 32 characters.
Name string
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
State string
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
WorkloadIdentityPoolId string
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.
Description string
A description of the pool. Cannot exceed 256 characters.
Disabled bool
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
DisplayName string
A display name for the pool. Cannot exceed 32 characters.
Name string
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
State string
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
WorkloadIdentityPoolId string
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.
description string
A description of the pool. Cannot exceed 256 characters.
disabled boolean
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
displayName string
A display name for the pool. Cannot exceed 32 characters.
name string
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
state string
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
workloadIdentityPoolId string
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.
description str
A description of the pool. Cannot exceed 256 characters.
disabled bool
Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
display_name str
A display name for the pool. Cannot exceed 32 characters.
name str
The resource name of the pool as ‘projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}’.
project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
state str
The state of the pool. * STATE_UNSPECIFIED: State unspecified. * ACTIVE: The pool is active, and may be used in Google Cloud policies. * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after approximately 30 days. You can restore a soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or use existing tokens to access resources. If the pool is undeleted, existing tokens grant access again.
workload_identity_pool_id str
The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified.

Import

WorkloadIdentityPool can be imported using any of these accepted formats

 $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}
 $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{project}}/{{workload_identity_pool_id}}
 $ pulumi import gcp:iam/workloadIdentityPool:WorkloadIdentityPool default {{workload_identity_pool_id}}

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes
This Pulumi package is based on the google-beta Terraform Provider.