You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/iam_v1.locations.workforcePools.html
+4-4Lines changed: 4 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -139,7 +139,7 @@ <h3>Method Details</h3>
139
139
140
140
{ # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.
141
141
"description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters.
142
-
"disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
142
+
"disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
143
143
"displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
144
144
"name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`
145
145
"parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
@@ -228,7 +228,7 @@ <h3>Method Details</h3>
228
228
229
229
{ # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.
230
230
"description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters.
231
-
"disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
231
+
"disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
232
232
"displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
233
233
"name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`
234
234
"parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
@@ -316,7 +316,7 @@ <h3>Method Details</h3>
316
316
"workforcePools": [ # A list of pools.
317
317
{ # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.
318
318
"description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters.
319
-
"disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
319
+
"disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
320
320
"displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
321
321
"name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`
322
322
"parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
@@ -352,7 +352,7 @@ <h3>Method Details</h3>
352
352
353
353
{ # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies.
354
354
"description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters.
355
-
"disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
355
+
"disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
356
356
"displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.
357
357
"name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`
358
358
"parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`.
Copy file name to clipboardExpand all lines: docs/dyn/iam_v1.locations.workforcePools.providers.html
+20-4Lines changed: 20 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -129,12 +129,16 @@ <h3>Method Details</h3>
129
129
"a_key": "A String",
130
130
},
131
131
"description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters.
132
-
"disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
132
+
"disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
133
133
"displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters.
134
134
"name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`
135
135
"oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration.
136
136
"clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider.
137
137
"issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
138
+
"webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
139
+
"assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
140
+
"responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in.
141
+
},
138
142
},
139
143
"saml": { # Represents a SAML identity provider. # A SAML identity provider configuration.
140
144
"idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.
@@ -227,12 +231,16 @@ <h3>Method Details</h3>
227
231
"a_key": "A String",
228
232
},
229
233
"description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters.
230
-
"disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
234
+
"disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
231
235
"displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters.
232
236
"name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`
233
237
"oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration.
234
238
"clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider.
235
239
"issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
240
+
"webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
241
+
"assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
242
+
"responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in.
243
+
},
236
244
},
237
245
"saml": { # Represents a SAML identity provider. # A SAML identity provider configuration.
238
246
"idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.
@@ -267,12 +275,16 @@ <h3>Method Details</h3>
267
275
"a_key": "A String",
268
276
},
269
277
"description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters.
270
-
"disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
278
+
"disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
271
279
"displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters.
272
280
"name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`
273
281
"oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration.
274
282
"clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider.
275
283
"issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
284
+
"webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
285
+
"assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
286
+
"responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in.
287
+
},
276
288
},
277
289
"saml": { # Represents a SAML identity provider. # A SAML identity provider configuration.
278
290
"idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.
@@ -312,12 +324,16 @@ <h3>Method Details</h3>
312
324
"a_key": "A String",
313
325
},
314
326
"description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters.
315
-
"disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
327
+
"disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
316
328
"displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters.
317
329
"name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}`
318
330
"oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration.
319
331
"clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider.
320
332
"issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
333
+
"webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
334
+
"assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.
335
+
"responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in.
336
+
},
321
337
},
322
338
"saml": { # Represents a SAML identity provider. # A SAML identity provider configuration.
323
339
"idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.
0 commit comments