--- # ---------------------------------------------------------------------------- # # *** AUTO GENERATED CODE *** Type: MMv1 *** # # ---------------------------------------------------------------------------- # # This code is generated by Magic Modules using the following: # # Configuration: https:#github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iambeta/WorkloadIdentityPoolNamespace.yaml # Template: https:#github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/resource.html.markdown.tmpl # # DO NOT EDIT this file directly. Any changes made to this file will be # overwritten during the next generation cycle. # # ---------------------------------------------------------------------------- subcategory: "Cloud IAM" description: |- Represents a namespace for a workload identity pool. --- # google_iam_workload_identity_pool_namespace Represents a namespace for a workload identity pool. Namespaces are used to segment identities within the pool. ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. To get more information about WorkloadIdentityPoolNamespace, see: * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.namespaces) * How-to Guides * [Configure managed workload identity authentication for Compute Engine](https://cloud.google.com/iam/docs/create-managed-workload-identities) * [Configure managed workload identity authentication for GKE](https://cloud.google.com/iam/docs/create-managed-workload-identities-gke)
Open in Cloud Shell
## Example Usage - Iam Workload Identity Pool Namespace Basic ```hcl resource "google_iam_workload_identity_pool" "pool" { provider = google-beta workload_identity_pool_id = "example-pool" mode = "TRUST_DOMAIN" } resource "google_iam_workload_identity_pool_namespace" "example" { provider = google-beta workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id workload_identity_pool_namespace_id = "example-nmspc" } ```
Open in Cloud Shell
## Example Usage - Iam Workload Identity Pool Namespace Full ```hcl resource "google_iam_workload_identity_pool" "pool" { provider = google-beta workload_identity_pool_id = "example-pool" mode = "TRUST_DOMAIN" } resource "google_iam_workload_identity_pool_namespace" "example" { provider = google-beta workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id workload_identity_pool_namespace_id = "example-nmspc" description = "Example Namespace in a Workload Identity Pool" disabled = false } ``` ## Argument Reference The following arguments are supported: * `workload_identity_pool_id` - (Required) The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified. * `workload_identity_pool_namespace_id` - (Required) The ID to use for the namespace. This value must: * contain at most 63 characters * contain only lowercase alphanumeric characters or `-` * start with an alphanumeric character * end with an alphanumeric character The prefix `gcp-` will be reserved for future uses. - - - * `description` - (Optional) A description of the namespace. Cannot exceed 256 characters. * `disabled` - (Optional) Whether the namespace is disabled. If disabled, credentials may no longer be issued for identities within this namespace, however existing credentials will still be accepted until they expire. * `project` - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. ## Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: * `id` - an identifier for the resource with format `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}` * `name` - The resource name of the namespace as `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/namespaces/{workload_identity_pool_namespace_id}`. * `state` - The current state of the namespace. * `STATE_UNSPECIFIED`: State unspecified. * `ACTIVE`: The namespace is active. * `DELETED`: The namespace is soft-deleted. Soft-deleted namespaces are permanently deleted after approximately 30 days. You can restore a soft-deleted namespace using UndeleteWorkloadIdentityPoolNamespace. You cannot reuse the ID of a soft-deleted namespace until it is permanently deleted. * `owner_service` - Defines the owner that is allowed to mutate this resource. If present, this resource can only be mutated by the owner. Structure is [documented below](#nested_owner_service). The `owner_service` block contains: * `principal_subject` - (Required) The service agent principal subject, e.g. `serviceAccount:service-1234@gcp-sa-gkehub.iam.gserviceaccount.com`. ## Timeouts This resource provides the following [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: - `create` - Default is 20 minutes. - `update` - Default is 20 minutes. - `delete` - Default is 20 minutes. ## Import WorkloadIdentityPoolNamespace can be imported using any of these accepted formats: * `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}` * `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}` * `{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}` In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import WorkloadIdentityPoolNamespace using one of the formats above. For example: ```tf import { id = "projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}" to = google_iam_workload_identity_pool_namespace.default } ``` When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), WorkloadIdentityPoolNamespace can be imported using one of the formats above. For example: ``` $ terraform import google_iam_workload_identity_pool_namespace.default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}} $ terraform import google_iam_workload_identity_pool_namespace.default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}} $ terraform import google_iam_workload_identity_pool_namespace.default {{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}} ``` ## User Project Overrides This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).