import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A set of configuration options describing how a workstation will be run. Workstation configurations are intended to be shared across multiple workstations. * * > **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. * See Provider Versions for more details on beta resources. * * To get more information about WorkstationConfig, see: * * * [API documentation](https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters.workstationConfigs/create) * * How-to Guides * * [Workstations](https://cloud.google.com/workstations/docs/) * * ## Example Usage * * ### Workstation Config Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const tagKey1 = new gcp.tags.TagKey("tag_key1", { * parent: "organizations/123456789", * shortName: "keyname", * }); * const tagValue1 = new gcp.tags.TagValue("tag_value1", { * parent: tagKey1.id, * shortName: "valuename", * }); * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * idleTimeout: "600s", * runningTimeout: "21600s", * replicaZones: [ * "us-central1-a", * "us-central1-b", * ], * annotations: { * "label-one": "value-one", * }, * labels: { * label: "key", * }, * maxUsableWorkstations: 1, * host: { * gceInstance: { * machineType: "e2-standard-4", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * disableSsh: false, * vmTags: pulumi.all([tagKey1.id, tagValue1.id]).apply(([tagKey1Id, tagValue1Id]) => { * [tagKey1Id]: tagValue1Id, * }), * }, * }, * }); * ``` * ### Workstation Config Container * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * host: { * gceInstance: { * machineType: "n1-standard-4", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * enableNestedVirtualization: true, * }, * }, * container: { * image: "intellij", * env: { * NAME: "FOO", * BABE: "bar", * }, * }, * }); * ``` * ### Workstation Config Persistent Directories * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * host: { * gceInstance: { * machineType: "e2-standard-4", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * shieldedInstanceConfig: { * enableSecureBoot: true, * enableVtpm: true, * }, * }, * }, * persistentDirectories: [{ * mountPath: "/home", * gcePd: { * sizeGb: 200, * fsType: "ext4", * diskType: "pd-standard", * reclaimPolicy: "DELETE", * }, * }], * }); * ``` * ### Workstation Config Source Snapshot * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const mySourceDisk = new gcp.compute.Disk("my_source_disk", { * name: "workstation-config", * size: 10, * type: "pd-ssd", * zone: "us-central1-a", * }); * const mySourceSnapshot = new gcp.compute.Snapshot("my_source_snapshot", { * name: "workstation-config", * sourceDisk: mySourceDisk.name, * zone: "us-central1-a", * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: defaultWorkstationCluster.location, * persistentDirectories: [{ * mountPath: "/home", * gcePd: { * sourceSnapshot: mySourceSnapshot.id, * reclaimPolicy: "DELETE", * }, * }], * }); * ``` * ### Workstation Config Shielded Instance Config * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * host: { * gceInstance: { * machineType: "e2-standard-4", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * shieldedInstanceConfig: { * enableSecureBoot: true, * enableVtpm: true, * }, * }, * }, * }); * ``` * ### Workstation Config Accelerators * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * host: { * gceInstance: { * machineType: "n1-standard-2", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * accelerators: [{ * type: "nvidia-tesla-t4", * count: 1, * }], * }, * }, * }); * ``` * ### Workstation Config Boost * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * host: { * gceInstance: { * machineType: "e2-standard-4", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * boostConfigs: [ * { * id: "boost-1", * machineType: "n1-standard-2", * accelerators: [{ * type: "nvidia-tesla-t4", * count: 1, * }], * }, * { * id: "boost-2", * machineType: "n1-standard-2", * poolSize: 2, * bootDiskSizeGb: 30, * enableNestedVirtualization: true, * }, * ], * }, * }, * }); * ``` * ### Workstation Config Encryption Key * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultKeyRing = new gcp.kms.KeyRing("default", { * name: "workstation-cluster", * location: "us-central1", * }); * const defaultCryptoKey = new gcp.kms.CryptoKey("default", { * name: "workstation-cluster", * keyRing: defaultKeyRing.id, * }); * const defaultAccount = new gcp.serviceaccount.Account("default", { * accountId: "my-account", * displayName: "Service Account", * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * host: { * gceInstance: { * machineType: "e2-standard-4", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * shieldedInstanceConfig: { * enableSecureBoot: true, * enableVtpm: true, * }, * }, * }, * encryptionKey: { * kmsKey: defaultCryptoKey.id, * kmsKeyServiceAccount: defaultAccount.email, * }, * }); * ``` * ### Workstation Config Allowed Ports * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "workstation-cluster", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "workstation-cluster", * ipCidrRange: "10.0.0.0/24", * region: "us-central1", * network: _default.name, * }); * const defaultWorkstationCluster = new gcp.workstations.WorkstationCluster("default", { * workstationClusterId: "workstation-cluster", * network: _default.id, * subnetwork: defaultSubnetwork.id, * location: "us-central1", * labels: { * label: "key", * }, * annotations: { * "label-one": "value-one", * }, * }); * const defaultWorkstationConfig = new gcp.workstations.WorkstationConfig("default", { * workstationConfigId: "workstation-config", * workstationClusterId: defaultWorkstationCluster.workstationClusterId, * location: "us-central1", * host: { * gceInstance: { * machineType: "e2-standard-4", * bootDiskSizeGb: 35, * disablePublicIpAddresses: true, * }, * }, * allowedPorts: [ * { * first: 80, * last: 80, * }, * { * first: 22, * last: 22, * }, * { * first: 1024, * last: 65535, * }, * ], * }); * ``` * * ## Import * * WorkstationConfig can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}` * * `{{project}}/{{location}}/{{workstation_cluster_id}}/{{workstation_config_id}}` * * `{{location}}/{{workstation_cluster_id}}/{{workstation_config_id}}` * * When using the `pulumi import` command, WorkstationConfig can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:workstations/workstationConfig:WorkstationConfig default projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}} * $ pulumi import gcp:workstations/workstationConfig:WorkstationConfig default {{project}}/{{location}}/{{workstation_cluster_id}}/{{workstation_config_id}} * $ pulumi import gcp:workstations/workstationConfig:WorkstationConfig default {{location}}/{{workstation_cluster_id}}/{{workstation_config_id}} * ``` */ export declare class WorkstationConfig extends pulumi.CustomResource { /** * Get an existing WorkstationConfig resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: WorkstationConfigState, opts?: pulumi.CustomResourceOptions): WorkstationConfig; /** * Returns true if the given object is an instance of WorkstationConfig. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is WorkstationConfig; /** * A list of port ranges specifying single ports or ranges of ports that are externally accessible in the workstation. Allowed ports must be one of 22, 80, or within range 1024-65535. If not specified defaults to ports 22, 80, and ports 1024-65535. * Structure is documented below. */ readonly allowedPorts: pulumi.Output; /** * Client-specified annotations. This is distinct from labels. * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ readonly annotations: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Status conditions describing the current resource state. * Structure is documented below. */ readonly conditions: pulumi.Output; /** * Container that will be run for each workstation using this configuration when that workstation is started. * Structure is documented below. */ readonly container: pulumi.Output; /** * Time when this resource was created. */ readonly createTime: pulumi.Output; /** * Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. Details can be found in the conditions field. */ readonly degraded: pulumi.Output; /** * Disables support for plain TCP connections in the workstation. By default the service supports TCP connections via a websocket relay. Setting this option to true disables that relay, which prevents the usage of services that require plain tcp connections, such as ssh. When enabled, all communication must occur over https or wss. */ readonly disableTcpConnections: pulumi.Output; /** * Human-readable name for this resource. */ readonly displayName: pulumi.Output; /** * All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. */ readonly effectiveAnnotations: pulumi.Output<{ [key: string]: string; }>; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Whether to enable Linux `auditd` logging on the workstation. When enabled, a service account must also be specified that has `logging.buckets.write` permission on the project. Operating system audit logging is distinct from Cloud Audit Logs. */ readonly enableAuditAgent: pulumi.Output; /** * Encrypts resources of this workstation configuration using a customer-managed encryption key. * If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. * If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. * If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours. * Structure is documented below. */ readonly encryptionKey: pulumi.Output; /** * Ephemeral directories which won't persist across workstation sessions. * Structure is documented below. */ readonly ephemeralDirectories: pulumi.Output; /** * Checksum computed by the server. * May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. */ readonly etag: pulumi.Output; /** * Runtime host for a workstation. * Structure is documented below. */ readonly host: pulumi.Output; /** * How long to wait before automatically stopping an instance that hasn't recently received any user traffic. A value of 0 indicates that this instance should never time out from idleness. Defaults to 20 minutes. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ readonly idleTimeout: pulumi.Output; /** * Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The location where the workstation cluster config should reside. */ readonly location: pulumi.Output; /** * Maximum number of workstations under this configuration a user can have workstations.workstation.use permission on. Only enforced on CreateWorkstation API calls on the user issuing the API request. */ readonly maxUsableWorkstations: pulumi.Output; /** * Full name of this resource. */ readonly name: pulumi.Output; /** * Directories to persist across workstation sessions. * Structure is documented below. */ readonly persistentDirectories: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * Readiness checks to be performed on a workstation. * Structure is documented below. */ readonly readinessChecks: pulumi.Output; /** * Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, `['us-central1-a', 'us-central1-f']`. * If this field is empty, two default zones within the region are used. Immutable after the workstation configuration is created. */ readonly replicaZones: pulumi.Output; /** * How long to wait before automatically stopping a workstation after it was started. A value of 0 indicates that workstations using this configuration should never time out from running duration. Must be greater than 0 and less than 24 hours if `encryptionKey` is set. Defaults to 12 hours. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ readonly runningTimeout: pulumi.Output; /** * The system-generated UID of the resource. */ readonly uid: pulumi.Output; /** * The ID of the parent workstation cluster. */ readonly workstationClusterId: pulumi.Output; /** * The ID to be assigned to the workstation cluster config. */ readonly workstationConfigId: pulumi.Output; /** * Create a WorkstationConfig resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkstationConfigArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering WorkstationConfig resources. */ export interface WorkstationConfigState { /** * A list of port ranges specifying single ports or ranges of ports that are externally accessible in the workstation. Allowed ports must be one of 22, 80, or within range 1024-65535. If not specified defaults to ports 22, 80, and ports 1024-65535. * Structure is documented below. */ allowedPorts?: pulumi.Input[]>; /** * Client-specified annotations. This is distinct from labels. * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Status conditions describing the current resource state. * Structure is documented below. */ conditions?: pulumi.Input[]>; /** * Container that will be run for each workstation using this configuration when that workstation is started. * Structure is documented below. */ container?: pulumi.Input; /** * Time when this resource was created. */ createTime?: pulumi.Input; /** * Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. Details can be found in the conditions field. */ degraded?: pulumi.Input; /** * Disables support for plain TCP connections in the workstation. By default the service supports TCP connections via a websocket relay. Setting this option to true disables that relay, which prevents the usage of services that require plain tcp connections, such as ssh. When enabled, all communication must occur over https or wss. */ disableTcpConnections?: pulumi.Input; /** * Human-readable name for this resource. */ displayName?: pulumi.Input; /** * All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. */ effectiveAnnotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Whether to enable Linux `auditd` logging on the workstation. When enabled, a service account must also be specified that has `logging.buckets.write` permission on the project. Operating system audit logging is distinct from Cloud Audit Logs. */ enableAuditAgent?: pulumi.Input; /** * Encrypts resources of this workstation configuration using a customer-managed encryption key. * If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. * If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. * If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours. * Structure is documented below. */ encryptionKey?: pulumi.Input; /** * Ephemeral directories which won't persist across workstation sessions. * Structure is documented below. */ ephemeralDirectories?: pulumi.Input[]>; /** * Checksum computed by the server. * May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. */ etag?: pulumi.Input; /** * Runtime host for a workstation. * Structure is documented below. */ host?: pulumi.Input; /** * How long to wait before automatically stopping an instance that hasn't recently received any user traffic. A value of 0 indicates that this instance should never time out from idleness. Defaults to 20 minutes. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ idleTimeout?: pulumi.Input; /** * Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location where the workstation cluster config should reside. */ location?: pulumi.Input; /** * Maximum number of workstations under this configuration a user can have workstations.workstation.use permission on. Only enforced on CreateWorkstation API calls on the user issuing the API request. */ maxUsableWorkstations?: pulumi.Input; /** * Full name of this resource. */ name?: pulumi.Input; /** * Directories to persist across workstation sessions. * Structure is documented below. */ persistentDirectories?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Readiness checks to be performed on a workstation. * Structure is documented below. */ readinessChecks?: pulumi.Input[]>; /** * Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, `['us-central1-a', 'us-central1-f']`. * If this field is empty, two default zones within the region are used. Immutable after the workstation configuration is created. */ replicaZones?: pulumi.Input[]>; /** * How long to wait before automatically stopping a workstation after it was started. A value of 0 indicates that workstations using this configuration should never time out from running duration. Must be greater than 0 and less than 24 hours if `encryptionKey` is set. Defaults to 12 hours. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ runningTimeout?: pulumi.Input; /** * The system-generated UID of the resource. */ uid?: pulumi.Input; /** * The ID of the parent workstation cluster. */ workstationClusterId?: pulumi.Input; /** * The ID to be assigned to the workstation cluster config. */ workstationConfigId?: pulumi.Input; } /** * The set of arguments for constructing a WorkstationConfig resource. */ export interface WorkstationConfigArgs { /** * A list of port ranges specifying single ports or ranges of ports that are externally accessible in the workstation. Allowed ports must be one of 22, 80, or within range 1024-65535. If not specified defaults to ports 22, 80, and ports 1024-65535. * Structure is documented below. */ allowedPorts?: pulumi.Input[]>; /** * Client-specified annotations. This is distinct from labels. * **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. * Please refer to the field `effectiveAnnotations` for all of the annotations present on the resource. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Container that will be run for each workstation using this configuration when that workstation is started. * Structure is documented below. */ container?: pulumi.Input; /** * Disables support for plain TCP connections in the workstation. By default the service supports TCP connections via a websocket relay. Setting this option to true disables that relay, which prevents the usage of services that require plain tcp connections, such as ssh. When enabled, all communication must occur over https or wss. */ disableTcpConnections?: pulumi.Input; /** * Human-readable name for this resource. */ displayName?: pulumi.Input; /** * Whether to enable Linux `auditd` logging on the workstation. When enabled, a service account must also be specified that has `logging.buckets.write` permission on the project. Operating system audit logging is distinct from Cloud Audit Logs. */ enableAuditAgent?: pulumi.Input; /** * Encrypts resources of this workstation configuration using a customer-managed encryption key. * If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. * If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. * If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours. * Structure is documented below. */ encryptionKey?: pulumi.Input; /** * Ephemeral directories which won't persist across workstation sessions. * Structure is documented below. */ ephemeralDirectories?: pulumi.Input[]>; /** * Runtime host for a workstation. * Structure is documented below. */ host?: pulumi.Input; /** * How long to wait before automatically stopping an instance that hasn't recently received any user traffic. A value of 0 indicates that this instance should never time out from idleness. Defaults to 20 minutes. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ idleTimeout?: pulumi.Input; /** * Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location where the workstation cluster config should reside. */ location: pulumi.Input; /** * Maximum number of workstations under this configuration a user can have workstations.workstation.use permission on. Only enforced on CreateWorkstation API calls on the user issuing the API request. */ maxUsableWorkstations?: pulumi.Input; /** * Directories to persist across workstation sessions. * Structure is documented below. */ persistentDirectories?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Readiness checks to be performed on a workstation. * Structure is documented below. */ readinessChecks?: pulumi.Input[]>; /** * Specifies the zones used to replicate the VM and disk resources within the region. If set, exactly two zones within the workstation cluster's region must be specified—for example, `['us-central1-a', 'us-central1-f']`. * If this field is empty, two default zones within the region are used. Immutable after the workstation configuration is created. */ replicaZones?: pulumi.Input[]>; /** * How long to wait before automatically stopping a workstation after it was started. A value of 0 indicates that workstations using this configuration should never time out from running duration. Must be greater than 0 and less than 24 hours if `encryptionKey` is set. Defaults to 12 hours. * A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". */ runningTimeout?: pulumi.Input; /** * The ID of the parent workstation cluster. */ workstationClusterId: pulumi.Input; /** * The ID to be assigned to the workstation cluster config. */ workstationConfigId: pulumi.Input; }