- release_tracks: [ALPHA]

  help_text:
    brief: Set the IAM policy for a worker pool.
    description: |
      This command replaces the existing IAM policy for a worker pool, given a worker pool
      and a file encoded in JSON or YAML that contains the IAM policy. If the
      given policy file specifies an "etag" value, then the replacement will
      succeed only if the policy already in place matches that etag. (An etag
      obtain via `get-iam-policy` will prevent the replacement if the policy
      for the worker pool has been subsequently updated.) A policy file that does not
      contain an etag value will replace any existing policy for the worker pool.
    examples: |
      The following command will read an IAM policy defined in a JSON file
      'policy.json' and set it for a worker pool with identifier
      'my-worker-pool'

        $ {command} --region=us-central1 my-worker-pool policy.json

      See https://cloud.google.com/iam/docs/managing-policies for details of the
      policy file format and contents.

  request:
    collection: run.projects.locations.workerpools
    modify_request_hooks:
    - googlecloudsdk.command_lib.run.platforms:ValidatePlatformIsManaged

  arguments:
    resource:
      help_text: The service for which to set the IAM policy.
      spec: !REF googlecloudsdk.command_lib.run.resources:workerpool

  ALPHA:
    iam:
      policy_version: 3
      get_iam_policy_version_path: options_requestedPolicyVersion