serviceaccount

package
v4.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2021 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Account 

type Account struct {
	pulumi.CustomResourceState

	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email pulumi.StringOutput `pulumi:"email"`
	// The fully-qualified name of the service account.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringOutput `pulumi:"project"`
	// The unique id of the service account.
	UniqueId pulumi.StringOutput `pulumi:"uniqueId"`
}

Allows management of a [Google Cloud Platform service account](https://cloud.google.com/compute/docs/access/service-accounts)

> **Warning:** If you delete and recreate a service account, you must reapply any IAM roles that it had before.

> Creation of service accounts is eventually consistent, and that can lead to errors when you try to apply ACLs to service accounts immediately after creation.

## Example Usage

This snippet creates a service account in a project.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.NewAccount(ctx, "serviceAccount", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("service-account-id"),
			DisplayName: pulumi.String("Service Account"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service accounts can be imported using their URI, e.g.

```sh 

$ pulumi import gcp:serviceAccount/account:Account my_sa projects/my-project/serviceAccounts/my-sa@my-project.iam.gserviceaccount.com

```

func GetAccount 

func GetAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccountState, opts ...pulumi.ResourceOption) (*Account, error)

GetAccount gets an existing Account resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccount 

func NewAccount(ctx *pulumi.Context,
	name string, args *AccountArgs, opts ...pulumi.ResourceOption) (*Account, error)

NewAccount registers a new resource with the given unique name, arguments, and options.

func (Account) ElementType added in v4.4.0 

func (Account) ElementType() reflect.Type

func (Account) ToAccountOutput added in v4.4.0 

func (i Account) ToAccountOutput() AccountOutput

func (Account) ToAccountOutputWithContext added in v4.4.0 

func (i Account) ToAccountOutputWithContext(ctx context.Context) AccountOutput

type AccountArgs 

type AccountArgs struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringInput
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrInput
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a Account resource.

func (AccountArgs) ElementType 

func (AccountArgs) ElementType() reflect.Type

type AccountInput added in v4.4.0 

type AccountInput interface {
	pulumi.Input

	ToAccountOutput() AccountOutput
	ToAccountOutputWithContext(ctx context.Context) AccountOutput
}

type AccountOutput added in v4.4.0 

type AccountOutput struct {
	*pulumi.OutputState
}

func (AccountOutput) ElementType added in v4.4.0 

func (AccountOutput) ElementType() reflect.Type

func (AccountOutput) ToAccountOutput added in v4.4.0 

func (o AccountOutput) ToAccountOutput() AccountOutput

func (AccountOutput) ToAccountOutputWithContext added in v4.4.0 

func (o AccountOutput) ToAccountOutputWithContext(ctx context.Context) AccountOutput

type AccountState 

type AccountState struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringPtrInput
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrInput
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email pulumi.StringPtrInput
	// The fully-qualified name of the service account.
	Name pulumi.StringPtrInput
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
	// The unique id of the service account.
	UniqueId pulumi.StringPtrInput
}

func (AccountState) ElementType 

func (AccountState) ElementType() reflect.Type

type GetAccountAccessTokenArgs 

type GetAccountAccessTokenArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.  (e.g. `["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"]`)
	Delegates []string `pulumi:"delegates"`
	// Lifetime of the impersonated token (defaults to its max: `3600s`).
	Lifetime *string `pulumi:"lifetime"`
	// The scopes the new credential should have (e.g. `["cloud-platform"]`)
	Scopes []string `pulumi:"scopes"`
	// The service account _to_ impersonate (e.g. `service_B@your-project-id.iam.gserviceaccount.com`)
	TargetServiceAccount string `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountAccessToken.

type GetAccountAccessTokenResult 

type GetAccountAccessTokenResult struct {
	// The `accessToken` representing the new generated identity.
	AccessToken string   `pulumi:"accessToken"`
	Delegates   []string `pulumi:"delegates"`
	// The provider-assigned unique ID for this managed resource.
	Id                   string   `pulumi:"id"`
	Lifetime             *string  `pulumi:"lifetime"`
	Scopes               []string `pulumi:"scopes"`
	TargetServiceAccount string   `pulumi:"targetServiceAccount"`
}

A collection of values returned by getAccountAccessToken.

func GetAccountAccessToken 

func GetAccountAccessToken(ctx *pulumi.Context, args *GetAccountAccessTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountAccessTokenResult, error)

This data source provides a google `oauth2` `accessToken` for a different service account than the one initially running the script.

For more information see [the official documentation](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials) as well as [iamcredentials.generateAccessToken()](https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken)

type GetAccountIdTokenArgs 

type GetAccountIdTokenArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.   Used only when using impersonation mode.
	Delegates []string `pulumi:"delegates"`
	// Include the verified email in the claim. Used only when using impersonation mode.
	IncludeEmail *bool `pulumi:"includeEmail"`
	// The audience claim for the `idToken`.
	TargetAudience string `pulumi:"targetAudience"`
	// The email of the service account being impersonated.  Used only when using impersonation mode.
	TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountIdToken.

type GetAccountIdTokenResult 

type GetAccountIdTokenResult struct {
	Delegates []string `pulumi:"delegates"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The `idToken` representing the new generated identity.
	IdToken              string  `pulumi:"idToken"`
	IncludeEmail         *bool   `pulumi:"includeEmail"`
	TargetAudience       string  `pulumi:"targetAudience"`
	TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}

A collection of values returned by getAccountIdToken.

func GetAccountIdToken 

func GetAccountIdToken(ctx *pulumi.Context, args *GetAccountIdTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountIdTokenResult, error)

This data source provides a Google OpenID Connect (`oidc`) `idToken`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).

For more information see [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).

## Example Usage

### ServiceAccount JSON Credential File. 

`serviceAccount.getAccountIdToken` will use the configured provider credentials

### Service Account Impersonation. 

`serviceAccount.getAccountAccessToken` will use background impersonated credentials provided by `serviceAccount.getAccountAccessToken`.

Note: to use the following, you must grant `targetServiceAccount` the
`roles/iam.serviceAccountTokenCreator` role on itself.

type GetAccountKeyArgs 

type GetAccountKeyArgs struct {
	// The name of the service account key. This must have format
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}`
	// is the email address or unique id of the service account.
	Name string `pulumi:"name"`
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project *string `pulumi:"project"`
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType *string `pulumi:"publicKeyType"`
}

A collection of arguments for invoking getAccountKey.

type GetAccountKeyResult 

type GetAccountKeyResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id           string  `pulumi:"id"`
	KeyAlgorithm string  `pulumi:"keyAlgorithm"`
	Name         string  `pulumi:"name"`
	Project      *string `pulumi:"project"`
	// The public key, base64 encoded
	PublicKey     string  `pulumi:"publicKey"`
	PublicKeyType *string `pulumi:"publicKeyType"`
}

A collection of values returned by getAccountKey.

func GetAccountKey 

func GetAccountKey(ctx *pulumi.Context, args *GetAccountKeyArgs, opts ...pulumi.InvokeOption) (*GetAccountKeyResult, error)

Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{
			AccountId: pulumi.String("dev-foo-account"),
		})
		if err != nil {
			return err
		}
		mykeyKey, err := serviceAccount.NewKey(ctx, "mykeyKey", &serviceAccount.KeyArgs{
			ServiceAccountId: myaccount.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type IAMBinding 

type IAMBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the service account IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin_account_iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceAccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce_default_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceAccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMBinding 

func GetIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMBindingState, opts ...pulumi.ResourceOption) (*IAMBinding, error)

GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMBinding 

func NewIAMBinding(ctx *pulumi.Context,
	name string, args *IAMBindingArgs, opts ...pulumi.ResourceOption) (*IAMBinding, error)

NewIAMBinding registers a new resource with the given unique name, arguments, and options.

func (IAMBinding) ElementType added in v4.4.0 

func (IAMBinding) ElementType() reflect.Type

func (IAMBinding) ToIAMBindingOutput added in v4.4.0 

func (i IAMBinding) ToIAMBindingOutput() IAMBindingOutput

func (IAMBinding) ToIAMBindingOutputWithContext added in v4.4.0 

func (i IAMBinding) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingArgs 

type IAMBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMBinding resource.

func (IAMBindingArgs) ElementType 

func (IAMBindingArgs) ElementType() reflect.Type

type IAMBindingCondition 

type IAMBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMBindingConditionArgs 

type IAMBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMBindingConditionArgs) ElementType 

func (IAMBindingConditionArgs) ElementType() reflect.Type

func (IAMBindingConditionArgs) ToIAMBindingConditionOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionInput 

type IAMBindingConditionInput interface {
	pulumi.Input

	ToIAMBindingConditionOutput() IAMBindingConditionOutput
	ToIAMBindingConditionOutputWithContext(context.Context) IAMBindingConditionOutput
}

IAMBindingConditionInput is an input type that accepts IAMBindingConditionArgs and IAMBindingConditionOutput values. You can construct a concrete instance of `IAMBindingConditionInput` via: 

IAMBindingConditionArgs{...}

type IAMBindingConditionOutput 

type IAMBindingConditionOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionOutput) Description 

func (o IAMBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionOutput) ElementType 

func (IAMBindingConditionOutput) ElementType() reflect.Type

func (IAMBindingConditionOutput) Expression 

func (o IAMBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionOutput) Title 

func (o IAMBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionOutput) ToIAMBindingConditionOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionPtrInput 

type IAMBindingConditionPtrInput interface {
	pulumi.Input

	ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
	ToIAMBindingConditionPtrOutputWithContext(context.Context) IAMBindingConditionPtrOutput
}

IAMBindingConditionPtrInput is an input type that accepts IAMBindingConditionArgs, IAMBindingConditionPtr and IAMBindingConditionPtrOutput values. You can construct a concrete instance of `IAMBindingConditionPtrInput` via: 

        IAMBindingConditionArgs{...}

or:

        nil

func IAMBindingConditionPtr 

func IAMBindingConditionPtr(v *IAMBindingConditionArgs) IAMBindingConditionPtrInput

type IAMBindingConditionPtrOutput 

type IAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionPtrOutput) Description 

func (o IAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionPtrOutput) Elem 

func (o IAMBindingConditionPtrOutput) Elem() IAMBindingConditionOutput

func (IAMBindingConditionPtrOutput) ElementType 

func (IAMBindingConditionPtrOutput) ElementType() reflect.Type

func (IAMBindingConditionPtrOutput) Expression 

func (o IAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionPtrOutput) Title 

func (o IAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingInput added in v4.4.0 

type IAMBindingInput interface {
	pulumi.Input

	ToIAMBindingOutput() IAMBindingOutput
	ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
}

type IAMBindingOutput added in v4.4.0 

type IAMBindingOutput struct {
	*pulumi.OutputState
}

func (IAMBindingOutput) ElementType added in v4.4.0 

func (IAMBindingOutput) ElementType() reflect.Type

func (IAMBindingOutput) ToIAMBindingOutput added in v4.4.0 

func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput

func (IAMBindingOutput) ToIAMBindingOutputWithContext added in v4.4.0 

func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingState 

type IAMBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	// (Computed) The etag of the service account IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMBindingState) ElementType 

func (IAMBindingState) ElementType() reflect.Type

type IAMMember 

type IAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the service account IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin_account_iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceAccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce_default_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceAccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMMember 

func GetIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMMemberState, opts ...pulumi.ResourceOption) (*IAMMember, error)

GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMMember 

func NewIAMMember(ctx *pulumi.Context,
	name string, args *IAMMemberArgs, opts ...pulumi.ResourceOption) (*IAMMember, error)

NewIAMMember registers a new resource with the given unique name, arguments, and options.

func (IAMMember) ElementType added in v4.4.0 

func (IAMMember) ElementType() reflect.Type

func (IAMMember) ToIAMMemberOutput added in v4.4.0 

func (i IAMMember) ToIAMMemberOutput() IAMMemberOutput

func (IAMMember) ToIAMMemberOutputWithContext added in v4.4.0 

func (i IAMMember) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberArgs 

type IAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	Member    pulumi.StringInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMMember resource.

func (IAMMemberArgs) ElementType 

func (IAMMemberArgs) ElementType() reflect.Type

type IAMMemberCondition 

type IAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMMemberConditionArgs 

type IAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMMemberConditionArgs) ElementType 

func (IAMMemberConditionArgs) ElementType() reflect.Type

func (IAMMemberConditionArgs) ToIAMMemberConditionOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionInput 

type IAMMemberConditionInput interface {
	pulumi.Input

	ToIAMMemberConditionOutput() IAMMemberConditionOutput
	ToIAMMemberConditionOutputWithContext(context.Context) IAMMemberConditionOutput
}

IAMMemberConditionInput is an input type that accepts IAMMemberConditionArgs and IAMMemberConditionOutput values. You can construct a concrete instance of `IAMMemberConditionInput` via: 

IAMMemberConditionArgs{...}

type IAMMemberConditionOutput 

type IAMMemberConditionOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionOutput) Description 

func (o IAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionOutput) ElementType 

func (IAMMemberConditionOutput) ElementType() reflect.Type

func (IAMMemberConditionOutput) Expression 

func (o IAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionOutput) Title 

func (o IAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionOutput) ToIAMMemberConditionOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionPtrInput 

type IAMMemberConditionPtrInput interface {
	pulumi.Input

	ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
	ToIAMMemberConditionPtrOutputWithContext(context.Context) IAMMemberConditionPtrOutput
}

IAMMemberConditionPtrInput is an input type that accepts IAMMemberConditionArgs, IAMMemberConditionPtr and IAMMemberConditionPtrOutput values. You can construct a concrete instance of `IAMMemberConditionPtrInput` via: 

        IAMMemberConditionArgs{...}

or:

        nil

func IAMMemberConditionPtr 

func IAMMemberConditionPtr(v *IAMMemberConditionArgs) IAMMemberConditionPtrInput

type IAMMemberConditionPtrOutput 

type IAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionPtrOutput) Description 

func (o IAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionPtrOutput) Elem 

func (o IAMMemberConditionPtrOutput) Elem() IAMMemberConditionOutput

func (IAMMemberConditionPtrOutput) ElementType 

func (IAMMemberConditionPtrOutput) ElementType() reflect.Type

func (IAMMemberConditionPtrOutput) Expression 

func (o IAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionPtrOutput) Title 

func (o IAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberInput added in v4.4.0 

type IAMMemberInput interface {
	pulumi.Input

	ToIAMMemberOutput() IAMMemberOutput
	ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
}

type IAMMemberOutput added in v4.4.0 

type IAMMemberOutput struct {
	*pulumi.OutputState
}

func (IAMMemberOutput) ElementType added in v4.4.0 

func (IAMMemberOutput) ElementType() reflect.Type

func (IAMMemberOutput) ToIAMMemberOutput added in v4.4.0 

func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput

func (IAMMemberOutput) ToIAMMemberOutputWithContext added in v4.4.0 

func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberState 

type IAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// (Computed) The etag of the service account IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMMemberState) ElementType 

func (IAMMemberState) ElementType() reflect.Type

type IAMPolicy 

type IAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the service account IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin_account_iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceAccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce_default_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceAccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMPolicy 

func GetIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMPolicyState, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMPolicy 

func NewIAMPolicy(ctx *pulumi.Context,
	name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

NewIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (IAMPolicy) ElementType added in v4.4.0 

func (IAMPolicy) ElementType() reflect.Type

func (IAMPolicy) ToIAMPolicyOutput added in v4.4.0 

func (i IAMPolicy) ToIAMPolicyOutput() IAMPolicyOutput

func (IAMPolicy) ToIAMPolicyOutputWithContext added in v4.4.0 

func (i IAMPolicy) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyArgs 

type IAMPolicyArgs struct {
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMPolicy resource.

func (IAMPolicyArgs) ElementType 

func (IAMPolicyArgs) ElementType() reflect.Type

type IAMPolicyInput added in v4.4.0 

type IAMPolicyInput interface {
	pulumi.Input

	ToIAMPolicyOutput() IAMPolicyOutput
	ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
}

type IAMPolicyOutput added in v4.4.0 

type IAMPolicyOutput struct {
	*pulumi.OutputState
}

func (IAMPolicyOutput) ElementType added in v4.4.0 

func (IAMPolicyOutput) ElementType() reflect.Type

func (IAMPolicyOutput) ToIAMPolicyOutput added in v4.4.0 

func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput

func (IAMPolicyOutput) ToIAMPolicyOutputWithContext added in v4.4.0 

func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyState 

type IAMPolicyState struct {
	// (Computed) The etag of the service account IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMPolicyState) ElementType 

func (IAMPolicyState) ElementType() reflect.Type

type Key 

type Key struct {
	pulumi.CustomResourceState

	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapOutput `pulumi:"keepers"`
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrOutput `pulumi:"keyAlgorithm"`
	// The name used for this key pair
	Name pulumi.StringOutput `pulumi:"name"`
	// The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
	// service account keys through the CLI or web console. This is only populated when creating a new key.
	PrivateKey pulumi.StringOutput `pulumi:"privateKey"`
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrOutput `pulumi:"privateKeyType"`
	// The public key, base64 encoded
	PublicKey pulumi.StringOutput `pulumi:"publicKey"`
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrOutput `pulumi:"publicKeyData"`
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrOutput `pulumi:"publicKeyType"`
	// The Service account id of the Key Pair. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
	// The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidAfter pulumi.StringOutput `pulumi:"validAfter"`
	// The key can be used before this timestamp.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidBefore pulumi.StringOutput `pulumi:"validBefore"`
}

Creates and manages service account key-pairs, which allow the user to establish identity of a service account outside of GCP. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys).

## Example Usage ### Creating A New Key Pair

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("myaccount"),
			DisplayName: pulumi.String("My Service Account"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewKey(ctx, "mykey", &serviceAccount.KeyArgs{
			ServiceAccountId: myaccount.Name,
			PublicKeyType:    pulumi.String("TYPE_X509_PEM_FILE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

This resource does not support import.

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (Key) ElementType added in v4.4.0 

func (Key) ElementType() reflect.Type

func (Key) ToKeyOutput added in v4.4.0 

func (i Key) ToKeyOutput() KeyOutput

func (Key) ToKeyOutputWithContext added in v4.4.0 

func (i Key) ToKeyOutputWithContext(ctx context.Context) KeyOutput

type KeyArgs 

type KeyArgs struct {
	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapInput
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrInput
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrInput
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrInput
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrInput
	// The Service account id of the Key Pair. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a Key resource.

func (KeyArgs) ElementType 

func (KeyArgs) ElementType() reflect.Type

type KeyInput added in v4.4.0 

type KeyInput interface {
	pulumi.Input

	ToKeyOutput() KeyOutput
	ToKeyOutputWithContext(ctx context.Context) KeyOutput
}

type KeyOutput added in v4.4.0 

type KeyOutput struct {
	*pulumi.OutputState
}

func (KeyOutput) ElementType added in v4.4.0 

func (KeyOutput) ElementType() reflect.Type

func (KeyOutput) ToKeyOutput added in v4.4.0 

func (o KeyOutput) ToKeyOutput() KeyOutput

func (KeyOutput) ToKeyOutputWithContext added in v4.4.0 

func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput

type KeyState 

type KeyState struct {
	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapInput
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrInput
	// The name used for this key pair
	Name pulumi.StringPtrInput
	// The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
	// service account keys through the CLI or web console. This is only populated when creating a new key.
	PrivateKey pulumi.StringPtrInput
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrInput
	// The public key, base64 encoded
	PublicKey pulumi.StringPtrInput
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrInput
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrInput
	// The Service account id of the Key Pair. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringPtrInput
	// The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidAfter pulumi.StringPtrInput
	// The key can be used before this timestamp.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidBefore pulumi.StringPtrInput
}

func (KeyState) ElementType 

func (KeyState) ElementType() reflect.Type

type LookupAccountArgs 

type LookupAccountArgs struct {
	// The Service account id.  (This is the part of the service account's email field that comes before the @ symbol.)
	AccountId string `pulumi:"accountId"`
	// The ID of the project that the service account is present in.
	// Defaults to the provider project configuration.
	Project *string `pulumi:"project"`
}

A collection of arguments for invoking getAccount.

type LookupAccountResult 

type LookupAccountResult struct {
	AccountId string `pulumi:"accountId"`
	// The display name for the service account.
	DisplayName string `pulumi:"displayName"`
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email string `pulumi:"email"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The fully-qualified name of the service account.
	Name    string  `pulumi:"name"`
	Project *string `pulumi:"project"`
	// The unique id of the service account.
	UniqueId string `pulumi:"uniqueId"`
}

A collection of values returned by getAccount.

func LookupAccount 

func LookupAccount(ctx *pulumi.Context, args *LookupAccountArgs, opts ...pulumi.InvokeOption) (*LookupAccountResult, error)

Get the service account from a project. For more information see the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.GetAccount(ctx, &serviceAccount.GetAccountArgs{
			AccountId: "object-viewer",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.