serviceaccount

package
v6.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2022 License: Apache-2.0 Imports: 7 Imported by: 11

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Account 

type Account struct {
	pulumi.CustomResourceState

	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Whether a service account is disabled or not. Defaults to `false`. This field has no effect during creation.
	// Must be set after creation to disable a service account.
	Disabled pulumi.BoolPtrOutput `pulumi:"disabled"`
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email pulumi.StringOutput `pulumi:"email"`
	// The fully-qualified name of the service account.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringOutput `pulumi:"project"`
	// The unique id of the service account.
	UniqueId pulumi.StringOutput `pulumi:"uniqueId"`
}

Allows management of a Google Cloud service account.

* [API documentation](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts) * How-to Guides

> **Warning:** If you delete and recreate a service account, you must reapply any IAM roles that it had before.

> Creation of service accounts is eventually consistent, and that can lead to errors when you try to apply ACLs to service accounts immediately after creation.

## Example Usage

This snippet creates a service account in a project.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.NewAccount(ctx, "serviceAccount", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("service-account-id"),
			DisplayName: pulumi.String("Service Account"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service accounts can be imported using their URI, e.g.

```sh 

$ pulumi import gcp:serviceAccount/account:Account my_sa projects/my-project/serviceAccounts/my-sa@my-project.iam.gserviceaccount.com

```

func GetAccount 

func GetAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccountState, opts ...pulumi.ResourceOption) (*Account, error)

GetAccount gets an existing Account resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccount 

func NewAccount(ctx *pulumi.Context,
	name string, args *AccountArgs, opts ...pulumi.ResourceOption) (*Account, error)

NewAccount registers a new resource with the given unique name, arguments, and options.

func (*Account) ElementType 

func (*Account) ElementType() reflect.Type

func (*Account) ToAccountOutput 

func (i *Account) ToAccountOutput() AccountOutput

func (*Account) ToAccountOutputWithContext 

func (i *Account) ToAccountOutputWithContext(ctx context.Context) AccountOutput

type AccountArgs 

type AccountArgs struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringInput
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// Whether a service account is disabled or not. Defaults to `false`. This field has no effect during creation.
	// Must be set after creation to disable a service account.
	Disabled pulumi.BoolPtrInput
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrInput
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a Account resource.

func (AccountArgs) ElementType 

func (AccountArgs) ElementType() reflect.Type

type AccountArray 

type AccountArray []AccountInput

func (AccountArray) ElementType 

func (AccountArray) ElementType() reflect.Type

func (AccountArray) ToAccountArrayOutput 

func (i AccountArray) ToAccountArrayOutput() AccountArrayOutput

func (AccountArray) ToAccountArrayOutputWithContext 

func (i AccountArray) ToAccountArrayOutputWithContext(ctx context.Context) AccountArrayOutput

type AccountArrayInput 

type AccountArrayInput interface {
	pulumi.Input

	ToAccountArrayOutput() AccountArrayOutput
	ToAccountArrayOutputWithContext(context.Context) AccountArrayOutput
}

AccountArrayInput is an input type that accepts AccountArray and AccountArrayOutput values. You can construct a concrete instance of `AccountArrayInput` via: 

AccountArray{ AccountArgs{...} }

type AccountArrayOutput 

type AccountArrayOutput struct{ *pulumi.OutputState }

func (AccountArrayOutput) ElementType 

func (AccountArrayOutput) ElementType() reflect.Type

func (AccountArrayOutput) Index 

func (o AccountArrayOutput) Index(i pulumi.IntInput) AccountOutput

func (AccountArrayOutput) ToAccountArrayOutput 

func (o AccountArrayOutput) ToAccountArrayOutput() AccountArrayOutput

func (AccountArrayOutput) ToAccountArrayOutputWithContext 

func (o AccountArrayOutput) ToAccountArrayOutputWithContext(ctx context.Context) AccountArrayOutput

type AccountInput 

type AccountInput interface {
	pulumi.Input

	ToAccountOutput() AccountOutput
	ToAccountOutputWithContext(ctx context.Context) AccountOutput
}

type AccountMap 

type AccountMap map[string]AccountInput

func (AccountMap) ElementType 

func (AccountMap) ElementType() reflect.Type

func (AccountMap) ToAccountMapOutput 

func (i AccountMap) ToAccountMapOutput() AccountMapOutput

func (AccountMap) ToAccountMapOutputWithContext 

func (i AccountMap) ToAccountMapOutputWithContext(ctx context.Context) AccountMapOutput

type AccountMapInput 

type AccountMapInput interface {
	pulumi.Input

	ToAccountMapOutput() AccountMapOutput
	ToAccountMapOutputWithContext(context.Context) AccountMapOutput
}

AccountMapInput is an input type that accepts AccountMap and AccountMapOutput values. You can construct a concrete instance of `AccountMapInput` via: 

AccountMap{ "key": AccountArgs{...} }

type AccountMapOutput 

type AccountMapOutput struct{ *pulumi.OutputState }

func (AccountMapOutput) ElementType 

func (AccountMapOutput) ElementType() reflect.Type

func (AccountMapOutput) MapIndex 

func (o AccountMapOutput) MapIndex(k pulumi.StringInput) AccountOutput

func (AccountMapOutput) ToAccountMapOutput 

func (o AccountMapOutput) ToAccountMapOutput() AccountMapOutput

func (AccountMapOutput) ToAccountMapOutputWithContext 

func (o AccountMapOutput) ToAccountMapOutputWithContext(ctx context.Context) AccountMapOutput

type AccountOutput 

type AccountOutput struct{ *pulumi.OutputState }

func (AccountOutput) ElementType 

func (AccountOutput) ElementType() reflect.Type

func (AccountOutput) ToAccountOutput 

func (o AccountOutput) ToAccountOutput() AccountOutput

func (AccountOutput) ToAccountOutputWithContext 

func (o AccountOutput) ToAccountOutputWithContext(ctx context.Context) AccountOutput

type AccountState 

type AccountState struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringPtrInput
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// Whether a service account is disabled or not. Defaults to `false`. This field has no effect during creation.
	// Must be set after creation to disable a service account.
	Disabled pulumi.BoolPtrInput
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrInput
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email pulumi.StringPtrInput
	// The fully-qualified name of the service account.
	Name pulumi.StringPtrInput
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
	// The unique id of the service account.
	UniqueId pulumi.StringPtrInput
}

func (AccountState) ElementType 

func (AccountState) ElementType() reflect.Type

type GetAccountAccessTokenArgs 

type GetAccountAccessTokenArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.  (e.g. `["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"]`)
	Delegates []string `pulumi:"delegates"`
	// Lifetime of the impersonated token (defaults to its max: `3600s`).
	Lifetime *string `pulumi:"lifetime"`
	// The scopes the new credential should have (e.g. `["cloud-platform"]`)
	Scopes []string `pulumi:"scopes"`
	// The service account _to_ impersonate (e.g. `service_B@your-project-id.iam.gserviceaccount.com`)
	TargetServiceAccount string `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountAccessToken.

type GetAccountAccessTokenOutputArgs 

type GetAccountAccessTokenOutputArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.  (e.g. `["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"]`)
	Delegates pulumi.StringArrayInput `pulumi:"delegates"`
	// Lifetime of the impersonated token (defaults to its max: `3600s`).
	Lifetime pulumi.StringPtrInput `pulumi:"lifetime"`
	// The scopes the new credential should have (e.g. `["cloud-platform"]`)
	Scopes pulumi.StringArrayInput `pulumi:"scopes"`
	// The service account _to_ impersonate (e.g. `service_B@your-project-id.iam.gserviceaccount.com`)
	TargetServiceAccount pulumi.StringInput `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountAccessToken.

func (GetAccountAccessTokenOutputArgs) ElementType 

func (GetAccountAccessTokenOutputArgs) ElementType() reflect.Type

type GetAccountAccessTokenResult 

type GetAccountAccessTokenResult struct {
	// The `accessToken` representing the new generated identity.
	AccessToken string   `pulumi:"accessToken"`
	Delegates   []string `pulumi:"delegates"`
	// The provider-assigned unique ID for this managed resource.
	Id                   string   `pulumi:"id"`
	Lifetime             *string  `pulumi:"lifetime"`
	Scopes               []string `pulumi:"scopes"`
	TargetServiceAccount string   `pulumi:"targetServiceAccount"`
}

A collection of values returned by getAccountAccessToken.

func GetAccountAccessToken 

func GetAccountAccessToken(ctx *pulumi.Context, args *GetAccountAccessTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountAccessTokenResult, error)

This data source provides a google `oauth2` `accessToken` for a different service account than the one initially running the script.

For more information see [the official documentation](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials) as well as [iamcredentials.generateAccessToken()](https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken)

type GetAccountAccessTokenResultOutput 

type GetAccountAccessTokenResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccountAccessToken.

func GetAccountAccessTokenOutput 

func GetAccountAccessTokenOutput(ctx *pulumi.Context, args GetAccountAccessTokenOutputArgs, opts ...pulumi.InvokeOption) GetAccountAccessTokenResultOutput

func (GetAccountAccessTokenResultOutput) AccessToken 

func (o GetAccountAccessTokenResultOutput) AccessToken() pulumi.StringOutput

The `accessToken` representing the new generated identity.

func (GetAccountAccessTokenResultOutput) Delegates 

func (o GetAccountAccessTokenResultOutput) Delegates() pulumi.StringArrayOutput

func (GetAccountAccessTokenResultOutput) ElementType 

func (GetAccountAccessTokenResultOutput) ElementType() reflect.Type

func (GetAccountAccessTokenResultOutput) Id 

func (o GetAccountAccessTokenResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccountAccessTokenResultOutput) Lifetime 

func (o GetAccountAccessTokenResultOutput) Lifetime() pulumi.StringPtrOutput

func (GetAccountAccessTokenResultOutput) Scopes 

func (o GetAccountAccessTokenResultOutput) Scopes() pulumi.StringArrayOutput

func (GetAccountAccessTokenResultOutput) TargetServiceAccount 

func (o GetAccountAccessTokenResultOutput) TargetServiceAccount() pulumi.StringOutput

func (GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutput 

func (o GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutput() GetAccountAccessTokenResultOutput

func (GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutputWithContext 

func (o GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutputWithContext(ctx context.Context) GetAccountAccessTokenResultOutput

type GetAccountIdTokenArgs 

type GetAccountIdTokenArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.   Used only when using impersonation mode.
	Delegates []string `pulumi:"delegates"`
	// Include the verified email in the claim. Used only when using impersonation mode.
	IncludeEmail *bool `pulumi:"includeEmail"`
	// The audience claim for the `idToken`.
	TargetAudience string `pulumi:"targetAudience"`
	// The email of the service account being impersonated.  Used only when using impersonation mode.
	TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountIdToken.

type GetAccountIdTokenOutputArgs 

type GetAccountIdTokenOutputArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.   Used only when using impersonation mode.
	Delegates pulumi.StringArrayInput `pulumi:"delegates"`
	// Include the verified email in the claim. Used only when using impersonation mode.
	IncludeEmail pulumi.BoolPtrInput `pulumi:"includeEmail"`
	// The audience claim for the `idToken`.
	TargetAudience pulumi.StringInput `pulumi:"targetAudience"`
	// The email of the service account being impersonated.  Used only when using impersonation mode.
	TargetServiceAccount pulumi.StringPtrInput `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountIdToken.

func (GetAccountIdTokenOutputArgs) ElementType 

func (GetAccountIdTokenOutputArgs) ElementType() reflect.Type

type GetAccountIdTokenResult 

type GetAccountIdTokenResult struct {
	Delegates []string `pulumi:"delegates"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The `idToken` representing the new generated identity.
	IdToken              string  `pulumi:"idToken"`
	IncludeEmail         *bool   `pulumi:"includeEmail"`
	TargetAudience       string  `pulumi:"targetAudience"`
	TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}

A collection of values returned by getAccountIdToken.

func GetAccountIdToken 

func GetAccountIdToken(ctx *pulumi.Context, args *GetAccountIdTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountIdTokenResult, error)

This data source provides a Google OpenID Connect (`oidc`) `idToken`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).

For more information see [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).

## Example Usage

### ServiceAccount JSON Credential File. 

`serviceAccount.getAccountIdToken` will use the configured provider credentials

### Service Account Impersonation. 

`serviceAccount.getAccountAccessToken` will use background impersonated credentials provided by `serviceAccount.getAccountAccessToken`.

Note: to use the following, you must grant `targetServiceAccount` the
`roles/iam.serviceAccountTokenCreator` role on itself.

type GetAccountIdTokenResultOutput 

type GetAccountIdTokenResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccountIdToken.

func GetAccountIdTokenOutput 

func GetAccountIdTokenOutput(ctx *pulumi.Context, args GetAccountIdTokenOutputArgs, opts ...pulumi.InvokeOption) GetAccountIdTokenResultOutput

func (GetAccountIdTokenResultOutput) Delegates 

func (o GetAccountIdTokenResultOutput) Delegates() pulumi.StringArrayOutput

func (GetAccountIdTokenResultOutput) ElementType 

func (GetAccountIdTokenResultOutput) ElementType() reflect.Type

func (GetAccountIdTokenResultOutput) Id 

func (o GetAccountIdTokenResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccountIdTokenResultOutput) IdToken 

func (o GetAccountIdTokenResultOutput) IdToken() pulumi.StringOutput

The `idToken` representing the new generated identity.

func (GetAccountIdTokenResultOutput) IncludeEmail 

func (o GetAccountIdTokenResultOutput) IncludeEmail() pulumi.BoolPtrOutput

func (GetAccountIdTokenResultOutput) TargetAudience 

func (o GetAccountIdTokenResultOutput) TargetAudience() pulumi.StringOutput

func (GetAccountIdTokenResultOutput) TargetServiceAccount 

func (o GetAccountIdTokenResultOutput) TargetServiceAccount() pulumi.StringPtrOutput

func (GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutput 

func (o GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutput() GetAccountIdTokenResultOutput

func (GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutputWithContext 

func (o GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutputWithContext(ctx context.Context) GetAccountIdTokenResultOutput

type GetAccountKeyArgs 

type GetAccountKeyArgs struct {
	// The name of the service account key. This must have format
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}`
	// is the email address or unique id of the service account.
	Name string `pulumi:"name"`
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project *string `pulumi:"project"`
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType *string `pulumi:"publicKeyType"`
}

A collection of arguments for invoking getAccountKey.

type GetAccountKeyOutputArgs 

type GetAccountKeyOutputArgs struct {
	// The name of the service account key. This must have format
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}`
	// is the email address or unique id of the service account.
	Name pulumi.StringInput `pulumi:"name"`
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput `pulumi:"project"`
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrInput `pulumi:"publicKeyType"`
}

A collection of arguments for invoking getAccountKey.

func (GetAccountKeyOutputArgs) ElementType 

func (GetAccountKeyOutputArgs) ElementType() reflect.Type

type GetAccountKeyResult 

type GetAccountKeyResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id           string  `pulumi:"id"`
	KeyAlgorithm string  `pulumi:"keyAlgorithm"`
	Name         string  `pulumi:"name"`
	Project      *string `pulumi:"project"`
	// The public key, base64 encoded
	PublicKey     string  `pulumi:"publicKey"`
	PublicKeyType *string `pulumi:"publicKeyType"`
}

A collection of values returned by getAccountKey.

func GetAccountKey 

func GetAccountKey(ctx *pulumi.Context, args *GetAccountKeyArgs, opts ...pulumi.InvokeOption) (*GetAccountKeyResult, error)

Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{
			AccountId: pulumi.String("dev-foo-account"),
		})
		if err != nil {
			return err
		}
		mykeyKey, err := serviceAccount.NewKey(ctx, "mykeyKey", &serviceAccount.KeyArgs{
			ServiceAccountId: myaccount.Name,
		})
		if err != nil {
			return err
		}
		_ = serviceAccount.GetAccountKeyOutput(ctx, serviceaccount.GetAccountKeyOutputArgs{
			Name:          mykeyKey.Name,
			PublicKeyType: pulumi.String("TYPE_X509_PEM_FILE"),
		}, nil)
		return nil
	})
}

```

type GetAccountKeyResultOutput 

type GetAccountKeyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccountKey.

func GetAccountKeyOutput 

func GetAccountKeyOutput(ctx *pulumi.Context, args GetAccountKeyOutputArgs, opts ...pulumi.InvokeOption) GetAccountKeyResultOutput

func (GetAccountKeyResultOutput) ElementType 

func (GetAccountKeyResultOutput) ElementType() reflect.Type

func (GetAccountKeyResultOutput) Id 

func (o GetAccountKeyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccountKeyResultOutput) KeyAlgorithm 

func (o GetAccountKeyResultOutput) KeyAlgorithm() pulumi.StringOutput

func (GetAccountKeyResultOutput) Name 

func (o GetAccountKeyResultOutput) Name() pulumi.StringOutput

func (GetAccountKeyResultOutput) Project 

func (o GetAccountKeyResultOutput) Project() pulumi.StringPtrOutput

func (GetAccountKeyResultOutput) PublicKey 

func (o GetAccountKeyResultOutput) PublicKey() pulumi.StringOutput

The public key, base64 encoded

func (GetAccountKeyResultOutput) PublicKeyType 

func (o GetAccountKeyResultOutput) PublicKeyType() pulumi.StringPtrOutput

func (GetAccountKeyResultOutput) ToGetAccountKeyResultOutput 

func (o GetAccountKeyResultOutput) ToGetAccountKeyResultOutput() GetAccountKeyResultOutput

func (GetAccountKeyResultOutput) ToGetAccountKeyResultOutputWithContext 

func (o GetAccountKeyResultOutput) ToGetAccountKeyResultOutputWithContext(ctx context.Context) GetAccountKeyResultOutput

type IAMBinding 

type IAMBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the service account IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceaccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceaccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMBinding 

func GetIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMBindingState, opts ...pulumi.ResourceOption) (*IAMBinding, error)

GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMBinding 

func NewIAMBinding(ctx *pulumi.Context,
	name string, args *IAMBindingArgs, opts ...pulumi.ResourceOption) (*IAMBinding, error)

NewIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*IAMBinding) ElementType 

func (*IAMBinding) ElementType() reflect.Type

func (*IAMBinding) ToIAMBindingOutput 

func (i *IAMBinding) ToIAMBindingOutput() IAMBindingOutput

func (*IAMBinding) ToIAMBindingOutputWithContext 

func (i *IAMBinding) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingArgs 

type IAMBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMBinding resource.

func (IAMBindingArgs) ElementType 

func (IAMBindingArgs) ElementType() reflect.Type

type IAMBindingArray 

type IAMBindingArray []IAMBindingInput

func (IAMBindingArray) ElementType 

func (IAMBindingArray) ElementType() reflect.Type

func (IAMBindingArray) ToIAMBindingArrayOutput 

func (i IAMBindingArray) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArray) ToIAMBindingArrayOutputWithContext 

func (i IAMBindingArray) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingArrayInput 

type IAMBindingArrayInput interface {
	pulumi.Input

	ToIAMBindingArrayOutput() IAMBindingArrayOutput
	ToIAMBindingArrayOutputWithContext(context.Context) IAMBindingArrayOutput
}

IAMBindingArrayInput is an input type that accepts IAMBindingArray and IAMBindingArrayOutput values. You can construct a concrete instance of `IAMBindingArrayInput` via: 

IAMBindingArray{ IAMBindingArgs{...} }

type IAMBindingArrayOutput 

type IAMBindingArrayOutput struct{ *pulumi.OutputState }

func (IAMBindingArrayOutput) ElementType 

func (IAMBindingArrayOutput) ElementType() reflect.Type

func (IAMBindingArrayOutput) Index 

func (o IAMBindingArrayOutput) Index(i pulumi.IntInput) IAMBindingOutput

func (IAMBindingArrayOutput) ToIAMBindingArrayOutput 

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext 

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingCondition 

type IAMBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMBindingConditionArgs 

type IAMBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMBindingConditionArgs) ElementType 

func (IAMBindingConditionArgs) ElementType() reflect.Type

func (IAMBindingConditionArgs) ToIAMBindingConditionOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionInput 

type IAMBindingConditionInput interface {
	pulumi.Input

	ToIAMBindingConditionOutput() IAMBindingConditionOutput
	ToIAMBindingConditionOutputWithContext(context.Context) IAMBindingConditionOutput
}

IAMBindingConditionInput is an input type that accepts IAMBindingConditionArgs and IAMBindingConditionOutput values. You can construct a concrete instance of `IAMBindingConditionInput` via: 

IAMBindingConditionArgs{...}

type IAMBindingConditionOutput 

type IAMBindingConditionOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionOutput) Description 

func (o IAMBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionOutput) ElementType 

func (IAMBindingConditionOutput) ElementType() reflect.Type

func (IAMBindingConditionOutput) Expression 

func (o IAMBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionOutput) Title 

func (o IAMBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionOutput) ToIAMBindingConditionOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionPtrInput 

type IAMBindingConditionPtrInput interface {
	pulumi.Input

	ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
	ToIAMBindingConditionPtrOutputWithContext(context.Context) IAMBindingConditionPtrOutput
}

IAMBindingConditionPtrInput is an input type that accepts IAMBindingConditionArgs, IAMBindingConditionPtr and IAMBindingConditionPtrOutput values. You can construct a concrete instance of `IAMBindingConditionPtrInput` via: 

        IAMBindingConditionArgs{...}

or:

        nil

func IAMBindingConditionPtr 

func IAMBindingConditionPtr(v *IAMBindingConditionArgs) IAMBindingConditionPtrInput

type IAMBindingConditionPtrOutput 

type IAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionPtrOutput) Description 

func (o IAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionPtrOutput) Elem 

func (o IAMBindingConditionPtrOutput) Elem() IAMBindingConditionOutput

func (IAMBindingConditionPtrOutput) ElementType 

func (IAMBindingConditionPtrOutput) ElementType() reflect.Type

func (IAMBindingConditionPtrOutput) Expression 

func (o IAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionPtrOutput) Title 

func (o IAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingInput 

type IAMBindingInput interface {
	pulumi.Input

	ToIAMBindingOutput() IAMBindingOutput
	ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
}

type IAMBindingMap 

type IAMBindingMap map[string]IAMBindingInput

func (IAMBindingMap) ElementType 

func (IAMBindingMap) ElementType() reflect.Type

func (IAMBindingMap) ToIAMBindingMapOutput 

func (i IAMBindingMap) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMap) ToIAMBindingMapOutputWithContext 

func (i IAMBindingMap) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingMapInput 

type IAMBindingMapInput interface {
	pulumi.Input

	ToIAMBindingMapOutput() IAMBindingMapOutput
	ToIAMBindingMapOutputWithContext(context.Context) IAMBindingMapOutput
}

IAMBindingMapInput is an input type that accepts IAMBindingMap and IAMBindingMapOutput values. You can construct a concrete instance of `IAMBindingMapInput` via: 

IAMBindingMap{ "key": IAMBindingArgs{...} }

type IAMBindingMapOutput 

type IAMBindingMapOutput struct{ *pulumi.OutputState }

func (IAMBindingMapOutput) ElementType 

func (IAMBindingMapOutput) ElementType() reflect.Type

func (IAMBindingMapOutput) MapIndex 

func (o IAMBindingMapOutput) MapIndex(k pulumi.StringInput) IAMBindingOutput

func (IAMBindingMapOutput) ToIAMBindingMapOutput 

func (o IAMBindingMapOutput) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMapOutput) ToIAMBindingMapOutputWithContext 

func (o IAMBindingMapOutput) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingOutput 

type IAMBindingOutput struct{ *pulumi.OutputState }

func (IAMBindingOutput) ElementType 

func (IAMBindingOutput) ElementType() reflect.Type

func (IAMBindingOutput) ToIAMBindingOutput 

func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput

func (IAMBindingOutput) ToIAMBindingOutputWithContext 

func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingState 

type IAMBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	// (Computed) The etag of the service account IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMBindingState) ElementType 

func (IAMBindingState) ElementType() reflect.Type

type IAMMember 

type IAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the service account IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceaccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceaccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMMember 

func GetIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMMemberState, opts ...pulumi.ResourceOption) (*IAMMember, error)

GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMMember 

func NewIAMMember(ctx *pulumi.Context,
	name string, args *IAMMemberArgs, opts ...pulumi.ResourceOption) (*IAMMember, error)

NewIAMMember registers a new resource with the given unique name, arguments, and options.

func (*IAMMember) ElementType 

func (*IAMMember) ElementType() reflect.Type

func (*IAMMember) ToIAMMemberOutput 

func (i *IAMMember) ToIAMMemberOutput() IAMMemberOutput

func (*IAMMember) ToIAMMemberOutputWithContext 

func (i *IAMMember) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberArgs 

type IAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	Member    pulumi.StringInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMMember resource.

func (IAMMemberArgs) ElementType 

func (IAMMemberArgs) ElementType() reflect.Type

type IAMMemberArray 

type IAMMemberArray []IAMMemberInput

func (IAMMemberArray) ElementType 

func (IAMMemberArray) ElementType() reflect.Type

func (IAMMemberArray) ToIAMMemberArrayOutput 

func (i IAMMemberArray) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArray) ToIAMMemberArrayOutputWithContext 

func (i IAMMemberArray) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberArrayInput 

type IAMMemberArrayInput interface {
	pulumi.Input

	ToIAMMemberArrayOutput() IAMMemberArrayOutput
	ToIAMMemberArrayOutputWithContext(context.Context) IAMMemberArrayOutput
}

IAMMemberArrayInput is an input type that accepts IAMMemberArray and IAMMemberArrayOutput values. You can construct a concrete instance of `IAMMemberArrayInput` via: 

IAMMemberArray{ IAMMemberArgs{...} }

type IAMMemberArrayOutput 

type IAMMemberArrayOutput struct{ *pulumi.OutputState }

func (IAMMemberArrayOutput) ElementType 

func (IAMMemberArrayOutput) ElementType() reflect.Type

func (IAMMemberArrayOutput) Index 

func (o IAMMemberArrayOutput) Index(i pulumi.IntInput) IAMMemberOutput

func (IAMMemberArrayOutput) ToIAMMemberArrayOutput 

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext 

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberCondition 

type IAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMMemberConditionArgs 

type IAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMMemberConditionArgs) ElementType 

func (IAMMemberConditionArgs) ElementType() reflect.Type

func (IAMMemberConditionArgs) ToIAMMemberConditionOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionInput 

type IAMMemberConditionInput interface {
	pulumi.Input

	ToIAMMemberConditionOutput() IAMMemberConditionOutput
	ToIAMMemberConditionOutputWithContext(context.Context) IAMMemberConditionOutput
}

IAMMemberConditionInput is an input type that accepts IAMMemberConditionArgs and IAMMemberConditionOutput values. You can construct a concrete instance of `IAMMemberConditionInput` via: 

IAMMemberConditionArgs{...}

type IAMMemberConditionOutput 

type IAMMemberConditionOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionOutput) Description 

func (o IAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionOutput) ElementType 

func (IAMMemberConditionOutput) ElementType() reflect.Type

func (IAMMemberConditionOutput) Expression 

func (o IAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionOutput) Title 

func (o IAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionOutput) ToIAMMemberConditionOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionPtrInput 

type IAMMemberConditionPtrInput interface {
	pulumi.Input

	ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
	ToIAMMemberConditionPtrOutputWithContext(context.Context) IAMMemberConditionPtrOutput
}

IAMMemberConditionPtrInput is an input type that accepts IAMMemberConditionArgs, IAMMemberConditionPtr and IAMMemberConditionPtrOutput values. You can construct a concrete instance of `IAMMemberConditionPtrInput` via: 

        IAMMemberConditionArgs{...}

or:

        nil

func IAMMemberConditionPtr 

func IAMMemberConditionPtr(v *IAMMemberConditionArgs) IAMMemberConditionPtrInput

type IAMMemberConditionPtrOutput 

type IAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionPtrOutput) Description 

func (o IAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionPtrOutput) Elem 

func (o IAMMemberConditionPtrOutput) Elem() IAMMemberConditionOutput

func (IAMMemberConditionPtrOutput) ElementType 

func (IAMMemberConditionPtrOutput) ElementType() reflect.Type

func (IAMMemberConditionPtrOutput) Expression 

func (o IAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionPtrOutput) Title 

func (o IAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberInput 

type IAMMemberInput interface {
	pulumi.Input

	ToIAMMemberOutput() IAMMemberOutput
	ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
}

type IAMMemberMap 

type IAMMemberMap map[string]IAMMemberInput

func (IAMMemberMap) ElementType 

func (IAMMemberMap) ElementType() reflect.Type

func (IAMMemberMap) ToIAMMemberMapOutput 

func (i IAMMemberMap) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMap) ToIAMMemberMapOutputWithContext 

func (i IAMMemberMap) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberMapInput 

type IAMMemberMapInput interface {
	pulumi.Input

	ToIAMMemberMapOutput() IAMMemberMapOutput
	ToIAMMemberMapOutputWithContext(context.Context) IAMMemberMapOutput
}

IAMMemberMapInput is an input type that accepts IAMMemberMap and IAMMemberMapOutput values. You can construct a concrete instance of `IAMMemberMapInput` via: 

IAMMemberMap{ "key": IAMMemberArgs{...} }

type IAMMemberMapOutput 

type IAMMemberMapOutput struct{ *pulumi.OutputState }

func (IAMMemberMapOutput) ElementType 

func (IAMMemberMapOutput) ElementType() reflect.Type

func (IAMMemberMapOutput) MapIndex 

func (o IAMMemberMapOutput) MapIndex(k pulumi.StringInput) IAMMemberOutput

func (IAMMemberMapOutput) ToIAMMemberMapOutput 

func (o IAMMemberMapOutput) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMapOutput) ToIAMMemberMapOutputWithContext 

func (o IAMMemberMapOutput) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberOutput 

type IAMMemberOutput struct{ *pulumi.OutputState }

func (IAMMemberOutput) ElementType 

func (IAMMemberOutput) ElementType() reflect.Type

func (IAMMemberOutput) ToIAMMemberOutput 

func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput

func (IAMMemberOutput) ToIAMMemberOutputWithContext 

func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberState 

type IAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// (Computed) The etag of the service account IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMMemberState) ElementType 

func (IAMMemberState) ElementType() reflect.Type

type IAMPolicy 

type IAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the service account IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceaccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceaccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMPolicy 

func GetIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMPolicyState, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMPolicy 

func NewIAMPolicy(ctx *pulumi.Context,
	name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

NewIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*IAMPolicy) ElementType 

func (*IAMPolicy) ElementType() reflect.Type

func (*IAMPolicy) ToIAMPolicyOutput 

func (i *IAMPolicy) ToIAMPolicyOutput() IAMPolicyOutput

func (*IAMPolicy) ToIAMPolicyOutputWithContext 

func (i *IAMPolicy) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyArgs 

type IAMPolicyArgs struct {
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMPolicy resource.

func (IAMPolicyArgs) ElementType 

func (IAMPolicyArgs) ElementType() reflect.Type

type IAMPolicyArray 

type IAMPolicyArray []IAMPolicyInput

func (IAMPolicyArray) ElementType 

func (IAMPolicyArray) ElementType() reflect.Type

func (IAMPolicyArray) ToIAMPolicyArrayOutput 

func (i IAMPolicyArray) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArray) ToIAMPolicyArrayOutputWithContext 

func (i IAMPolicyArray) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyArrayInput 

type IAMPolicyArrayInput interface {
	pulumi.Input

	ToIAMPolicyArrayOutput() IAMPolicyArrayOutput
	ToIAMPolicyArrayOutputWithContext(context.Context) IAMPolicyArrayOutput
}

IAMPolicyArrayInput is an input type that accepts IAMPolicyArray and IAMPolicyArrayOutput values. You can construct a concrete instance of `IAMPolicyArrayInput` via: 

IAMPolicyArray{ IAMPolicyArgs{...} }

type IAMPolicyArrayOutput 

type IAMPolicyArrayOutput struct{ *pulumi.OutputState }

func (IAMPolicyArrayOutput) ElementType 

func (IAMPolicyArrayOutput) ElementType() reflect.Type

func (IAMPolicyArrayOutput) Index 

func (o IAMPolicyArrayOutput) Index(i pulumi.IntInput) IAMPolicyOutput

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutput 

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext 

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyInput 

type IAMPolicyInput interface {
	pulumi.Input

	ToIAMPolicyOutput() IAMPolicyOutput
	ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
}

type IAMPolicyMap 

type IAMPolicyMap map[string]IAMPolicyInput

func (IAMPolicyMap) ElementType 

func (IAMPolicyMap) ElementType() reflect.Type

func (IAMPolicyMap) ToIAMPolicyMapOutput 

func (i IAMPolicyMap) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMap) ToIAMPolicyMapOutputWithContext 

func (i IAMPolicyMap) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyMapInput 

type IAMPolicyMapInput interface {
	pulumi.Input

	ToIAMPolicyMapOutput() IAMPolicyMapOutput
	ToIAMPolicyMapOutputWithContext(context.Context) IAMPolicyMapOutput
}

IAMPolicyMapInput is an input type that accepts IAMPolicyMap and IAMPolicyMapOutput values. You can construct a concrete instance of `IAMPolicyMapInput` via: 

IAMPolicyMap{ "key": IAMPolicyArgs{...} }

type IAMPolicyMapOutput 

type IAMPolicyMapOutput struct{ *pulumi.OutputState }

func (IAMPolicyMapOutput) ElementType 

func (IAMPolicyMapOutput) ElementType() reflect.Type

func (IAMPolicyMapOutput) MapIndex 

func (o IAMPolicyMapOutput) MapIndex(k pulumi.StringInput) IAMPolicyOutput

func (IAMPolicyMapOutput) ToIAMPolicyMapOutput 

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext 

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyOutput 

type IAMPolicyOutput struct{ *pulumi.OutputState }

func (IAMPolicyOutput) ElementType 

func (IAMPolicyOutput) ElementType() reflect.Type

func (IAMPolicyOutput) ToIAMPolicyOutput 

func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput

func (IAMPolicyOutput) ToIAMPolicyOutputWithContext 

func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyState 

type IAMPolicyState struct {
	// (Computed) The etag of the service account IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMPolicyState) ElementType 

func (IAMPolicyState) ElementType() reflect.Type

type Key 

type Key struct {
	pulumi.CustomResourceState

	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapOutput `pulumi:"keepers"`
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrOutput `pulumi:"keyAlgorithm"`
	// The name used for this key pair
	Name pulumi.StringOutput `pulumi:"name"`
	// The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
	// service account keys through the CLI or web console. This is only populated when creating a new key.
	PrivateKey pulumi.StringOutput `pulumi:"privateKey"`
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrOutput `pulumi:"privateKeyType"`
	// The public key, base64 encoded
	PublicKey pulumi.StringOutput `pulumi:"publicKey"`
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrOutput `pulumi:"publicKeyData"`
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrOutput `pulumi:"publicKeyType"`
	// The Service account id of the Key. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
	// The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidAfter pulumi.StringOutput `pulumi:"validAfter"`
	// The key can be used before this timestamp.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidBefore pulumi.StringOutput `pulumi:"validBefore"`
}

Creates and manages service account keys, which allow the use of a service account outside of Google Cloud.

* [API documentation](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys) * How-to Guides

## Example Usage ### Creating A New Key

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("myaccount"),
			DisplayName: pulumi.String("My Service Account"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewKey(ctx, "mykey", &serviceAccount.KeyArgs{
			ServiceAccountId: myaccount.Name,
			PublicKeyType:    pulumi.String("TYPE_X509_PEM_FILE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

This resource does not support import.

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) ElementType 

func (*Key) ElementType() reflect.Type

func (*Key) ToKeyOutput 

func (i *Key) ToKeyOutput() KeyOutput

func (*Key) ToKeyOutputWithContext 

func (i *Key) ToKeyOutputWithContext(ctx context.Context) KeyOutput

type KeyArgs 

type KeyArgs struct {
	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapInput
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrInput
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrInput
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrInput
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrInput
	// The Service account id of the Key. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a Key resource.

func (KeyArgs) ElementType 

func (KeyArgs) ElementType() reflect.Type

type KeyArray 

type KeyArray []KeyInput

func (KeyArray) ElementType 

func (KeyArray) ElementType() reflect.Type

func (KeyArray) ToKeyArrayOutput 

func (i KeyArray) ToKeyArrayOutput() KeyArrayOutput

func (KeyArray) ToKeyArrayOutputWithContext 

func (i KeyArray) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput

type KeyArrayInput 

type KeyArrayInput interface {
	pulumi.Input

	ToKeyArrayOutput() KeyArrayOutput
	ToKeyArrayOutputWithContext(context.Context) KeyArrayOutput
}

KeyArrayInput is an input type that accepts KeyArray and KeyArrayOutput values. You can construct a concrete instance of `KeyArrayInput` via: 

KeyArray{ KeyArgs{...} }

type KeyArrayOutput 

type KeyArrayOutput struct{ *pulumi.OutputState }

func (KeyArrayOutput) ElementType 

func (KeyArrayOutput) ElementType() reflect.Type

func (KeyArrayOutput) Index 

func (o KeyArrayOutput) Index(i pulumi.IntInput) KeyOutput

func (KeyArrayOutput) ToKeyArrayOutput 

func (o KeyArrayOutput) ToKeyArrayOutput() KeyArrayOutput

func (KeyArrayOutput) ToKeyArrayOutputWithContext 

func (o KeyArrayOutput) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput

type KeyInput 

type KeyInput interface {
	pulumi.Input

	ToKeyOutput() KeyOutput
	ToKeyOutputWithContext(ctx context.Context) KeyOutput
}

type KeyMap 

type KeyMap map[string]KeyInput

func (KeyMap) ElementType 

func (KeyMap) ElementType() reflect.Type

func (KeyMap) ToKeyMapOutput 

func (i KeyMap) ToKeyMapOutput() KeyMapOutput

func (KeyMap) ToKeyMapOutputWithContext 

func (i KeyMap) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput

type KeyMapInput 

type KeyMapInput interface {
	pulumi.Input

	ToKeyMapOutput() KeyMapOutput
	ToKeyMapOutputWithContext(context.Context) KeyMapOutput
}

KeyMapInput is an input type that accepts KeyMap and KeyMapOutput values. You can construct a concrete instance of `KeyMapInput` via: 

KeyMap{ "key": KeyArgs{...} }

type KeyMapOutput 

type KeyMapOutput struct{ *pulumi.OutputState }

func (KeyMapOutput) ElementType 

func (KeyMapOutput) ElementType() reflect.Type

func (KeyMapOutput) MapIndex 

func (o KeyMapOutput) MapIndex(k pulumi.StringInput) KeyOutput

func (KeyMapOutput) ToKeyMapOutput 

func (o KeyMapOutput) ToKeyMapOutput() KeyMapOutput

func (KeyMapOutput) ToKeyMapOutputWithContext 

func (o KeyMapOutput) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput

type KeyOutput 

type KeyOutput struct{ *pulumi.OutputState }

func (KeyOutput) ElementType 

func (KeyOutput) ElementType() reflect.Type

func (KeyOutput) ToKeyOutput 

func (o KeyOutput) ToKeyOutput() KeyOutput

func (KeyOutput) ToKeyOutputWithContext 

func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput

type KeyState 

type KeyState struct {
	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapInput
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrInput
	// The name used for this key pair
	Name pulumi.StringPtrInput
	// The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
	// service account keys through the CLI or web console. This is only populated when creating a new key.
	PrivateKey pulumi.StringPtrInput
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrInput
	// The public key, base64 encoded
	PublicKey pulumi.StringPtrInput
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrInput
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrInput
	// The Service account id of the Key. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringPtrInput
	// The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidAfter pulumi.StringPtrInput
	// The key can be used before this timestamp.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidBefore pulumi.StringPtrInput
}

func (KeyState) ElementType 

func (KeyState) ElementType() reflect.Type

type LookupAccountArgs 

type LookupAccountArgs struct {
	// The Google service account ID. This be one of:
	AccountId string `pulumi:"accountId"`
	// The ID of the project that the service account is present in.
	// Defaults to the provider project configuration.
	Project *string `pulumi:"project"`
}

A collection of arguments for invoking getAccount.

type LookupAccountOutputArgs 

type LookupAccountOutputArgs struct {
	// The Google service account ID. This be one of:
	AccountId pulumi.StringInput `pulumi:"accountId"`
	// The ID of the project that the service account is present in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput `pulumi:"project"`
}

A collection of arguments for invoking getAccount.

func (LookupAccountOutputArgs) ElementType 

func (LookupAccountOutputArgs) ElementType() reflect.Type

type LookupAccountResult 

type LookupAccountResult struct {
	AccountId string `pulumi:"accountId"`
	// The display name for the service account.
	DisplayName string `pulumi:"displayName"`
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email string `pulumi:"email"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The fully-qualified name of the service account.
	Name    string  `pulumi:"name"`
	Project *string `pulumi:"project"`
	// The unique id of the service account.
	UniqueId string `pulumi:"uniqueId"`
}

A collection of values returned by getAccount.

func LookupAccount 

func LookupAccount(ctx *pulumi.Context, args *LookupAccountArgs, opts ...pulumi.InvokeOption) (*LookupAccountResult, error)

Get the service account from a project. For more information see the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.GetAccount(ctx, &serviceaccount.GetAccountArgs{
			AccountId: "object-viewer",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupAccountResultOutput 

type LookupAccountResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccount.

func LookupAccountOutput 

func LookupAccountOutput(ctx *pulumi.Context, args LookupAccountOutputArgs, opts ...pulumi.InvokeOption) LookupAccountResultOutput

func (LookupAccountResultOutput) AccountId 

func (o LookupAccountResultOutput) AccountId() pulumi.StringOutput

func (LookupAccountResultOutput) DisplayName 

func (o LookupAccountResultOutput) DisplayName() pulumi.StringOutput

The display name for the service account.

func (LookupAccountResultOutput) ElementType 

func (LookupAccountResultOutput) ElementType() reflect.Type

func (LookupAccountResultOutput) Email 

func (o LookupAccountResultOutput) Email() pulumi.StringOutput

The e-mail address of the service account. This value should be referenced from any `organizations.getIAMPolicy` data sources that would grant the service account privileges.

func (LookupAccountResultOutput) Id 

func (o LookupAccountResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupAccountResultOutput) Name 

func (o LookupAccountResultOutput) Name() pulumi.StringOutput

The fully-qualified name of the service account.

func (LookupAccountResultOutput) Project 

func (o LookupAccountResultOutput) Project() pulumi.StringPtrOutput

func (LookupAccountResultOutput) ToLookupAccountResultOutput 

func (o LookupAccountResultOutput) ToLookupAccountResultOutput() LookupAccountResultOutput

func (LookupAccountResultOutput) ToLookupAccountResultOutputWithContext 

func (o LookupAccountResultOutput) ToLookupAccountResultOutputWithContext(ctx context.Context) LookupAccountResultOutput

func (LookupAccountResultOutput) UniqueId 

func (o LookupAccountResultOutput) UniqueId() pulumi.StringOutput

The unique id of the service account.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.