Documentation ¶
Index ¶
- type Account
- type AccountArgs
- type AccountArray
- type AccountArrayInput
- type AccountArrayOutput
- type AccountInput
- type AccountMap
- type AccountMapInput
- type AccountMapOutput
- type AccountOutput
- func (o AccountOutput) AccountId() pulumi.StringOutput
- func (o AccountOutput) Description() pulumi.StringPtrOutput
- func (o AccountOutput) Disabled() pulumi.BoolPtrOutput
- func (o AccountOutput) DisplayName() pulumi.StringPtrOutput
- func (AccountOutput) ElementType() reflect.Type
- func (o AccountOutput) Email() pulumi.StringOutput
- func (o AccountOutput) Name() pulumi.StringOutput
- func (o AccountOutput) Project() pulumi.StringOutput
- func (o AccountOutput) ToAccountOutput() AccountOutput
- func (o AccountOutput) ToAccountOutputWithContext(ctx context.Context) AccountOutput
- func (o AccountOutput) UniqueId() pulumi.StringOutput
- type AccountState
- type GetAccountAccessTokenArgs
- type GetAccountAccessTokenOutputArgs
- type GetAccountAccessTokenResult
- type GetAccountAccessTokenResultOutput
- func (o GetAccountAccessTokenResultOutput) AccessToken() pulumi.StringOutput
- func (o GetAccountAccessTokenResultOutput) Delegates() pulumi.StringArrayOutput
- func (GetAccountAccessTokenResultOutput) ElementType() reflect.Type
- func (o GetAccountAccessTokenResultOutput) Id() pulumi.StringOutput
- func (o GetAccountAccessTokenResultOutput) Lifetime() pulumi.StringPtrOutput
- func (o GetAccountAccessTokenResultOutput) Scopes() pulumi.StringArrayOutput
- func (o GetAccountAccessTokenResultOutput) TargetServiceAccount() pulumi.StringOutput
- func (o GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutput() GetAccountAccessTokenResultOutput
- func (o GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutputWithContext(ctx context.Context) GetAccountAccessTokenResultOutput
- type GetAccountIdTokenArgs
- type GetAccountIdTokenOutputArgs
- type GetAccountIdTokenResult
- type GetAccountIdTokenResultOutput
- func (o GetAccountIdTokenResultOutput) Delegates() pulumi.StringArrayOutput
- func (GetAccountIdTokenResultOutput) ElementType() reflect.Type
- func (o GetAccountIdTokenResultOutput) Id() pulumi.StringOutput
- func (o GetAccountIdTokenResultOutput) IdToken() pulumi.StringOutput
- func (o GetAccountIdTokenResultOutput) IncludeEmail() pulumi.BoolPtrOutput
- func (o GetAccountIdTokenResultOutput) TargetAudience() pulumi.StringOutput
- func (o GetAccountIdTokenResultOutput) TargetServiceAccount() pulumi.StringPtrOutput
- func (o GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutput() GetAccountIdTokenResultOutput
- func (o GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutputWithContext(ctx context.Context) GetAccountIdTokenResultOutput
- type GetAccountJwtArgs
- type GetAccountJwtOutputArgs
- type GetAccountJwtResult
- type GetAccountJwtResultOutput
- func (o GetAccountJwtResultOutput) Delegates() pulumi.StringArrayOutput
- func (GetAccountJwtResultOutput) ElementType() reflect.Type
- func (o GetAccountJwtResultOutput) ExpiresIn() pulumi.IntPtrOutput
- func (o GetAccountJwtResultOutput) Id() pulumi.StringOutput
- func (o GetAccountJwtResultOutput) Jwt() pulumi.StringOutput
- func (o GetAccountJwtResultOutput) Payload() pulumi.StringOutput
- func (o GetAccountJwtResultOutput) TargetServiceAccount() pulumi.StringOutput
- func (o GetAccountJwtResultOutput) ToGetAccountJwtResultOutput() GetAccountJwtResultOutput
- func (o GetAccountJwtResultOutput) ToGetAccountJwtResultOutputWithContext(ctx context.Context) GetAccountJwtResultOutput
- type GetAccountKeyArgs
- type GetAccountKeyOutputArgs
- type GetAccountKeyResult
- type GetAccountKeyResultOutput
- func (GetAccountKeyResultOutput) ElementType() reflect.Type
- func (o GetAccountKeyResultOutput) Id() pulumi.StringOutput
- func (o GetAccountKeyResultOutput) KeyAlgorithm() pulumi.StringOutput
- func (o GetAccountKeyResultOutput) Name() pulumi.StringOutput
- func (o GetAccountKeyResultOutput) Project() pulumi.StringPtrOutput
- func (o GetAccountKeyResultOutput) PublicKey() pulumi.StringOutput
- func (o GetAccountKeyResultOutput) PublicKeyType() pulumi.StringPtrOutput
- func (o GetAccountKeyResultOutput) ToGetAccountKeyResultOutput() GetAccountKeyResultOutput
- func (o GetAccountKeyResultOutput) ToGetAccountKeyResultOutputWithContext(ctx context.Context) GetAccountKeyResultOutput
- type IAMBinding
- type IAMBindingArgs
- type IAMBindingArray
- type IAMBindingArrayInput
- type IAMBindingArrayOutput
- func (IAMBindingArrayOutput) ElementType() reflect.Type
- func (o IAMBindingArrayOutput) Index(i pulumi.IntInput) IAMBindingOutput
- func (o IAMBindingArrayOutput) ToIAMBindingArrayOutput() IAMBindingArrayOutput
- func (o IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput
- type IAMBindingCondition
- type IAMBindingConditionArgs
- func (IAMBindingConditionArgs) ElementType() reflect.Type
- func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput
- func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput
- func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
- func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput
- type IAMBindingConditionInput
- type IAMBindingConditionOutput
- func (o IAMBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (IAMBindingConditionOutput) ElementType() reflect.Type
- func (o IAMBindingConditionOutput) Expression() pulumi.StringOutput
- func (o IAMBindingConditionOutput) Title() pulumi.StringOutput
- func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput
- func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput
- func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
- func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput
- type IAMBindingConditionPtrInput
- type IAMBindingConditionPtrOutput
- func (o IAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o IAMBindingConditionPtrOutput) Elem() IAMBindingConditionOutput
- func (IAMBindingConditionPtrOutput) ElementType() reflect.Type
- func (o IAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o IAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
- func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput
- type IAMBindingInput
- type IAMBindingMap
- type IAMBindingMapInput
- type IAMBindingMapOutput
- func (IAMBindingMapOutput) ElementType() reflect.Type
- func (o IAMBindingMapOutput) MapIndex(k pulumi.StringInput) IAMBindingOutput
- func (o IAMBindingMapOutput) ToIAMBindingMapOutput() IAMBindingMapOutput
- func (o IAMBindingMapOutput) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput
- type IAMBindingOutput
- func (o IAMBindingOutput) Condition() IAMBindingConditionPtrOutput
- func (IAMBindingOutput) ElementType() reflect.Type
- func (o IAMBindingOutput) Etag() pulumi.StringOutput
- func (o IAMBindingOutput) Members() pulumi.StringArrayOutput
- func (o IAMBindingOutput) Role() pulumi.StringOutput
- func (o IAMBindingOutput) ServiceAccountId() pulumi.StringOutput
- func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput
- func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
- type IAMBindingState
- type IAMMember
- type IAMMemberArgs
- type IAMMemberArray
- type IAMMemberArrayInput
- type IAMMemberArrayOutput
- func (IAMMemberArrayOutput) ElementType() reflect.Type
- func (o IAMMemberArrayOutput) Index(i pulumi.IntInput) IAMMemberOutput
- func (o IAMMemberArrayOutput) ToIAMMemberArrayOutput() IAMMemberArrayOutput
- func (o IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput
- type IAMMemberCondition
- type IAMMemberConditionArgs
- func (IAMMemberConditionArgs) ElementType() reflect.Type
- func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput
- func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput
- func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
- func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput
- type IAMMemberConditionInput
- type IAMMemberConditionOutput
- func (o IAMMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (IAMMemberConditionOutput) ElementType() reflect.Type
- func (o IAMMemberConditionOutput) Expression() pulumi.StringOutput
- func (o IAMMemberConditionOutput) Title() pulumi.StringOutput
- func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput
- func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput
- func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
- func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput
- type IAMMemberConditionPtrInput
- type IAMMemberConditionPtrOutput
- func (o IAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o IAMMemberConditionPtrOutput) Elem() IAMMemberConditionOutput
- func (IAMMemberConditionPtrOutput) ElementType() reflect.Type
- func (o IAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o IAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
- func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput
- type IAMMemberInput
- type IAMMemberMap
- type IAMMemberMapInput
- type IAMMemberMapOutput
- type IAMMemberOutput
- func (o IAMMemberOutput) Condition() IAMMemberConditionPtrOutput
- func (IAMMemberOutput) ElementType() reflect.Type
- func (o IAMMemberOutput) Etag() pulumi.StringOutput
- func (o IAMMemberOutput) Member() pulumi.StringOutput
- func (o IAMMemberOutput) Role() pulumi.StringOutput
- func (o IAMMemberOutput) ServiceAccountId() pulumi.StringOutput
- func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput
- func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
- type IAMMemberState
- type IAMPolicy
- type IAMPolicyArgs
- type IAMPolicyArray
- type IAMPolicyArrayInput
- type IAMPolicyArrayOutput
- func (IAMPolicyArrayOutput) ElementType() reflect.Type
- func (o IAMPolicyArrayOutput) Index(i pulumi.IntInput) IAMPolicyOutput
- func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput
- func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput
- type IAMPolicyInput
- type IAMPolicyMap
- type IAMPolicyMapInput
- type IAMPolicyMapOutput
- type IAMPolicyOutput
- func (IAMPolicyOutput) ElementType() reflect.Type
- func (o IAMPolicyOutput) Etag() pulumi.StringOutput
- func (o IAMPolicyOutput) PolicyData() pulumi.StringOutput
- func (o IAMPolicyOutput) ServiceAccountId() pulumi.StringOutput
- func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput
- func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
- type IAMPolicyState
- type Key
- type KeyArgs
- type KeyArray
- type KeyArrayInput
- type KeyArrayOutput
- type KeyInput
- type KeyMap
- type KeyMapInput
- type KeyMapOutput
- type KeyOutput
- func (KeyOutput) ElementType() reflect.Type
- func (o KeyOutput) Keepers() pulumi.MapOutput
- func (o KeyOutput) KeyAlgorithm() pulumi.StringPtrOutput
- func (o KeyOutput) Name() pulumi.StringOutput
- func (o KeyOutput) PrivateKey() pulumi.StringOutput
- func (o KeyOutput) PrivateKeyType() pulumi.StringPtrOutput
- func (o KeyOutput) PublicKey() pulumi.StringOutput
- func (o KeyOutput) PublicKeyData() pulumi.StringPtrOutput
- func (o KeyOutput) PublicKeyType() pulumi.StringPtrOutput
- func (o KeyOutput) ServiceAccountId() pulumi.StringOutput
- func (o KeyOutput) ToKeyOutput() KeyOutput
- func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput
- func (o KeyOutput) ValidAfter() pulumi.StringOutput
- func (o KeyOutput) ValidBefore() pulumi.StringOutput
- type KeyState
- type LookupAccountArgs
- type LookupAccountOutputArgs
- type LookupAccountResult
- type LookupAccountResultOutput
- func (o LookupAccountResultOutput) AccountId() pulumi.StringOutput
- func (o LookupAccountResultOutput) DisplayName() pulumi.StringOutput
- func (LookupAccountResultOutput) ElementType() reflect.Type
- func (o LookupAccountResultOutput) Email() pulumi.StringOutput
- func (o LookupAccountResultOutput) Id() pulumi.StringOutput
- func (o LookupAccountResultOutput) Name() pulumi.StringOutput
- func (o LookupAccountResultOutput) Project() pulumi.StringPtrOutput
- func (o LookupAccountResultOutput) ToLookupAccountResultOutput() LookupAccountResultOutput
- func (o LookupAccountResultOutput) ToLookupAccountResultOutputWithContext(ctx context.Context) LookupAccountResultOutput
- func (o LookupAccountResultOutput) UniqueId() pulumi.StringOutput
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Account ¶
type Account struct { pulumi.CustomResourceState // The account id that is used to generate the service // account email address and a stable unique id. It is unique within a project, // must be 6-30 characters long, and match the regular expression `a-z` // to comply with RFC1035. Changing this forces a new service account to be created. AccountId pulumi.StringOutput `pulumi:"accountId"` // A text description of the service account. // Must be less than or equal to 256 UTF-8 bytes. Description pulumi.StringPtrOutput `pulumi:"description"` // Whether a service account is disabled or not. Defaults to `false`. This field has no effect during creation. // Must be set after creation to disable a service account. Disabled pulumi.BoolPtrOutput `pulumi:"disabled"` // The display name for the service account. // Can be updated without creating a new resource. DisplayName pulumi.StringPtrOutput `pulumi:"displayName"` // The e-mail address of the service account. This value // should be referenced from any `organizations.getIAMPolicy` data sources // that would grant the service account privileges. Email pulumi.StringOutput `pulumi:"email"` // The fully-qualified name of the service account. Name pulumi.StringOutput `pulumi:"name"` // The ID of the project that the service account will be created in. // Defaults to the provider project configuration. Project pulumi.StringOutput `pulumi:"project"` // The unique id of the service account. UniqueId pulumi.StringOutput `pulumi:"uniqueId"` }
Allows management of a Google Cloud service account.
* [API documentation](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts) * How-to Guides
- [Official Documentation](https://cloud.google.com/compute/docs/access/service-accounts)
> **Warning:** If you delete and recreate a service account, you must reapply any IAM roles that it had before.
> Creation of service accounts is eventually consistent, and that can lead to errors when you try to apply ACLs to service accounts immediately after creation.
## Example Usage
This snippet creates a service account in a project.
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := serviceAccount.NewAccount(ctx, "serviceAccount", &serviceAccount.AccountArgs{ AccountId: pulumi.String("service-account-id"), DisplayName: pulumi.String("Service Account"), }) if err != nil { return err } return nil }) }
```
## Import
Service accounts can be imported using their URI, e.g.
```sh
$ pulumi import gcp:serviceAccount/account:Account my_sa projects/my-project/serviceAccounts/my-sa@my-project.iam.gserviceaccount.com
```
func GetAccount ¶
func GetAccount(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AccountState, opts ...pulumi.ResourceOption) (*Account, error)
GetAccount gets an existing Account resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAccount ¶
func NewAccount(ctx *pulumi.Context, name string, args *AccountArgs, opts ...pulumi.ResourceOption) (*Account, error)
NewAccount registers a new resource with the given unique name, arguments, and options.
func (*Account) ElementType ¶
func (*Account) ToAccountOutput ¶
func (i *Account) ToAccountOutput() AccountOutput
func (*Account) ToAccountOutputWithContext ¶
func (i *Account) ToAccountOutputWithContext(ctx context.Context) AccountOutput
type AccountArgs ¶
type AccountArgs struct { // The account id that is used to generate the service // account email address and a stable unique id. It is unique within a project, // must be 6-30 characters long, and match the regular expression `a-z` // to comply with RFC1035. Changing this forces a new service account to be created. AccountId pulumi.StringInput // A text description of the service account. // Must be less than or equal to 256 UTF-8 bytes. Description pulumi.StringPtrInput // Whether a service account is disabled or not. Defaults to `false`. This field has no effect during creation. // Must be set after creation to disable a service account. Disabled pulumi.BoolPtrInput // The display name for the service account. // Can be updated without creating a new resource. DisplayName pulumi.StringPtrInput // The ID of the project that the service account will be created in. // Defaults to the provider project configuration. Project pulumi.StringPtrInput }
The set of arguments for constructing a Account resource.
func (AccountArgs) ElementType ¶
func (AccountArgs) ElementType() reflect.Type
type AccountArray ¶
type AccountArray []AccountInput
func (AccountArray) ElementType ¶
func (AccountArray) ElementType() reflect.Type
func (AccountArray) ToAccountArrayOutput ¶
func (i AccountArray) ToAccountArrayOutput() AccountArrayOutput
func (AccountArray) ToAccountArrayOutputWithContext ¶
func (i AccountArray) ToAccountArrayOutputWithContext(ctx context.Context) AccountArrayOutput
type AccountArrayInput ¶
type AccountArrayInput interface { pulumi.Input ToAccountArrayOutput() AccountArrayOutput ToAccountArrayOutputWithContext(context.Context) AccountArrayOutput }
AccountArrayInput is an input type that accepts AccountArray and AccountArrayOutput values. You can construct a concrete instance of `AccountArrayInput` via:
AccountArray{ AccountArgs{...} }
type AccountArrayOutput ¶
type AccountArrayOutput struct{ *pulumi.OutputState }
func (AccountArrayOutput) ElementType ¶
func (AccountArrayOutput) ElementType() reflect.Type
func (AccountArrayOutput) Index ¶
func (o AccountArrayOutput) Index(i pulumi.IntInput) AccountOutput
func (AccountArrayOutput) ToAccountArrayOutput ¶
func (o AccountArrayOutput) ToAccountArrayOutput() AccountArrayOutput
func (AccountArrayOutput) ToAccountArrayOutputWithContext ¶
func (o AccountArrayOutput) ToAccountArrayOutputWithContext(ctx context.Context) AccountArrayOutput
type AccountInput ¶
type AccountInput interface { pulumi.Input ToAccountOutput() AccountOutput ToAccountOutputWithContext(ctx context.Context) AccountOutput }
type AccountMap ¶
type AccountMap map[string]AccountInput
func (AccountMap) ElementType ¶
func (AccountMap) ElementType() reflect.Type
func (AccountMap) ToAccountMapOutput ¶
func (i AccountMap) ToAccountMapOutput() AccountMapOutput
func (AccountMap) ToAccountMapOutputWithContext ¶
func (i AccountMap) ToAccountMapOutputWithContext(ctx context.Context) AccountMapOutput
type AccountMapInput ¶
type AccountMapInput interface { pulumi.Input ToAccountMapOutput() AccountMapOutput ToAccountMapOutputWithContext(context.Context) AccountMapOutput }
AccountMapInput is an input type that accepts AccountMap and AccountMapOutput values. You can construct a concrete instance of `AccountMapInput` via:
AccountMap{ "key": AccountArgs{...} }
type AccountMapOutput ¶
type AccountMapOutput struct{ *pulumi.OutputState }
func (AccountMapOutput) ElementType ¶
func (AccountMapOutput) ElementType() reflect.Type
func (AccountMapOutput) MapIndex ¶
func (o AccountMapOutput) MapIndex(k pulumi.StringInput) AccountOutput
func (AccountMapOutput) ToAccountMapOutput ¶
func (o AccountMapOutput) ToAccountMapOutput() AccountMapOutput
func (AccountMapOutput) ToAccountMapOutputWithContext ¶
func (o AccountMapOutput) ToAccountMapOutputWithContext(ctx context.Context) AccountMapOutput
type AccountOutput ¶
type AccountOutput struct{ *pulumi.OutputState }
func (AccountOutput) AccountId ¶ added in v6.23.0
func (o AccountOutput) AccountId() pulumi.StringOutput
The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression `a-z` to comply with RFC1035. Changing this forces a new service account to be created.
func (AccountOutput) Description ¶ added in v6.23.0
func (o AccountOutput) Description() pulumi.StringPtrOutput
A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.
func (AccountOutput) Disabled ¶ added in v6.23.0
func (o AccountOutput) Disabled() pulumi.BoolPtrOutput
Whether a service account is disabled or not. Defaults to `false`. This field has no effect during creation. Must be set after creation to disable a service account.
func (AccountOutput) DisplayName ¶ added in v6.23.0
func (o AccountOutput) DisplayName() pulumi.StringPtrOutput
The display name for the service account. Can be updated without creating a new resource.
func (AccountOutput) ElementType ¶
func (AccountOutput) ElementType() reflect.Type
func (AccountOutput) Email ¶ added in v6.23.0
func (o AccountOutput) Email() pulumi.StringOutput
The e-mail address of the service account. This value should be referenced from any `organizations.getIAMPolicy` data sources that would grant the service account privileges.
func (AccountOutput) Name ¶ added in v6.23.0
func (o AccountOutput) Name() pulumi.StringOutput
The fully-qualified name of the service account.
func (AccountOutput) Project ¶ added in v6.23.0
func (o AccountOutput) Project() pulumi.StringOutput
The ID of the project that the service account will be created in. Defaults to the provider project configuration.
func (AccountOutput) ToAccountOutput ¶
func (o AccountOutput) ToAccountOutput() AccountOutput
func (AccountOutput) ToAccountOutputWithContext ¶
func (o AccountOutput) ToAccountOutputWithContext(ctx context.Context) AccountOutput
func (AccountOutput) UniqueId ¶ added in v6.23.0
func (o AccountOutput) UniqueId() pulumi.StringOutput
The unique id of the service account.
type AccountState ¶
type AccountState struct { // The account id that is used to generate the service // account email address and a stable unique id. It is unique within a project, // must be 6-30 characters long, and match the regular expression `a-z` // to comply with RFC1035. Changing this forces a new service account to be created. AccountId pulumi.StringPtrInput // A text description of the service account. // Must be less than or equal to 256 UTF-8 bytes. Description pulumi.StringPtrInput // Whether a service account is disabled or not. Defaults to `false`. This field has no effect during creation. // Must be set after creation to disable a service account. Disabled pulumi.BoolPtrInput // The display name for the service account. // Can be updated without creating a new resource. DisplayName pulumi.StringPtrInput // The e-mail address of the service account. This value // should be referenced from any `organizations.getIAMPolicy` data sources // that would grant the service account privileges. Email pulumi.StringPtrInput // The fully-qualified name of the service account. Name pulumi.StringPtrInput // The ID of the project that the service account will be created in. // Defaults to the provider project configuration. Project pulumi.StringPtrInput // The unique id of the service account. UniqueId pulumi.StringPtrInput }
func (AccountState) ElementType ¶
func (AccountState) ElementType() reflect.Type
type GetAccountAccessTokenArgs ¶
type GetAccountAccessTokenArgs struct { // Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. `["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"]`) Delegates []string `pulumi:"delegates"` // Lifetime of the impersonated token (defaults to its max: `3600s`). Lifetime *string `pulumi:"lifetime"` // The scopes the new credential should have (e.g. `["cloud-platform"]`) Scopes []string `pulumi:"scopes"` // The service account _to_ impersonate (e.g. `service_B@your-project-id.iam.gserviceaccount.com`) TargetServiceAccount string `pulumi:"targetServiceAccount"` }
A collection of arguments for invoking getAccountAccessToken.
type GetAccountAccessTokenOutputArgs ¶
type GetAccountAccessTokenOutputArgs struct { // Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. `["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"]`) Delegates pulumi.StringArrayInput `pulumi:"delegates"` // Lifetime of the impersonated token (defaults to its max: `3600s`). Lifetime pulumi.StringPtrInput `pulumi:"lifetime"` // The scopes the new credential should have (e.g. `["cloud-platform"]`) Scopes pulumi.StringArrayInput `pulumi:"scopes"` // The service account _to_ impersonate (e.g. `service_B@your-project-id.iam.gserviceaccount.com`) TargetServiceAccount pulumi.StringInput `pulumi:"targetServiceAccount"` }
A collection of arguments for invoking getAccountAccessToken.
func (GetAccountAccessTokenOutputArgs) ElementType ¶
func (GetAccountAccessTokenOutputArgs) ElementType() reflect.Type
type GetAccountAccessTokenResult ¶
type GetAccountAccessTokenResult struct { // The `accessToken` representing the new generated identity. AccessToken string `pulumi:"accessToken"` Delegates []string `pulumi:"delegates"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Lifetime *string `pulumi:"lifetime"` Scopes []string `pulumi:"scopes"` TargetServiceAccount string `pulumi:"targetServiceAccount"` }
A collection of values returned by getAccountAccessToken.
func GetAccountAccessToken ¶
func GetAccountAccessToken(ctx *pulumi.Context, args *GetAccountAccessTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountAccessTokenResult, error)
This data source provides a google `oauth2` `accessToken` for a different service account than the one initially running the script.
For more information see [the official documentation](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials) as well as [iamcredentials.generateAccessToken()](https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken)
type GetAccountAccessTokenResultOutput ¶
type GetAccountAccessTokenResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAccountAccessToken.
func GetAccountAccessTokenOutput ¶
func GetAccountAccessTokenOutput(ctx *pulumi.Context, args GetAccountAccessTokenOutputArgs, opts ...pulumi.InvokeOption) GetAccountAccessTokenResultOutput
func (GetAccountAccessTokenResultOutput) AccessToken ¶
func (o GetAccountAccessTokenResultOutput) AccessToken() pulumi.StringOutput
The `accessToken` representing the new generated identity.
func (GetAccountAccessTokenResultOutput) Delegates ¶
func (o GetAccountAccessTokenResultOutput) Delegates() pulumi.StringArrayOutput
func (GetAccountAccessTokenResultOutput) ElementType ¶
func (GetAccountAccessTokenResultOutput) ElementType() reflect.Type
func (GetAccountAccessTokenResultOutput) Id ¶
func (o GetAccountAccessTokenResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetAccountAccessTokenResultOutput) Lifetime ¶
func (o GetAccountAccessTokenResultOutput) Lifetime() pulumi.StringPtrOutput
func (GetAccountAccessTokenResultOutput) Scopes ¶
func (o GetAccountAccessTokenResultOutput) Scopes() pulumi.StringArrayOutput
func (GetAccountAccessTokenResultOutput) TargetServiceAccount ¶
func (o GetAccountAccessTokenResultOutput) TargetServiceAccount() pulumi.StringOutput
func (GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutput ¶
func (o GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutput() GetAccountAccessTokenResultOutput
func (GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutputWithContext ¶
func (o GetAccountAccessTokenResultOutput) ToGetAccountAccessTokenResultOutputWithContext(ctx context.Context) GetAccountAccessTokenResultOutput
type GetAccountIdTokenArgs ¶
type GetAccountIdTokenArgs struct { // Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode. Delegates []string `pulumi:"delegates"` // Include the verified email in the claim. Used only when using impersonation mode. IncludeEmail *bool `pulumi:"includeEmail"` // The audience claim for the `idToken`. TargetAudience string `pulumi:"targetAudience"` // The email of the service account being impersonated. Used only when using impersonation mode. TargetServiceAccount *string `pulumi:"targetServiceAccount"` }
A collection of arguments for invoking getAccountIdToken.
type GetAccountIdTokenOutputArgs ¶
type GetAccountIdTokenOutputArgs struct { // Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode. Delegates pulumi.StringArrayInput `pulumi:"delegates"` // Include the verified email in the claim. Used only when using impersonation mode. IncludeEmail pulumi.BoolPtrInput `pulumi:"includeEmail"` // The audience claim for the `idToken`. TargetAudience pulumi.StringInput `pulumi:"targetAudience"` // The email of the service account being impersonated. Used only when using impersonation mode. TargetServiceAccount pulumi.StringPtrInput `pulumi:"targetServiceAccount"` }
A collection of arguments for invoking getAccountIdToken.
func (GetAccountIdTokenOutputArgs) ElementType ¶
func (GetAccountIdTokenOutputArgs) ElementType() reflect.Type
type GetAccountIdTokenResult ¶
type GetAccountIdTokenResult struct { Delegates []string `pulumi:"delegates"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The `idToken` representing the new generated identity. IdToken string `pulumi:"idToken"` IncludeEmail *bool `pulumi:"includeEmail"` TargetAudience string `pulumi:"targetAudience"` TargetServiceAccount *string `pulumi:"targetServiceAccount"` }
A collection of values returned by getAccountIdToken.
func GetAccountIdToken ¶
func GetAccountIdToken(ctx *pulumi.Context, args *GetAccountIdTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountIdTokenResult, error)
This data source provides a Google OpenID Connect (`oidc`) `idToken`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).
For more information see [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).
## Example Usage
### ServiceAccount JSON Credential File.
`serviceAccount.getAccountIdToken` will use the configured provider credentials
### Service Account Impersonation.
`serviceAccount.getAccountAccessToken` will use background impersonated credentials provided by `serviceAccount.getAccountAccessToken`. Note: to use the following, you must grant `targetServiceAccount` the `roles/iam.serviceAccountTokenCreator` role on itself.
type GetAccountIdTokenResultOutput ¶
type GetAccountIdTokenResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAccountIdToken.
func GetAccountIdTokenOutput ¶
func GetAccountIdTokenOutput(ctx *pulumi.Context, args GetAccountIdTokenOutputArgs, opts ...pulumi.InvokeOption) GetAccountIdTokenResultOutput
func (GetAccountIdTokenResultOutput) Delegates ¶
func (o GetAccountIdTokenResultOutput) Delegates() pulumi.StringArrayOutput
func (GetAccountIdTokenResultOutput) ElementType ¶
func (GetAccountIdTokenResultOutput) ElementType() reflect.Type
func (GetAccountIdTokenResultOutput) Id ¶
func (o GetAccountIdTokenResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetAccountIdTokenResultOutput) IdToken ¶
func (o GetAccountIdTokenResultOutput) IdToken() pulumi.StringOutput
The `idToken` representing the new generated identity.
func (GetAccountIdTokenResultOutput) IncludeEmail ¶
func (o GetAccountIdTokenResultOutput) IncludeEmail() pulumi.BoolPtrOutput
func (GetAccountIdTokenResultOutput) TargetAudience ¶
func (o GetAccountIdTokenResultOutput) TargetAudience() pulumi.StringOutput
func (GetAccountIdTokenResultOutput) TargetServiceAccount ¶
func (o GetAccountIdTokenResultOutput) TargetServiceAccount() pulumi.StringPtrOutput
func (GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutput ¶
func (o GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutput() GetAccountIdTokenResultOutput
func (GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutputWithContext ¶
func (o GetAccountIdTokenResultOutput) ToGetAccountIdTokenResultOutputWithContext(ctx context.Context) GetAccountIdTokenResultOutput
type GetAccountJwtArgs ¶ added in v6.34.0
type GetAccountJwtArgs struct { // Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Delegates []string `pulumi:"delegates"` // Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expiresIn seconds. ExpiresIn *int `pulumi:"expiresIn"` // The JSON-encoded JWT claims set to include in the self-signed JWT. Payload string `pulumi:"payload"` // The email of the service account that will sign the JWT. TargetServiceAccount string `pulumi:"targetServiceAccount"` }
A collection of arguments for invoking getAccountJwt.
type GetAccountJwtOutputArgs ¶ added in v6.34.0
type GetAccountJwtOutputArgs struct { // Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Delegates pulumi.StringArrayInput `pulumi:"delegates"` // Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expiresIn seconds. ExpiresIn pulumi.IntPtrInput `pulumi:"expiresIn"` // The JSON-encoded JWT claims set to include in the self-signed JWT. Payload pulumi.StringInput `pulumi:"payload"` // The email of the service account that will sign the JWT. TargetServiceAccount pulumi.StringInput `pulumi:"targetServiceAccount"` }
A collection of arguments for invoking getAccountJwt.
func (GetAccountJwtOutputArgs) ElementType ¶ added in v6.34.0
func (GetAccountJwtOutputArgs) ElementType() reflect.Type
type GetAccountJwtResult ¶ added in v6.34.0
type GetAccountJwtResult struct { Delegates []string `pulumi:"delegates"` ExpiresIn *int `pulumi:"expiresIn"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The signed JWT containing the JWT Claims Set from the `payload`. Jwt string `pulumi:"jwt"` Payload string `pulumi:"payload"` TargetServiceAccount string `pulumi:"targetServiceAccount"` }
A collection of values returned by getAccountJwt.
func GetAccountJwt ¶ added in v6.34.0
func GetAccountJwt(ctx *pulumi.Context, args *GetAccountJwtArgs, opts ...pulumi.InvokeOption) (*GetAccountJwtResult, error)
This data source provides a [self-signed JWT](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-jwt). Tokens issued from this data source are typically used to call external services that accept JWTs for authentication.
## Example Usage
Note: in order to use the following, the caller must have _at least_ `roles/iam.serviceAccountTokenCreator` on the `targetServiceAccount`.
```go package main
import (
"encoding/json" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { tmpJSON0, err := json.Marshal(map[string]interface{}{ "foo": "bar", "sub": "subject", }) if err != nil { return err } json0 := string(tmpJSON0) foo, err := serviceAccount.GetAccountJwt(ctx, &serviceaccount.GetAccountJwtArgs{ TargetServiceAccount: "impersonated-account@project.iam.gserviceaccount.com", Payload: json0, ExpiresIn: pulumi.IntRef(60), }, nil) if err != nil { return err } ctx.Export("jwt", foo.Jwt) return nil }) }
```
type GetAccountJwtResultOutput ¶ added in v6.34.0
type GetAccountJwtResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAccountJwt.
func GetAccountJwtOutput ¶ added in v6.34.0
func GetAccountJwtOutput(ctx *pulumi.Context, args GetAccountJwtOutputArgs, opts ...pulumi.InvokeOption) GetAccountJwtResultOutput
func (GetAccountJwtResultOutput) Delegates ¶ added in v6.34.0
func (o GetAccountJwtResultOutput) Delegates() pulumi.StringArrayOutput
func (GetAccountJwtResultOutput) ElementType ¶ added in v6.34.0
func (GetAccountJwtResultOutput) ElementType() reflect.Type
func (GetAccountJwtResultOutput) ExpiresIn ¶ added in v6.38.0
func (o GetAccountJwtResultOutput) ExpiresIn() pulumi.IntPtrOutput
func (GetAccountJwtResultOutput) Id ¶ added in v6.34.0
func (o GetAccountJwtResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetAccountJwtResultOutput) Jwt ¶ added in v6.34.0
func (o GetAccountJwtResultOutput) Jwt() pulumi.StringOutput
The signed JWT containing the JWT Claims Set from the `payload`.
func (GetAccountJwtResultOutput) Payload ¶ added in v6.34.0
func (o GetAccountJwtResultOutput) Payload() pulumi.StringOutput
func (GetAccountJwtResultOutput) TargetServiceAccount ¶ added in v6.34.0
func (o GetAccountJwtResultOutput) TargetServiceAccount() pulumi.StringOutput
func (GetAccountJwtResultOutput) ToGetAccountJwtResultOutput ¶ added in v6.34.0
func (o GetAccountJwtResultOutput) ToGetAccountJwtResultOutput() GetAccountJwtResultOutput
func (GetAccountJwtResultOutput) ToGetAccountJwtResultOutputWithContext ¶ added in v6.34.0
func (o GetAccountJwtResultOutput) ToGetAccountJwtResultOutputWithContext(ctx context.Context) GetAccountJwtResultOutput
type GetAccountKeyArgs ¶
type GetAccountKeyArgs struct { // The name of the service account key. This must have format // `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}` // is the email address or unique id of the service account. Name string `pulumi:"name"` // The ID of the project that the service account will be created in. // Defaults to the provider project configuration. Project *string `pulumi:"project"` // The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format. PublicKeyType *string `pulumi:"publicKeyType"` }
A collection of arguments for invoking getAccountKey.
type GetAccountKeyOutputArgs ¶
type GetAccountKeyOutputArgs struct { // The name of the service account key. This must have format // `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}` // is the email address or unique id of the service account. Name pulumi.StringInput `pulumi:"name"` // The ID of the project that the service account will be created in. // Defaults to the provider project configuration. Project pulumi.StringPtrInput `pulumi:"project"` // The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format. PublicKeyType pulumi.StringPtrInput `pulumi:"publicKeyType"` }
A collection of arguments for invoking getAccountKey.
func (GetAccountKeyOutputArgs) ElementType ¶
func (GetAccountKeyOutputArgs) ElementType() reflect.Type
type GetAccountKeyResult ¶
type GetAccountKeyResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyAlgorithm string `pulumi:"keyAlgorithm"` Name string `pulumi:"name"` Project *string `pulumi:"project"` // The public key, base64 encoded PublicKey string `pulumi:"publicKey"` PublicKeyType *string `pulumi:"publicKeyType"` }
A collection of values returned by getAccountKey.
func GetAccountKey ¶
func GetAccountKey(ctx *pulumi.Context, args *GetAccountKeyArgs, opts ...pulumi.InvokeOption) (*GetAccountKeyResult, error)
Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{ AccountId: pulumi.String("dev-foo-account"), }) if err != nil { return err } mykeyKey, err := serviceAccount.NewKey(ctx, "mykeyKey", &serviceAccount.KeyArgs{ ServiceAccountId: myaccount.Name, }) if err != nil { return err } _ = serviceAccount.GetAccountKeyOutput(ctx, serviceaccount.GetAccountKeyOutputArgs{ Name: mykeyKey.Name, PublicKeyType: pulumi.String("TYPE_X509_PEM_FILE"), }, nil) return nil }) }
```
type GetAccountKeyResultOutput ¶
type GetAccountKeyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAccountKey.
func GetAccountKeyOutput ¶
func GetAccountKeyOutput(ctx *pulumi.Context, args GetAccountKeyOutputArgs, opts ...pulumi.InvokeOption) GetAccountKeyResultOutput
func (GetAccountKeyResultOutput) ElementType ¶
func (GetAccountKeyResultOutput) ElementType() reflect.Type
func (GetAccountKeyResultOutput) Id ¶
func (o GetAccountKeyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetAccountKeyResultOutput) KeyAlgorithm ¶
func (o GetAccountKeyResultOutput) KeyAlgorithm() pulumi.StringOutput
func (GetAccountKeyResultOutput) Name ¶
func (o GetAccountKeyResultOutput) Name() pulumi.StringOutput
func (GetAccountKeyResultOutput) Project ¶
func (o GetAccountKeyResultOutput) Project() pulumi.StringPtrOutput
func (GetAccountKeyResultOutput) PublicKey ¶
func (o GetAccountKeyResultOutput) PublicKey() pulumi.StringOutput
The public key, base64 encoded
func (GetAccountKeyResultOutput) PublicKeyType ¶
func (o GetAccountKeyResultOutput) PublicKeyType() pulumi.StringPtrOutput
func (GetAccountKeyResultOutput) ToGetAccountKeyResultOutput ¶
func (o GetAccountKeyResultOutput) ToGetAccountKeyResultOutput() GetAccountKeyResultOutput
func (GetAccountKeyResultOutput) ToGetAccountKeyResultOutputWithContext ¶
func (o GetAccountKeyResultOutput) ToGetAccountKeyResultOutputWithContext(ctx context.Context) GetAccountKeyResultOutput
type IAMBinding ¶
type IAMBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the service account IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"` }
When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.
Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:
* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.
> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.
> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.
## Example Usage ### Service Account IAM Policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ organizations.GetIAMPolicyBinding{ Role: "roles/iam.serviceAccountUser", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can interact with"), }) if err != nil { return err } _, err = serviceAccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceAccount.IAMPolicyArgs{ ServiceAccountId: sa.Name, PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Binging
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Binding With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &serviceaccount.IAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Member
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _default, err := compute.GetDefaultServiceAccount(ctx, nil, nil) if err != nil { return err } sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: pulumi.String(_default.Name), Role: pulumi.String("roles/iam.serviceAccountUser"), Member: sa.Email.ApplyT(func(email string) (string, error) { return fmt.Sprintf("serviceAccount:%v", email), nil }).(pulumi.StringOutput), }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Member With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Member: pulumi.String("user:jane@example.com"), Condition: &serviceaccount.IAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).
```sh
$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}
```
```sh
$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"
```
```sh
$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions
```sh
$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"
```
```sh
$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"
```
func GetIAMBinding ¶
func GetIAMBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *IAMBindingState, opts ...pulumi.ResourceOption) (*IAMBinding, error)
GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewIAMBinding ¶
func NewIAMBinding(ctx *pulumi.Context, name string, args *IAMBindingArgs, opts ...pulumi.ResourceOption) (*IAMBinding, error)
NewIAMBinding registers a new resource with the given unique name, arguments, and options.
func (*IAMBinding) ElementType ¶
func (*IAMBinding) ElementType() reflect.Type
func (*IAMBinding) ToIAMBindingOutput ¶
func (i *IAMBinding) ToIAMBindingOutput() IAMBindingOutput
func (*IAMBinding) ToIAMBindingOutputWithContext ¶
func (i *IAMBinding) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
type IAMBindingArgs ¶
type IAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMBindingConditionPtrInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringInput }
The set of arguments for constructing a IAMBinding resource.
func (IAMBindingArgs) ElementType ¶
func (IAMBindingArgs) ElementType() reflect.Type
type IAMBindingArray ¶
type IAMBindingArray []IAMBindingInput
func (IAMBindingArray) ElementType ¶
func (IAMBindingArray) ElementType() reflect.Type
func (IAMBindingArray) ToIAMBindingArrayOutput ¶
func (i IAMBindingArray) ToIAMBindingArrayOutput() IAMBindingArrayOutput
func (IAMBindingArray) ToIAMBindingArrayOutputWithContext ¶
func (i IAMBindingArray) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput
type IAMBindingArrayInput ¶
type IAMBindingArrayInput interface { pulumi.Input ToIAMBindingArrayOutput() IAMBindingArrayOutput ToIAMBindingArrayOutputWithContext(context.Context) IAMBindingArrayOutput }
IAMBindingArrayInput is an input type that accepts IAMBindingArray and IAMBindingArrayOutput values. You can construct a concrete instance of `IAMBindingArrayInput` via:
IAMBindingArray{ IAMBindingArgs{...} }
type IAMBindingArrayOutput ¶
type IAMBindingArrayOutput struct{ *pulumi.OutputState }
func (IAMBindingArrayOutput) ElementType ¶
func (IAMBindingArrayOutput) ElementType() reflect.Type
func (IAMBindingArrayOutput) Index ¶
func (o IAMBindingArrayOutput) Index(i pulumi.IntInput) IAMBindingOutput
func (IAMBindingArrayOutput) ToIAMBindingArrayOutput ¶
func (o IAMBindingArrayOutput) ToIAMBindingArrayOutput() IAMBindingArrayOutput
func (IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext ¶
func (o IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput
type IAMBindingCondition ¶
type IAMBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type IAMBindingConditionArgs ¶
type IAMBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (IAMBindingConditionArgs) ElementType ¶
func (IAMBindingConditionArgs) ElementType() reflect.Type
func (IAMBindingConditionArgs) ToIAMBindingConditionOutput ¶
func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput
func (IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext ¶
func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput
func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput ¶
func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext ¶
func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput
type IAMBindingConditionInput ¶
type IAMBindingConditionInput interface { pulumi.Input ToIAMBindingConditionOutput() IAMBindingConditionOutput ToIAMBindingConditionOutputWithContext(context.Context) IAMBindingConditionOutput }
IAMBindingConditionInput is an input type that accepts IAMBindingConditionArgs and IAMBindingConditionOutput values. You can construct a concrete instance of `IAMBindingConditionInput` via:
IAMBindingConditionArgs{...}
type IAMBindingConditionOutput ¶
type IAMBindingConditionOutput struct{ *pulumi.OutputState }
func (IAMBindingConditionOutput) Description ¶
func (o IAMBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (IAMBindingConditionOutput) ElementType ¶
func (IAMBindingConditionOutput) ElementType() reflect.Type
func (IAMBindingConditionOutput) Expression ¶
func (o IAMBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (IAMBindingConditionOutput) Title ¶
func (o IAMBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (IAMBindingConditionOutput) ToIAMBindingConditionOutput ¶
func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput
func (IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext ¶
func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput
func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput ¶
func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext ¶
func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput
type IAMBindingConditionPtrInput ¶
type IAMBindingConditionPtrInput interface { pulumi.Input ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput ToIAMBindingConditionPtrOutputWithContext(context.Context) IAMBindingConditionPtrOutput }
IAMBindingConditionPtrInput is an input type that accepts IAMBindingConditionArgs, IAMBindingConditionPtr and IAMBindingConditionPtrOutput values. You can construct a concrete instance of `IAMBindingConditionPtrInput` via:
IAMBindingConditionArgs{...} or: nil
func IAMBindingConditionPtr ¶
func IAMBindingConditionPtr(v *IAMBindingConditionArgs) IAMBindingConditionPtrInput
type IAMBindingConditionPtrOutput ¶
type IAMBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (IAMBindingConditionPtrOutput) Description ¶
func (o IAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (IAMBindingConditionPtrOutput) Elem ¶
func (o IAMBindingConditionPtrOutput) Elem() IAMBindingConditionOutput
func (IAMBindingConditionPtrOutput) ElementType ¶
func (IAMBindingConditionPtrOutput) ElementType() reflect.Type
func (IAMBindingConditionPtrOutput) Expression ¶
func (o IAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (IAMBindingConditionPtrOutput) Title ¶
func (o IAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput ¶
func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext ¶
func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput
type IAMBindingInput ¶
type IAMBindingInput interface { pulumi.Input ToIAMBindingOutput() IAMBindingOutput ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput }
type IAMBindingMap ¶
type IAMBindingMap map[string]IAMBindingInput
func (IAMBindingMap) ElementType ¶
func (IAMBindingMap) ElementType() reflect.Type
func (IAMBindingMap) ToIAMBindingMapOutput ¶
func (i IAMBindingMap) ToIAMBindingMapOutput() IAMBindingMapOutput
func (IAMBindingMap) ToIAMBindingMapOutputWithContext ¶
func (i IAMBindingMap) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput
type IAMBindingMapInput ¶
type IAMBindingMapInput interface { pulumi.Input ToIAMBindingMapOutput() IAMBindingMapOutput ToIAMBindingMapOutputWithContext(context.Context) IAMBindingMapOutput }
IAMBindingMapInput is an input type that accepts IAMBindingMap and IAMBindingMapOutput values. You can construct a concrete instance of `IAMBindingMapInput` via:
IAMBindingMap{ "key": IAMBindingArgs{...} }
type IAMBindingMapOutput ¶
type IAMBindingMapOutput struct{ *pulumi.OutputState }
func (IAMBindingMapOutput) ElementType ¶
func (IAMBindingMapOutput) ElementType() reflect.Type
func (IAMBindingMapOutput) MapIndex ¶
func (o IAMBindingMapOutput) MapIndex(k pulumi.StringInput) IAMBindingOutput
func (IAMBindingMapOutput) ToIAMBindingMapOutput ¶
func (o IAMBindingMapOutput) ToIAMBindingMapOutput() IAMBindingMapOutput
func (IAMBindingMapOutput) ToIAMBindingMapOutputWithContext ¶
func (o IAMBindingMapOutput) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput
type IAMBindingOutput ¶
type IAMBindingOutput struct{ *pulumi.OutputState }
func (IAMBindingOutput) Condition ¶ added in v6.23.0
func (o IAMBindingOutput) Condition() IAMBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (IAMBindingOutput) ElementType ¶
func (IAMBindingOutput) ElementType() reflect.Type
func (IAMBindingOutput) Etag ¶ added in v6.23.0
func (o IAMBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the service account IAM policy.
func (IAMBindingOutput) Members ¶ added in v6.23.0
func (o IAMBindingOutput) Members() pulumi.StringArrayOutput
func (IAMBindingOutput) Role ¶ added in v6.23.0
func (o IAMBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (IAMBindingOutput) ServiceAccountId ¶ added in v6.23.0
func (o IAMBindingOutput) ServiceAccountId() pulumi.StringOutput
The fully-qualified name of the service account to apply policy to.
func (IAMBindingOutput) ToIAMBindingOutput ¶
func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput
func (IAMBindingOutput) ToIAMBindingOutputWithContext ¶
func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
type IAMBindingState ¶
type IAMBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMBindingConditionPtrInput // (Computed) The etag of the service account IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringPtrInput }
func (IAMBindingState) ElementType ¶
func (IAMBindingState) ElementType() reflect.Type
type IAMMember ¶
type IAMMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the service account IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"` }
When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.
Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:
* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.
> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.
> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.
## Example Usage ### Service Account IAM Policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ organizations.GetIAMPolicyBinding{ Role: "roles/iam.serviceAccountUser", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can interact with"), }) if err != nil { return err } _, err = serviceAccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceAccount.IAMPolicyArgs{ ServiceAccountId: sa.Name, PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Binging
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Binding With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &serviceaccount.IAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Member
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _default, err := compute.GetDefaultServiceAccount(ctx, nil, nil) if err != nil { return err } sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: pulumi.String(_default.Name), Role: pulumi.String("roles/iam.serviceAccountUser"), Member: sa.Email.ApplyT(func(email string) (string, error) { return fmt.Sprintf("serviceAccount:%v", email), nil }).(pulumi.StringOutput), }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Member With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Member: pulumi.String("user:jane@example.com"), Condition: &serviceaccount.IAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).
```sh
$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}
```
```sh
$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"
```
```sh
$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions
```sh
$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"
```
```sh
$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"
```
func GetIAMMember ¶
func GetIAMMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *IAMMemberState, opts ...pulumi.ResourceOption) (*IAMMember, error)
GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewIAMMember ¶
func NewIAMMember(ctx *pulumi.Context, name string, args *IAMMemberArgs, opts ...pulumi.ResourceOption) (*IAMMember, error)
NewIAMMember registers a new resource with the given unique name, arguments, and options.
func (*IAMMember) ElementType ¶
func (*IAMMember) ToIAMMemberOutput ¶
func (i *IAMMember) ToIAMMemberOutput() IAMMemberOutput
func (*IAMMember) ToIAMMemberOutputWithContext ¶
func (i *IAMMember) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
type IAMMemberArgs ¶
type IAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMMemberConditionPtrInput Member pulumi.StringInput // The role that should be applied. Only one // `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringInput }
The set of arguments for constructing a IAMMember resource.
func (IAMMemberArgs) ElementType ¶
func (IAMMemberArgs) ElementType() reflect.Type
type IAMMemberArray ¶
type IAMMemberArray []IAMMemberInput
func (IAMMemberArray) ElementType ¶
func (IAMMemberArray) ElementType() reflect.Type
func (IAMMemberArray) ToIAMMemberArrayOutput ¶
func (i IAMMemberArray) ToIAMMemberArrayOutput() IAMMemberArrayOutput
func (IAMMemberArray) ToIAMMemberArrayOutputWithContext ¶
func (i IAMMemberArray) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput
type IAMMemberArrayInput ¶
type IAMMemberArrayInput interface { pulumi.Input ToIAMMemberArrayOutput() IAMMemberArrayOutput ToIAMMemberArrayOutputWithContext(context.Context) IAMMemberArrayOutput }
IAMMemberArrayInput is an input type that accepts IAMMemberArray and IAMMemberArrayOutput values. You can construct a concrete instance of `IAMMemberArrayInput` via:
IAMMemberArray{ IAMMemberArgs{...} }
type IAMMemberArrayOutput ¶
type IAMMemberArrayOutput struct{ *pulumi.OutputState }
func (IAMMemberArrayOutput) ElementType ¶
func (IAMMemberArrayOutput) ElementType() reflect.Type
func (IAMMemberArrayOutput) Index ¶
func (o IAMMemberArrayOutput) Index(i pulumi.IntInput) IAMMemberOutput
func (IAMMemberArrayOutput) ToIAMMemberArrayOutput ¶
func (o IAMMemberArrayOutput) ToIAMMemberArrayOutput() IAMMemberArrayOutput
func (IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext ¶
func (o IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput
type IAMMemberCondition ¶
type IAMMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type IAMMemberConditionArgs ¶
type IAMMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (IAMMemberConditionArgs) ElementType ¶
func (IAMMemberConditionArgs) ElementType() reflect.Type
func (IAMMemberConditionArgs) ToIAMMemberConditionOutput ¶
func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput
func (IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext ¶
func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput
func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput ¶
func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext ¶
func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput
type IAMMemberConditionInput ¶
type IAMMemberConditionInput interface { pulumi.Input ToIAMMemberConditionOutput() IAMMemberConditionOutput ToIAMMemberConditionOutputWithContext(context.Context) IAMMemberConditionOutput }
IAMMemberConditionInput is an input type that accepts IAMMemberConditionArgs and IAMMemberConditionOutput values. You can construct a concrete instance of `IAMMemberConditionInput` via:
IAMMemberConditionArgs{...}
type IAMMemberConditionOutput ¶
type IAMMemberConditionOutput struct{ *pulumi.OutputState }
func (IAMMemberConditionOutput) Description ¶
func (o IAMMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (IAMMemberConditionOutput) ElementType ¶
func (IAMMemberConditionOutput) ElementType() reflect.Type
func (IAMMemberConditionOutput) Expression ¶
func (o IAMMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (IAMMemberConditionOutput) Title ¶
func (o IAMMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (IAMMemberConditionOutput) ToIAMMemberConditionOutput ¶
func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput
func (IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext ¶
func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput
func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput ¶
func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext ¶
func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput
type IAMMemberConditionPtrInput ¶
type IAMMemberConditionPtrInput interface { pulumi.Input ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput ToIAMMemberConditionPtrOutputWithContext(context.Context) IAMMemberConditionPtrOutput }
IAMMemberConditionPtrInput is an input type that accepts IAMMemberConditionArgs, IAMMemberConditionPtr and IAMMemberConditionPtrOutput values. You can construct a concrete instance of `IAMMemberConditionPtrInput` via:
IAMMemberConditionArgs{...} or: nil
func IAMMemberConditionPtr ¶
func IAMMemberConditionPtr(v *IAMMemberConditionArgs) IAMMemberConditionPtrInput
type IAMMemberConditionPtrOutput ¶
type IAMMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (IAMMemberConditionPtrOutput) Description ¶
func (o IAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (IAMMemberConditionPtrOutput) Elem ¶
func (o IAMMemberConditionPtrOutput) Elem() IAMMemberConditionOutput
func (IAMMemberConditionPtrOutput) ElementType ¶
func (IAMMemberConditionPtrOutput) ElementType() reflect.Type
func (IAMMemberConditionPtrOutput) Expression ¶
func (o IAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (IAMMemberConditionPtrOutput) Title ¶
func (o IAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput ¶
func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext ¶
func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput
type IAMMemberInput ¶
type IAMMemberInput interface { pulumi.Input ToIAMMemberOutput() IAMMemberOutput ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput }
type IAMMemberMap ¶
type IAMMemberMap map[string]IAMMemberInput
func (IAMMemberMap) ElementType ¶
func (IAMMemberMap) ElementType() reflect.Type
func (IAMMemberMap) ToIAMMemberMapOutput ¶
func (i IAMMemberMap) ToIAMMemberMapOutput() IAMMemberMapOutput
func (IAMMemberMap) ToIAMMemberMapOutputWithContext ¶
func (i IAMMemberMap) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput
type IAMMemberMapInput ¶
type IAMMemberMapInput interface { pulumi.Input ToIAMMemberMapOutput() IAMMemberMapOutput ToIAMMemberMapOutputWithContext(context.Context) IAMMemberMapOutput }
IAMMemberMapInput is an input type that accepts IAMMemberMap and IAMMemberMapOutput values. You can construct a concrete instance of `IAMMemberMapInput` via:
IAMMemberMap{ "key": IAMMemberArgs{...} }
type IAMMemberMapOutput ¶
type IAMMemberMapOutput struct{ *pulumi.OutputState }
func (IAMMemberMapOutput) ElementType ¶
func (IAMMemberMapOutput) ElementType() reflect.Type
func (IAMMemberMapOutput) MapIndex ¶
func (o IAMMemberMapOutput) MapIndex(k pulumi.StringInput) IAMMemberOutput
func (IAMMemberMapOutput) ToIAMMemberMapOutput ¶
func (o IAMMemberMapOutput) ToIAMMemberMapOutput() IAMMemberMapOutput
func (IAMMemberMapOutput) ToIAMMemberMapOutputWithContext ¶
func (o IAMMemberMapOutput) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput
type IAMMemberOutput ¶
type IAMMemberOutput struct{ *pulumi.OutputState }
func (IAMMemberOutput) Condition ¶ added in v6.23.0
func (o IAMMemberOutput) Condition() IAMMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (IAMMemberOutput) ElementType ¶
func (IAMMemberOutput) ElementType() reflect.Type
func (IAMMemberOutput) Etag ¶ added in v6.23.0
func (o IAMMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the service account IAM policy.
func (IAMMemberOutput) Member ¶ added in v6.23.0
func (o IAMMemberOutput) Member() pulumi.StringOutput
func (IAMMemberOutput) Role ¶ added in v6.23.0
func (o IAMMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (IAMMemberOutput) ServiceAccountId ¶ added in v6.23.0
func (o IAMMemberOutput) ServiceAccountId() pulumi.StringOutput
The fully-qualified name of the service account to apply policy to.
func (IAMMemberOutput) ToIAMMemberOutput ¶
func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput
func (IAMMemberOutput) ToIAMMemberOutputWithContext ¶
func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
type IAMMemberState ¶
type IAMMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMMemberConditionPtrInput // (Computed) The etag of the service account IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The role that should be applied. Only one // `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringPtrInput }
func (IAMMemberState) ElementType ¶
func (IAMMemberState) ElementType() reflect.Type
type IAMPolicy ¶
type IAMPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the service account IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"` }
When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.
Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:
* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.
> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.
> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.
## Example Usage ### Service Account IAM Policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ organizations.GetIAMPolicyBinding{ Role: "roles/iam.serviceAccountUser", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can interact with"), }) if err != nil { return err } _, err = serviceAccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceAccount.IAMPolicyArgs{ ServiceAccountId: sa.Name, PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Binging
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Binding With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that only Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMBinding(ctx, "admin-account-iam", &serviceAccount.IAMBindingArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &serviceaccount.IAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Member
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _default, err := compute.GetDefaultServiceAccount(ctx, nil, nil) if err != nil { return err } sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: pulumi.String(_default.Name), Role: pulumi.String("roles/iam.serviceAccountUser"), Member: sa.Email.ApplyT(func(email string) (string, error) { return fmt.Sprintf("serviceAccount:%v", email), nil }).(pulumi.StringOutput), }) if err != nil { return err } return nil }) }
``` ### Service Account IAM Member With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{ AccountId: pulumi.String("my-service-account"), DisplayName: pulumi.String("A service account that Jane can use"), }) if err != nil { return err } _, err = serviceAccount.NewIAMMember(ctx, "admin-account-iam", &serviceAccount.IAMMemberArgs{ ServiceAccountId: sa.Name, Role: pulumi.String("roles/iam.serviceAccountUser"), Member: pulumi.String("user:jane@example.com"), Condition: &serviceaccount.IAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).
```sh
$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}
```
```sh
$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"
```
```sh
$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions
```sh
$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"
```
```sh
$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"
```
func GetIAMPolicy ¶
func GetIAMPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *IAMPolicyState, opts ...pulumi.ResourceOption) (*IAMPolicy, error)
GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewIAMPolicy ¶
func NewIAMPolicy(ctx *pulumi.Context, name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOption) (*IAMPolicy, error)
NewIAMPolicy registers a new resource with the given unique name, arguments, and options.
func (*IAMPolicy) ElementType ¶
func (*IAMPolicy) ToIAMPolicyOutput ¶
func (i *IAMPolicy) ToIAMPolicyOutput() IAMPolicyOutput
func (*IAMPolicy) ToIAMPolicyOutputWithContext ¶
func (i *IAMPolicy) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
type IAMPolicyArgs ¶
type IAMPolicyArgs struct { // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringInput }
The set of arguments for constructing a IAMPolicy resource.
func (IAMPolicyArgs) ElementType ¶
func (IAMPolicyArgs) ElementType() reflect.Type
type IAMPolicyArray ¶
type IAMPolicyArray []IAMPolicyInput
func (IAMPolicyArray) ElementType ¶
func (IAMPolicyArray) ElementType() reflect.Type
func (IAMPolicyArray) ToIAMPolicyArrayOutput ¶
func (i IAMPolicyArray) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput
func (IAMPolicyArray) ToIAMPolicyArrayOutputWithContext ¶
func (i IAMPolicyArray) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput
type IAMPolicyArrayInput ¶
type IAMPolicyArrayInput interface { pulumi.Input ToIAMPolicyArrayOutput() IAMPolicyArrayOutput ToIAMPolicyArrayOutputWithContext(context.Context) IAMPolicyArrayOutput }
IAMPolicyArrayInput is an input type that accepts IAMPolicyArray and IAMPolicyArrayOutput values. You can construct a concrete instance of `IAMPolicyArrayInput` via:
IAMPolicyArray{ IAMPolicyArgs{...} }
type IAMPolicyArrayOutput ¶
type IAMPolicyArrayOutput struct{ *pulumi.OutputState }
func (IAMPolicyArrayOutput) ElementType ¶
func (IAMPolicyArrayOutput) ElementType() reflect.Type
func (IAMPolicyArrayOutput) Index ¶
func (o IAMPolicyArrayOutput) Index(i pulumi.IntInput) IAMPolicyOutput
func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutput ¶
func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput
func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext ¶
func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput
type IAMPolicyInput ¶
type IAMPolicyInput interface { pulumi.Input ToIAMPolicyOutput() IAMPolicyOutput ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput }
type IAMPolicyMap ¶
type IAMPolicyMap map[string]IAMPolicyInput
func (IAMPolicyMap) ElementType ¶
func (IAMPolicyMap) ElementType() reflect.Type
func (IAMPolicyMap) ToIAMPolicyMapOutput ¶
func (i IAMPolicyMap) ToIAMPolicyMapOutput() IAMPolicyMapOutput
func (IAMPolicyMap) ToIAMPolicyMapOutputWithContext ¶
func (i IAMPolicyMap) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput
type IAMPolicyMapInput ¶
type IAMPolicyMapInput interface { pulumi.Input ToIAMPolicyMapOutput() IAMPolicyMapOutput ToIAMPolicyMapOutputWithContext(context.Context) IAMPolicyMapOutput }
IAMPolicyMapInput is an input type that accepts IAMPolicyMap and IAMPolicyMapOutput values. You can construct a concrete instance of `IAMPolicyMapInput` via:
IAMPolicyMap{ "key": IAMPolicyArgs{...} }
type IAMPolicyMapOutput ¶
type IAMPolicyMapOutput struct{ *pulumi.OutputState }
func (IAMPolicyMapOutput) ElementType ¶
func (IAMPolicyMapOutput) ElementType() reflect.Type
func (IAMPolicyMapOutput) MapIndex ¶
func (o IAMPolicyMapOutput) MapIndex(k pulumi.StringInput) IAMPolicyOutput
func (IAMPolicyMapOutput) ToIAMPolicyMapOutput ¶
func (o IAMPolicyMapOutput) ToIAMPolicyMapOutput() IAMPolicyMapOutput
func (IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext ¶
func (o IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput
type IAMPolicyOutput ¶
type IAMPolicyOutput struct{ *pulumi.OutputState }
func (IAMPolicyOutput) ElementType ¶
func (IAMPolicyOutput) ElementType() reflect.Type
func (IAMPolicyOutput) Etag ¶ added in v6.23.0
func (o IAMPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the service account IAM policy.
func (IAMPolicyOutput) PolicyData ¶ added in v6.23.0
func (o IAMPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (IAMPolicyOutput) ServiceAccountId ¶ added in v6.23.0
func (o IAMPolicyOutput) ServiceAccountId() pulumi.StringOutput
The fully-qualified name of the service account to apply policy to.
func (IAMPolicyOutput) ToIAMPolicyOutput ¶
func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput
func (IAMPolicyOutput) ToIAMPolicyOutputWithContext ¶
func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
type IAMPolicyState ¶
type IAMPolicyState struct { // (Computed) The etag of the service account IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringPtrInput }
func (IAMPolicyState) ElementType ¶
func (IAMPolicyState) ElementType() reflect.Type
type Key ¶
type Key struct { pulumi.CustomResourceState // Arbitrary map of values that, when changed, will trigger a new key to be generated. Keepers pulumi.MapOutput `pulumi:"keepers"` // The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. // Valid values are listed at // [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm) // (only used on create) KeyAlgorithm pulumi.StringPtrOutput `pulumi:"keyAlgorithm"` // The name used for this key pair Name pulumi.StringOutput `pulumi:"name"` // The private key in JSON format, base64 encoded. This is what you normally get as a file when creating // service account keys through the CLI or web console. This is only populated when creating a new key. PrivateKey pulumi.StringOutput `pulumi:"privateKey"` // The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format. PrivateKeyType pulumi.StringPtrOutput `pulumi:"privateKeyType"` // The public key, base64 encoded PublicKey pulumi.StringOutput `pulumi:"publicKey"` // Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`. PublicKeyData pulumi.StringPtrOutput `pulumi:"publicKeyData"` // The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format. PublicKeyType pulumi.StringPtrOutput `pulumi:"publicKeyType"` // The Service account id of the Key. This can be a string in the format // `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. If the `{ACCOUNT}`-only syntax is used, either // the **full** email address of the service account or its name can be specified as a value, in which case the project will // automatically be inferred from the account. Otherwise, if the `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}` // syntax is used, the `{ACCOUNT}` specified can be the full email address of the service account or the service account's // unique id. Substituting `-` as a wildcard for the `{PROJECT_ID}` will infer the project from the account. ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"` // The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". ValidAfter pulumi.StringOutput `pulumi:"validAfter"` // The key can be used before this timestamp. // A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". ValidBefore pulumi.StringOutput `pulumi:"validBefore"` }
## Example Usage ### Creating A New Key
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{ AccountId: pulumi.String("myaccount"), DisplayName: pulumi.String("My Service Account"), }) if err != nil { return err } _, err = serviceAccount.NewKey(ctx, "mykey", &serviceAccount.KeyArgs{ ServiceAccountId: myaccount.Name, PublicKeyType: pulumi.String("TYPE_X509_PEM_FILE"), }) if err != nil { return err } return nil }) }
```
## Import
This resource does not support import.
func GetKey ¶
func GetKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)
GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKey ¶
func NewKey(ctx *pulumi.Context, name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)
NewKey registers a new resource with the given unique name, arguments, and options.
func (*Key) ElementType ¶
func (*Key) ToKeyOutput ¶
type KeyArgs ¶
type KeyArgs struct { // Arbitrary map of values that, when changed, will trigger a new key to be generated. Keepers pulumi.MapInput // The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. // Valid values are listed at // [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm) // (only used on create) KeyAlgorithm pulumi.StringPtrInput // The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format. PrivateKeyType pulumi.StringPtrInput // Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`. PublicKeyData pulumi.StringPtrInput // The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format. PublicKeyType pulumi.StringPtrInput // The Service account id of the Key. This can be a string in the format // `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. If the `{ACCOUNT}`-only syntax is used, either // the **full** email address of the service account or its name can be specified as a value, in which case the project will // automatically be inferred from the account. Otherwise, if the `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}` // syntax is used, the `{ACCOUNT}` specified can be the full email address of the service account or the service account's // unique id. Substituting `-` as a wildcard for the `{PROJECT_ID}` will infer the project from the account. ServiceAccountId pulumi.StringInput }
The set of arguments for constructing a Key resource.
func (KeyArgs) ElementType ¶
type KeyArray ¶
type KeyArray []KeyInput
func (KeyArray) ElementType ¶
func (KeyArray) ToKeyArrayOutput ¶
func (i KeyArray) ToKeyArrayOutput() KeyArrayOutput
func (KeyArray) ToKeyArrayOutputWithContext ¶
func (i KeyArray) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput
type KeyArrayInput ¶
type KeyArrayInput interface { pulumi.Input ToKeyArrayOutput() KeyArrayOutput ToKeyArrayOutputWithContext(context.Context) KeyArrayOutput }
KeyArrayInput is an input type that accepts KeyArray and KeyArrayOutput values. You can construct a concrete instance of `KeyArrayInput` via:
KeyArray{ KeyArgs{...} }
type KeyArrayOutput ¶
type KeyArrayOutput struct{ *pulumi.OutputState }
func (KeyArrayOutput) ElementType ¶
func (KeyArrayOutput) ElementType() reflect.Type
func (KeyArrayOutput) ToKeyArrayOutput ¶
func (o KeyArrayOutput) ToKeyArrayOutput() KeyArrayOutput
func (KeyArrayOutput) ToKeyArrayOutputWithContext ¶
func (o KeyArrayOutput) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput
type KeyMap ¶
func (KeyMap) ElementType ¶
func (KeyMap) ToKeyMapOutput ¶
func (i KeyMap) ToKeyMapOutput() KeyMapOutput
func (KeyMap) ToKeyMapOutputWithContext ¶
func (i KeyMap) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput
type KeyMapInput ¶
type KeyMapInput interface { pulumi.Input ToKeyMapOutput() KeyMapOutput ToKeyMapOutputWithContext(context.Context) KeyMapOutput }
KeyMapInput is an input type that accepts KeyMap and KeyMapOutput values. You can construct a concrete instance of `KeyMapInput` via:
KeyMap{ "key": KeyArgs{...} }
type KeyMapOutput ¶
type KeyMapOutput struct{ *pulumi.OutputState }
func (KeyMapOutput) ElementType ¶
func (KeyMapOutput) ElementType() reflect.Type
func (KeyMapOutput) MapIndex ¶
func (o KeyMapOutput) MapIndex(k pulumi.StringInput) KeyOutput
func (KeyMapOutput) ToKeyMapOutput ¶
func (o KeyMapOutput) ToKeyMapOutput() KeyMapOutput
func (KeyMapOutput) ToKeyMapOutputWithContext ¶
func (o KeyMapOutput) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput
type KeyOutput ¶
type KeyOutput struct{ *pulumi.OutputState }
func (KeyOutput) ElementType ¶
func (KeyOutput) Keepers ¶ added in v6.23.0
Arbitrary map of values that, when changed, will trigger a new key to be generated.
func (KeyOutput) KeyAlgorithm ¶ added in v6.23.0
func (o KeyOutput) KeyAlgorithm() pulumi.StringPtrOutput
The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm) (only used on create)
func (KeyOutput) Name ¶ added in v6.23.0
func (o KeyOutput) Name() pulumi.StringOutput
The name used for this key pair
func (KeyOutput) PrivateKey ¶ added in v6.23.0
func (o KeyOutput) PrivateKey() pulumi.StringOutput
The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
func (KeyOutput) PrivateKeyType ¶ added in v6.23.0
func (o KeyOutput) PrivateKeyType() pulumi.StringPtrOutput
The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
func (KeyOutput) PublicKey ¶ added in v6.23.0
func (o KeyOutput) PublicKey() pulumi.StringOutput
The public key, base64 encoded
func (KeyOutput) PublicKeyData ¶ added in v6.23.0
func (o KeyOutput) PublicKeyData() pulumi.StringPtrOutput
Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
func (KeyOutput) PublicKeyType ¶ added in v6.23.0
func (o KeyOutput) PublicKeyType() pulumi.StringPtrOutput
The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
func (KeyOutput) ServiceAccountId ¶ added in v6.23.0
func (o KeyOutput) ServiceAccountId() pulumi.StringOutput
The Service account id of the Key. This can be a string in the format `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. If the `{ACCOUNT}`-only syntax is used, either the **full** email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}` syntax is used, the `{ACCOUNT}` specified can be the full email address of the service account or the service account's unique id. Substituting `-` as a wildcard for the `{PROJECT_ID}` will infer the project from the account.
func (KeyOutput) ToKeyOutput ¶
func (KeyOutput) ToKeyOutputWithContext ¶
func (KeyOutput) ValidAfter ¶ added in v6.23.0
func (o KeyOutput) ValidAfter() pulumi.StringOutput
The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
func (KeyOutput) ValidBefore ¶ added in v6.23.0
func (o KeyOutput) ValidBefore() pulumi.StringOutput
The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
type KeyState ¶
type KeyState struct { // Arbitrary map of values that, when changed, will trigger a new key to be generated. Keepers pulumi.MapInput // The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. // Valid values are listed at // [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm) // (only used on create) KeyAlgorithm pulumi.StringPtrInput // The name used for this key pair Name pulumi.StringPtrInput // The private key in JSON format, base64 encoded. This is what you normally get as a file when creating // service account keys through the CLI or web console. This is only populated when creating a new key. PrivateKey pulumi.StringPtrInput // The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format. PrivateKeyType pulumi.StringPtrInput // The public key, base64 encoded PublicKey pulumi.StringPtrInput // Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`. PublicKeyData pulumi.StringPtrInput // The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format. PublicKeyType pulumi.StringPtrInput // The Service account id of the Key. This can be a string in the format // `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. If the `{ACCOUNT}`-only syntax is used, either // the **full** email address of the service account or its name can be specified as a value, in which case the project will // automatically be inferred from the account. Otherwise, if the `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}` // syntax is used, the `{ACCOUNT}` specified can be the full email address of the service account or the service account's // unique id. Substituting `-` as a wildcard for the `{PROJECT_ID}` will infer the project from the account. ServiceAccountId pulumi.StringPtrInput // The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". ValidAfter pulumi.StringPtrInput // The key can be used before this timestamp. // A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". ValidBefore pulumi.StringPtrInput }
func (KeyState) ElementType ¶
type LookupAccountArgs ¶
type LookupAccountArgs struct { // The Google service account ID. This be one of: AccountId string `pulumi:"accountId"` // The ID of the project that the service account is present in. // Defaults to the provider project configuration. Project *string `pulumi:"project"` }
A collection of arguments for invoking getAccount.
type LookupAccountOutputArgs ¶
type LookupAccountOutputArgs struct { // The Google service account ID. This be one of: AccountId pulumi.StringInput `pulumi:"accountId"` // The ID of the project that the service account is present in. // Defaults to the provider project configuration. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getAccount.
func (LookupAccountOutputArgs) ElementType ¶
func (LookupAccountOutputArgs) ElementType() reflect.Type
type LookupAccountResult ¶
type LookupAccountResult struct { AccountId string `pulumi:"accountId"` // The display name for the service account. DisplayName string `pulumi:"displayName"` // The e-mail address of the service account. This value // should be referenced from any `organizations.getIAMPolicy` data sources // that would grant the service account privileges. Email string `pulumi:"email"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The fully-qualified name of the service account. Name string `pulumi:"name"` Project *string `pulumi:"project"` // The unique id of the service account. UniqueId string `pulumi:"uniqueId"` }
A collection of values returned by getAccount.
func LookupAccount ¶
func LookupAccount(ctx *pulumi.Context, args *LookupAccountArgs, opts ...pulumi.InvokeOption) (*LookupAccountResult, error)
Get the service account from a project. For more information see the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := serviceAccount.GetAccount(ctx, &serviceaccount.GetAccountArgs{ AccountId: "object-viewer", }, nil) if err != nil { return err } return nil }) }
```
type LookupAccountResultOutput ¶
type LookupAccountResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAccount.
func LookupAccountOutput ¶
func LookupAccountOutput(ctx *pulumi.Context, args LookupAccountOutputArgs, opts ...pulumi.InvokeOption) LookupAccountResultOutput
func (LookupAccountResultOutput) AccountId ¶
func (o LookupAccountResultOutput) AccountId() pulumi.StringOutput
func (LookupAccountResultOutput) DisplayName ¶
func (o LookupAccountResultOutput) DisplayName() pulumi.StringOutput
The display name for the service account.
func (LookupAccountResultOutput) ElementType ¶
func (LookupAccountResultOutput) ElementType() reflect.Type
func (LookupAccountResultOutput) Email ¶
func (o LookupAccountResultOutput) Email() pulumi.StringOutput
The e-mail address of the service account. This value should be referenced from any `organizations.getIAMPolicy` data sources that would grant the service account privileges.
func (LookupAccountResultOutput) Id ¶
func (o LookupAccountResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupAccountResultOutput) Name ¶
func (o LookupAccountResultOutput) Name() pulumi.StringOutput
The fully-qualified name of the service account.
func (LookupAccountResultOutput) Project ¶
func (o LookupAccountResultOutput) Project() pulumi.StringPtrOutput
func (LookupAccountResultOutput) ToLookupAccountResultOutput ¶
func (o LookupAccountResultOutput) ToLookupAccountResultOutput() LookupAccountResultOutput
func (LookupAccountResultOutput) ToLookupAccountResultOutputWithContext ¶
func (o LookupAccountResultOutput) ToLookupAccountResultOutputWithContext(ctx context.Context) LookupAccountResultOutput
func (LookupAccountResultOutput) UniqueId ¶
func (o LookupAccountResultOutput) UniqueId() pulumi.StringOutput
The unique id of the service account.