UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

91 lines (90 loc) 3.54 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import * as pulumi from "@pulumi/pulumi"; /** * Get the email address of an organization's Access Approval service account. * * Each Google Cloud organization has a unique service account used by Access Approval. * When using Access Approval with a * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys), * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the * Cloud KMS key used to sign approvals. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({ * organizationId: "my-organization", * }); * const iam = new gcp.kms.CryptoKeyIAMMember("iam", { * cryptoKeyId: cryptoKey.id, * role: "roles/cloudkms.signerVerifier", * member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`), * }); * ``` */ export declare function getOrganizationServiceAccount(args: GetOrganizationServiceAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetOrganizationServiceAccountResult>; /** * A collection of arguments for invoking getOrganizationServiceAccount. */ export interface GetOrganizationServiceAccountArgs { /** * The organization ID the service account was created for. */ organizationId: string; } /** * A collection of values returned by getOrganizationServiceAccount. */ export interface GetOrganizationServiceAccountResult { /** * The email address of the service account. This value is * often used to refer to the service account in order to grant IAM permissions. */ readonly accountEmail: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * The Access Approval service account resource name. Format is "organizations/{organization_id}/serviceAccount". */ readonly name: string; readonly organizationId: string; } /** * Get the email address of an organization's Access Approval service account. * * Each Google Cloud organization has a unique service account used by Access Approval. * When using Access Approval with a * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys), * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the * Cloud KMS key used to sign approvals. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({ * organizationId: "my-organization", * }); * const iam = new gcp.kms.CryptoKeyIAMMember("iam", { * cryptoKeyId: cryptoKey.id, * role: "roles/cloudkms.signerVerifier", * member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`), * }); * ``` */ export declare function getOrganizationServiceAccountOutput(args: GetOrganizationServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetOrganizationServiceAccountResult>; /** * A collection of arguments for invoking getOrganizationServiceAccount. */ export interface GetOrganizationServiceAccountOutputArgs { /** * The organization ID the service account was created for. */ organizationId: pulumi.Input<string>; }