UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

72 lines 3.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
"use strict"; // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.getOrganizationServiceAccountOutput = exports.getOrganizationServiceAccount = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Get the email address of an organization's Access Approval service account. * * Each Google Cloud organization has a unique service account used by Access Approval. * When using Access Approval with a * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys), * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the * Cloud KMS key used to sign approvals. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({ * organizationId: "my-organization", * }); * const iam = new gcp.kms.CryptoKeyIAMMember("iam", { * cryptoKeyId: cryptoKey.id, * role: "roles/cloudkms.signerVerifier", * member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`), * }); * ``` */ function getOrganizationServiceAccount(args, opts) { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("gcp:accessapproval/getOrganizationServiceAccount:getOrganizationServiceAccount", { "organizationId": args.organizationId, }, opts); } exports.getOrganizationServiceAccount = getOrganizationServiceAccount; /** * Get the email address of an organization's Access Approval service account. * * Each Google Cloud organization has a unique service account used by Access Approval. * When using Access Approval with a * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys), * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the * Cloud KMS key used to sign approvals. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({ * organizationId: "my-organization", * }); * const iam = new gcp.kms.CryptoKeyIAMMember("iam", { * cryptoKeyId: cryptoKey.id, * role: "roles/cloudkms.signerVerifier", * member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`), * }); * ``` */ function getOrganizationServiceAccountOutput(args, opts) { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("gcp:accessapproval/getOrganizationServiceAccount:getOrganizationServiceAccount", { "organizationId": args.organizationId, }, opts); } exports.getOrganizationServiceAccountOutput = getOrganizationServiceAccountOutput; //# sourceMappingURL=getOrganizationServiceAccount.js.map