@pulumi/gcp/accessapproval/getProjectServiceAccount.js

A Pulumi package for creating and managing Google Cloud Platform resources.

"use strict";
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.getProjectServiceAccountOutput = exports.getProjectServiceAccount = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
 * Get the email address of a project's Access Approval service account.
 *
 * Each Google Cloud project has a unique service account used by Access Approval.
 * When using Access Approval with a
 * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),
 * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
 * Cloud KMS key used to sign approvals.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const serviceAccount = gcp.accessapproval.getProjectServiceAccount({
 *     projectId: "my-project",
 * });
 * const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
 *     cryptoKeyId: cryptoKey.id,
 *     role: "roles/cloudkms.signerVerifier",
 *     member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
 * });
 * ```
 */
function getProjectServiceAccount(args, opts) {
    opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
    return pulumi.runtime.invoke("gcp:accessapproval/getProjectServiceAccount:getProjectServiceAccount", {
        "projectId": args.projectId,
    }, opts);
}
exports.getProjectServiceAccount = getProjectServiceAccount;
/**
 * Get the email address of a project's Access Approval service account.
 *
 * Each Google Cloud project has a unique service account used by Access Approval.
 * When using Access Approval with a
 * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),
 * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
 * Cloud KMS key used to sign approvals.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const serviceAccount = gcp.accessapproval.getProjectServiceAccount({
 *     projectId: "my-project",
 * });
 * const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
 *     cryptoKeyId: cryptoKey.id,
 *     role: "roles/cloudkms.signerVerifier",
 *     member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
 * });
 * ```
 */
function getProjectServiceAccountOutput(args, opts) {
    opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
    return pulumi.runtime.invokeOutput("gcp:accessapproval/getProjectServiceAccount:getProjectServiceAccount", {
        "projectId": args.projectId,
    }, opts);
}
exports.getProjectServiceAccountOutput = getProjectServiceAccountOutput;
//# sourceMappingURL=getProjectServiceAccount.js.map