UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

161 lines (160 loc) 5.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
import * as pulumi from "@pulumi/pulumi"; /** * Get the service account from a project. For more information see * the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const objectViewer = gcp.serviceaccount.getAccount({ * accountId: "object-viewer", * }); * ``` * * ### Save Key In Kubernetes Secret * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as kubernetes from "@pulumi/kubernetes"; * import * as std from "@pulumi/std"; * * const myaccount = gcp.serviceaccount.getAccount({ * accountId: "myaccount-id", * }); * const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.then(myaccount => myaccount.name)}); * const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", { * metadata: { * name: "google-application-credentials", * }, * data: { * json: std.base64decodeOutput({ * input: mykey.privateKey, * }).apply(invoke => invoke.result), * }, * }); * ``` */ export declare function getAccount(args: GetAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetAccountResult>; /** * A collection of arguments for invoking getAccount. */ export interface GetAccountArgs { /** * The Google service account ID. This be one of: * * * The name of the service account within the project (e.g. `my-service`) * * * The fully-qualified path to a service account resource (e.g. * `projects/my-project/serviceAccounts/...`) * * * The email address of the service account (e.g. * `my-service@my-project.iam.gserviceaccount.com`) */ accountId: string; /** * The ID of the project that the service account is present in. * Defaults to the provider project configuration. */ project?: string; } /** * A collection of values returned by getAccount. */ export interface GetAccountResult { readonly accountId: string; /** * Whether a service account is disabled or not. */ readonly disabled: boolean; /** * The display name for the service account. */ readonly displayName: string; /** * The e-mail address of the service account. This value * should be referenced from any `gcp.organizations.getIAMPolicy` data sources * that would grant the service account privileges. */ readonly email: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * The Identity of the service account in the form `serviceAccount:{email}`. This value is often used to refer to the service account in order to grant IAM permissions. */ readonly member: string; /** * The fully-qualified name of the service account. */ readonly name: string; readonly project?: string; /** * The unique id of the service account. */ readonly uniqueId: string; } /** * Get the service account from a project. For more information see * the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const objectViewer = gcp.serviceaccount.getAccount({ * accountId: "object-viewer", * }); * ``` * * ### Save Key In Kubernetes Secret * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as kubernetes from "@pulumi/kubernetes"; * import * as std from "@pulumi/std"; * * const myaccount = gcp.serviceaccount.getAccount({ * accountId: "myaccount-id", * }); * const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.then(myaccount => myaccount.name)}); * const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", { * metadata: { * name: "google-application-credentials", * }, * data: { * json: std.base64decodeOutput({ * input: mykey.privateKey, * }).apply(invoke => invoke.result), * }, * }); * ``` */ export declare function getAccountOutput(args: GetAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetAccountResult>; /** * A collection of arguments for invoking getAccount. */ export interface GetAccountOutputArgs { /** * The Google service account ID. This be one of: * * * The name of the service account within the project (e.g. `my-service`) * * * The fully-qualified path to a service account resource (e.g. * `projects/my-project/serviceAccounts/...`) * * * The email address of the service account (e.g. * `my-service@my-project.iam.gserviceaccount.com`) */ accountId: pulumi.Input<string>; /** * The ID of the project that the service account is present in. * Defaults to the provider project configuration. */ project?: pulumi.Input<string>; }