@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

107 lines (106 loc) • 3.98 kB

TypeScript

import * as pulumi from "@pulumi/pulumi"; /** * This data source provides a [self-signed JWT](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-jwt). Tokens issued from this data source are typically used to call external services that accept JWTs for authentication. * * ## Example Usage * * Note: in order to use the following, the caller must have _at least_ `roles/iam.serviceAccountTokenCreator` on the `targetServiceAccount`. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const foo = gcp.serviceaccount.getAccountJwt({ * targetServiceAccount: "impersonated-account@project.iam.gserviceaccount.com", * payload: JSON.stringify({ * foo: "bar", * sub: "subject", * }), * expiresIn: 60, * }); * export const jwt = foo.then(foo => foo.jwt); * ``` */ export declare function getAccountJwt(args: GetAccountJwtArgs, opts?: pulumi.InvokeOptions): Promise<GetAccountJwtResult>; /** * A collection of arguments for invoking getAccountJwt. */ export interface GetAccountJwtArgs { /** * Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. */ delegates?: string[]; /** * Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expiresIn seconds. */ expiresIn?: number; /** * The JSON-encoded JWT claims set to include in the self-signed JWT. */ payload: string; /** * The email of the service account that will sign the JWT. */ targetServiceAccount: string; } /** * A collection of values returned by getAccountJwt. */ export interface GetAccountJwtResult { readonly delegates?: string[]; readonly expiresIn?: number; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * The signed JWT containing the JWT Claims Set from the `payload`. */ readonly jwt: string; readonly payload: string; readonly targetServiceAccount: string; } /** * This data source provides a [self-signed JWT](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-jwt). Tokens issued from this data source are typically used to call external services that accept JWTs for authentication. * * ## Example Usage * * Note: in order to use the following, the caller must have _at least_ `roles/iam.serviceAccountTokenCreator` on the `targetServiceAccount`. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const foo = gcp.serviceaccount.getAccountJwt({ * targetServiceAccount: "impersonated-account@project.iam.gserviceaccount.com", * payload: JSON.stringify({ * foo: "bar", * sub: "subject", * }), * expiresIn: 60, * }); * export const jwt = foo.then(foo => foo.jwt); * ``` */ export declare function getAccountJwtOutput(args: GetAccountJwtOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetAccountJwtResult>; /** * A collection of arguments for invoking getAccountJwt. */ export interface GetAccountJwtOutputArgs { /** * Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. */ delegates?: pulumi.Input<pulumi.Input<string>[]>; /** * Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expiresIn seconds. */ expiresIn?: pulumi.Input<number>; /** * The JSON-encoded JWT claims set to include in the self-signed JWT. */ payload: pulumi.Input<string>; /** * The email of the service account that will sign the JWT. */ targetServiceAccount: pulumi.Input<string>; }