UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

147 lines 6.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
"use strict"; // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.Key = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * ## Example Usage * * ### Creating A New Key * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const myaccount = new gcp.serviceaccount.Account("myaccount", { * accountId: "myaccount", * displayName: "My Service Account", * }); * const mykey = new gcp.serviceaccount.Key("mykey", { * serviceAccountId: myaccount.name, * publicKeyType: "TYPE_X509_PEM_FILE", * }); * ``` * * ### Creating And Regularly Rotating A Key * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as time from "@pulumiverse/time"; * * const myaccount = new gcp.serviceaccount.Account("myaccount", { * accountId: "myaccount", * displayName: "My Service Account", * }); * // note this requires the terraform to be run regularly * const mykeyRotation = new time.Rotating("mykey_rotation", {rotationDays: 30}); * const mykey = new gcp.serviceaccount.Key("mykey", { * serviceAccountId: myaccount.name, * keepers: { * rotation_time: mykeyRotation.rotationRfc3339, * }, * }); * ``` * * ### Save Key In Kubernetes Secret - DEPRECATED * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as kubernetes from "@pulumi/kubernetes"; * import * as std from "@pulumi/std"; * * // Workload Identity is the recommended way of accessing Google Cloud APIs from pods. * // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity * const myaccount = new gcp.serviceaccount.Account("myaccount", { * accountId: "myaccount", * displayName: "My Service Account", * }); * const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.name}); * const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", { * metadata: { * name: "google-application-credentials", * }, * data: { * "credentials.json": std.base64decodeOutput({ * input: mykey.privateKey, * }).apply(invoke => invoke.result), * }, * }); * ``` * * ## Import * * This resource does not support import. */ class Key extends pulumi.CustomResource { /** * Get an existing Key resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new Key(name, state, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of Key. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === Key.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["keepers"] = state ? state.keepers : undefined; resourceInputs["keyAlgorithm"] = state ? state.keyAlgorithm : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["privateKey"] = state ? state.privateKey : undefined; resourceInputs["privateKeyType"] = state ? state.privateKeyType : undefined; resourceInputs["publicKey"] = state ? state.publicKey : undefined; resourceInputs["publicKeyData"] = state ? state.publicKeyData : undefined; resourceInputs["publicKeyType"] = state ? state.publicKeyType : undefined; resourceInputs["serviceAccountId"] = state ? state.serviceAccountId : undefined; resourceInputs["validAfter"] = state ? state.validAfter : undefined; resourceInputs["validBefore"] = state ? state.validBefore : undefined; } else { const args = argsOrState; if ((!args || args.serviceAccountId === undefined) && !opts.urn) { throw new Error("Missing required property 'serviceAccountId'"); } resourceInputs["keepers"] = args ? args.keepers : undefined; resourceInputs["keyAlgorithm"] = args ? args.keyAlgorithm : undefined; resourceInputs["privateKeyType"] = args ? args.privateKeyType : undefined; resourceInputs["publicKeyData"] = args ? args.publicKeyData : undefined; resourceInputs["publicKeyType"] = args ? args.publicKeyType : undefined; resourceInputs["serviceAccountId"] = args ? args.serviceAccountId : undefined; resourceInputs["name"] = undefined /*out*/; resourceInputs["privateKey"] = undefined /*out*/; resourceInputs["publicKey"] = undefined /*out*/; resourceInputs["validAfter"] = undefined /*out*/; resourceInputs["validBefore"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const aliasOpts = { aliases: [{ type: "gcp:serviceAccount/key:Key" }] }; opts = pulumi.mergeOptions(opts, aliasOpts); const secretOpts = { additionalSecretOutputs: ["privateKey"] }; opts = pulumi.mergeOptions(opts, secretOpts); super(Key.__pulumiType, name, resourceInputs, opts); } } exports.Key = Key; /** @internal */ Key.__pulumiType = 'gcp:serviceaccount/key:Key'; //# sourceMappingURL=key.js.map