UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

91 lines (90 loc) 3.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import * as pulumi from "@pulumi/pulumi"; /** * Get the email address of a project's unique BigQuery service account. * * Each Google Cloud project has a unique service account used by BigQuery. When using * BigQuery with [customer-managed encryption keys](https://cloud.google.com/bigquery/docs/customer-managed-encryption), * this account needs to be granted the * `cloudkms.cryptoKeyEncrypterDecrypter` IAM role on the customer-managed Cloud KMS key used to protect the data. * * For more information see * [the API reference](https://cloud.google.com/bigquery/docs/reference/rest/v2/projects/getServiceAccount). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const bqSa = gcp.bigquery.getDefaultServiceAccount({}); * const keySaUser = new gcp.kms.CryptoKeyIAMMember("key_sa_user", { * cryptoKeyId: key.id, * role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", * member: bqSa.then(bqSa => `serviceAccount:${bqSa.email}`), * }); * ``` */ export declare function getDefaultServiceAccount(args?: GetDefaultServiceAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetDefaultServiceAccountResult>; /** * A collection of arguments for invoking getDefaultServiceAccount. */ export interface GetDefaultServiceAccountArgs { /** * The project the unique service account was created for. If it is not provided, the provider project is used. */ project?: string; } /** * A collection of values returned by getDefaultServiceAccount. */ export interface GetDefaultServiceAccountResult { /** * The email address of the service account. This value is often used to refer to the service account * in order to grant IAM permissions. */ readonly email: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * The Identity of the service account in the form `serviceAccount:{email}`. This value is often used to refer to the service account in order to grant IAM permissions. */ readonly member: string; readonly project: string; } /** * Get the email address of a project's unique BigQuery service account. * * Each Google Cloud project has a unique service account used by BigQuery. When using * BigQuery with [customer-managed encryption keys](https://cloud.google.com/bigquery/docs/customer-managed-encryption), * this account needs to be granted the * `cloudkms.cryptoKeyEncrypterDecrypter` IAM role on the customer-managed Cloud KMS key used to protect the data. * * For more information see * [the API reference](https://cloud.google.com/bigquery/docs/reference/rest/v2/projects/getServiceAccount). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const bqSa = gcp.bigquery.getDefaultServiceAccount({}); * const keySaUser = new gcp.kms.CryptoKeyIAMMember("key_sa_user", { * cryptoKeyId: key.id, * role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", * member: bqSa.then(bqSa => `serviceAccount:${bqSa.email}`), * }); * ``` */ export declare function getDefaultServiceAccountOutput(args?: GetDefaultServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetDefaultServiceAccountResult>; /** * A collection of arguments for invoking getDefaultServiceAccount. */ export interface GetDefaultServiceAccountOutputArgs { /** * The project the unique service account was created for. If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; }