@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
95 lines • 4.13 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getFolderServiceAccountOutput = exports.getFolderServiceAccount = void 0;
const pulumi = __importStar(require("@pulumi/pulumi"));
const utilities = __importStar(require("../utilities"));
/**
* Get the email address of a folder's Access Approval service account.
*
* Each Google Cloud folder has a unique service account used by Access Approval.
* When using Access Approval with a
* [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),
* this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
* Cloud KMS key used to sign approvals.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const serviceAccount = gcp.accessapproval.getFolderServiceAccount({
* folderId: "my-folder",
* });
* const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
* cryptoKeyId: cryptoKey.id,
* role: "roles/cloudkms.signerVerifier",
* member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
* });
* ```
*/
function getFolderServiceAccount(args, opts) {
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
return pulumi.runtime.invoke("gcp:accessapproval/getFolderServiceAccount:getFolderServiceAccount", {
"folderId": args.folderId,
}, opts);
}
exports.getFolderServiceAccount = getFolderServiceAccount;
/**
* Get the email address of a folder's Access Approval service account.
*
* Each Google Cloud folder has a unique service account used by Access Approval.
* When using Access Approval with a
* [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),
* this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
* Cloud KMS key used to sign approvals.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const serviceAccount = gcp.accessapproval.getFolderServiceAccount({
* folderId: "my-folder",
* });
* const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
* cryptoKeyId: cryptoKey.id,
* role: "roles/cloudkms.signerVerifier",
* member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
* });
* ```
*/
function getFolderServiceAccountOutput(args, opts) {
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {});
return pulumi.runtime.invokeOutput("gcp:accessapproval/getFolderServiceAccount:getFolderServiceAccount", {
"folderId": args.folderId,
}, opts);
}
exports.getFolderServiceAccountOutput = getFolderServiceAccountOutput;
//# sourceMappingURL=getFolderServiceAccount.js.map