serviceAccount

package
v0.18.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2019 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Account 

type Account struct {
	// contains filtered or unexported fields
}

Allows management of a [Google Cloud Platform service account](https://cloud.google.com/compute/docs/access/service-accounts)

> Creation of service accounts is eventually consistent, and that can lead to errors when you try to apply ACLs to service accounts immediately after creation. If using these resources in the same config, you can add a [`sleep` using `local-exec`](https://github.com/hashicorp/terraform/issues/17726#issuecomment-377357866).

func GetAccount 

func GetAccount(ctx *pulumi.Context,
	name string, id pulumi.ID, state *AccountState, opts ...pulumi.ResourceOpt) (*Account, error)

GetAccount gets an existing Account resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccount 

func NewAccount(ctx *pulumi.Context,
	name string, args *AccountArgs, opts ...pulumi.ResourceOpt) (*Account, error)

NewAccount registers a new resource with the given unique name, arguments, and options.

func (*Account) AccountId 

func (r *Account) AccountId() *pulumi.StringOutput

The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression `a-z` to comply with RFC1035. Changing this forces a new service account to be created.

func (*Account) DisplayName 

func (r *Account) DisplayName() *pulumi.StringOutput

The display name for the service account. Can be updated without creating a new resource.

func (*Account) Email 

func (r *Account) Email() *pulumi.StringOutput

The e-mail address of the service account. This value should be referenced from any `google_iam_policy` data sources that would grant the service account privileges.

func (*Account) ID 

func (r *Account) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Account) Name 

func (r *Account) Name() *pulumi.StringOutput

The fully-qualified name of the service account.

func (*Account) Project 

func (r *Account) Project() *pulumi.StringOutput

The ID of the project that the service account will be created in. Defaults to the provider project configuration.

func (*Account) URN 

func (r *Account) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

func (*Account) UniqueId 

func (r *Account) UniqueId() *pulumi.StringOutput

The unique id of the service account.

type AccountArgs 

type AccountArgs struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId interface{}
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName interface{}
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project interface{}
}

The set of arguments for constructing a Account resource.

type AccountState 

type AccountState struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId interface{}
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName interface{}
	// The e-mail address of the service account. This value
	// should be referenced from any `google_iam_policy` data sources
	// that would grant the service account privileges.
	Email interface{}
	// The fully-qualified name of the service account.
	Name interface{}
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project interface{}
	// The unique id of the service account.
	UniqueId interface{}
}

Input properties used for looking up and filtering Account resources.

type GetAccountArgs added in v0.15.0 

type GetAccountArgs struct {
	// The Service account id.  (This is the part of the service account's email field that comes before the @ symbol.)
	AccountId interface{}
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project interface{}
}

A collection of arguments for invoking getAccount.

type GetAccountKeyArgs added in v0.15.0 

type GetAccountKeyArgs struct {
	// The name of the service account key. This must have format
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}`
	// is the email address or unique id of the service account.
	Name interface{}
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project interface{}
	// The output format of the public key requested. X509_PEM is the default output format.
	PublicKeyType interface{}
}

A collection of arguments for invoking getAccountKey.

type GetAccountKeyResult added in v0.15.0 

type GetAccountKeyResult struct {
	KeyAlgorithm interface{}
	// The public key, base64 encoded
	PublicKey interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getAccountKey.

func LookupAccountKey added in v0.15.0 

func LookupAccountKey(ctx *pulumi.Context, args *GetAccountKeyArgs) (*GetAccountKeyResult, error)

Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).

type GetAccountResult added in v0.15.0 

type GetAccountResult struct {
	// The display name for the service account.
	DisplayName interface{}
	// The e-mail address of the service account. This value
	// should be referenced from any `google_iam_policy` data sources
	// that would grant the service account privileges.
	Email interface{}
	// The fully-qualified name of the service account.
	Name interface{}
	// The unique id of the service account.
	UniqueId interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getAccount.

func LookupAccount added in v0.15.0 

func LookupAccount(ctx *pulumi.Context, args *GetAccountArgs) (*GetAccountResult, error)

Get the service account from a project. For more information see the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.

type IAMBinding 

type IAMBinding struct {
	// contains filtered or unexported fields
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource **to configure permissions for who can edit the service account**. To configure permissions for a service account to act as an identity that can manage other GCP resources, use the google_project_iam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `google_service_account_iam_policy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `google_service_account_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `google_service_account_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `google_service_account_iam_policy` **cannot** be used in conjunction with `google_service_account_iam_binding` and `google_service_account_iam_member` or they will fight over what your policy should be.

> **Note:** `google_service_account_iam_binding` resources **can be** used in conjunction with `google_service_account_iam_member` resources **only if** they do not grant privilege to the same role.

func GetIAMBinding 

func GetIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.ID, state *IAMBindingState, opts ...pulumi.ResourceOpt) (*IAMBinding, error)

GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMBinding 

func NewIAMBinding(ctx *pulumi.Context,
	name string, args *IAMBindingArgs, opts ...pulumi.ResourceOpt) (*IAMBinding, error)

NewIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*IAMBinding) Etag 

func (r *IAMBinding) Etag() *pulumi.StringOutput

(Computed) The etag of the service account IAM policy.

func (*IAMBinding) ID 

func (r *IAMBinding) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*IAMBinding) Members 

func (r *IAMBinding) Members() *pulumi.ArrayOutput

func (*IAMBinding) Role 

func (r *IAMBinding) Role() *pulumi.StringOutput

The role that should be applied. Only one `google_service_account_iam_binding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (*IAMBinding) ServiceAccountId 

func (r *IAMBinding) ServiceAccountId() *pulumi.StringOutput

The fully-qualified name of the service account to apply policy to.

func (*IAMBinding) URN 

func (r *IAMBinding) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type IAMBindingArgs 

type IAMBindingArgs struct {
	Members interface{}
	// The role that should be applied. Only one
	// `google_service_account_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId interface{}
}

The set of arguments for constructing a IAMBinding resource.

type IAMBindingState 

type IAMBindingState struct {
	// (Computed) The etag of the service account IAM policy.
	Etag    interface{}
	Members interface{}
	// The role that should be applied. Only one
	// `google_service_account_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId interface{}
}

Input properties used for looking up and filtering IAMBinding resources.

type IAMMember 

type IAMMember struct {
	// contains filtered or unexported fields
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource **to configure permissions for who can edit the service account**. To configure permissions for a service account to act as an identity that can manage other GCP resources, use the google_project_iam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `google_service_account_iam_policy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `google_service_account_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `google_service_account_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `google_service_account_iam_policy` **cannot** be used in conjunction with `google_service_account_iam_binding` and `google_service_account_iam_member` or they will fight over what your policy should be.

> **Note:** `google_service_account_iam_binding` resources **can be** used in conjunction with `google_service_account_iam_member` resources **only if** they do not grant privilege to the same role.

func GetIAMMember 

func GetIAMMember(ctx *pulumi.Context,
	name string, id pulumi.ID, state *IAMMemberState, opts ...pulumi.ResourceOpt) (*IAMMember, error)

GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMMember 

func NewIAMMember(ctx *pulumi.Context,
	name string, args *IAMMemberArgs, opts ...pulumi.ResourceOpt) (*IAMMember, error)

NewIAMMember registers a new resource with the given unique name, arguments, and options.

func (*IAMMember) Etag 

func (r *IAMMember) Etag() *pulumi.StringOutput

(Computed) The etag of the service account IAM policy.

func (*IAMMember) ID 

func (r *IAMMember) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*IAMMember) Member 

func (r *IAMMember) Member() *pulumi.StringOutput

func (*IAMMember) Role 

func (r *IAMMember) Role() *pulumi.StringOutput

The role that should be applied. Only one `google_service_account_iam_binding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (*IAMMember) ServiceAccountId 

func (r *IAMMember) ServiceAccountId() *pulumi.StringOutput

The fully-qualified name of the service account to apply policy to.

func (*IAMMember) URN 

func (r *IAMMember) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type IAMMemberArgs 

type IAMMemberArgs struct {
	Member interface{}
	// The role that should be applied. Only one
	// `google_service_account_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId interface{}
}

The set of arguments for constructing a IAMMember resource.

type IAMMemberState 

type IAMMemberState struct {
	// (Computed) The etag of the service account IAM policy.
	Etag   interface{}
	Member interface{}
	// The role that should be applied. Only one
	// `google_service_account_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId interface{}
}

Input properties used for looking up and filtering IAMMember resources.

type IAMPolicy 

type IAMPolicy struct {
	// contains filtered or unexported fields
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource **to configure permissions for who can edit the service account**. To configure permissions for a service account to act as an identity that can manage other GCP resources, use the google_project_iam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `google_service_account_iam_policy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `google_service_account_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `google_service_account_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `google_service_account_iam_policy` **cannot** be used in conjunction with `google_service_account_iam_binding` and `google_service_account_iam_member` or they will fight over what your policy should be.

> **Note:** `google_service_account_iam_binding` resources **can be** used in conjunction with `google_service_account_iam_member` resources **only if** they do not grant privilege to the same role.

func GetIAMPolicy 

func GetIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.ID, state *IAMPolicyState, opts ...pulumi.ResourceOpt) (*IAMPolicy, error)

GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMPolicy 

func NewIAMPolicy(ctx *pulumi.Context,
	name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOpt) (*IAMPolicy, error)

NewIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*IAMPolicy) Etag 

func (r *IAMPolicy) Etag() *pulumi.StringOutput

(Computed) The etag of the service account IAM policy.

func (*IAMPolicy) ID 

func (r *IAMPolicy) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*IAMPolicy) PolicyData 

func (r *IAMPolicy) PolicyData() *pulumi.StringOutput

The policy data generated by a `google_iam_policy` data source.

func (*IAMPolicy) ServiceAccountId 

func (r *IAMPolicy) ServiceAccountId() *pulumi.StringOutput

The fully-qualified name of the service account to apply policy to.

func (*IAMPolicy) URN 

func (r *IAMPolicy) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type IAMPolicyArgs 

type IAMPolicyArgs struct {
	// The policy data generated by
	// a `google_iam_policy` data source.
	PolicyData interface{}
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId interface{}
}

The set of arguments for constructing a IAMPolicy resource.

type IAMPolicyState 

type IAMPolicyState struct {
	// (Computed) The etag of the service account IAM policy.
	Etag interface{}
	// The policy data generated by
	// a `google_iam_policy` data source.
	PolicyData interface{}
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId interface{}
}

Input properties used for looking up and filtering IAMPolicy resources.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Creates and manages service account key-pairs, which allow the user to establish identity of a service account outside of GCP. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys).

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.ID, state *KeyState, opts ...pulumi.ResourceOpt) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOpt) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) ID 

func (r *Key) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Key) KeyAlgorithm 

func (r *Key) KeyAlgorithm() *pulumi.StringOutput

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm) (only used on create)

func (*Key) Name 

func (r *Key) Name() *pulumi.StringOutput

The name used for this key pair

func (*Key) PgpKey 

func (r *Key) PgpKey() *pulumi.StringOutput

An optional PGP key to encrypt the resulting private key material. Only used when creating or importing a new key pair. May either be a base64-encoded public key or a `keybase:keybaseusername` string for looking up in Vault.

func (*Key) PrivateKey 

func (r *Key) PrivateKey() *pulumi.StringOutput

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key, and when no `pgp_key` is provided.

func (*Key) PrivateKeyEncrypted 

func (r *Key) PrivateKeyEncrypted() *pulumi.StringOutput

The private key material, base 64 encoded and encrypted with the given `pgp_key`. This is only populated when creating a new key and `pgp_key` is supplied

func (*Key) PrivateKeyFingerprint 

func (r *Key) PrivateKeyFingerprint() *pulumi.StringOutput

The MD5 public key fingerprint for the encrypted private key. This is only populated when creating a new key and `pgp_key` is supplied

func (*Key) PrivateKeyType 

func (r *Key) PrivateKeyType() *pulumi.StringOutput

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

func (*Key) PublicKey 

func (r *Key) PublicKey() *pulumi.StringOutput

The public key, base64 encoded

func (*Key) PublicKeyType 

func (r *Key) PublicKeyType() *pulumi.StringOutput

The output format of the public key requested. X509_PEM is the default output format.

func (*Key) ServiceAccountId 

func (r *Key) ServiceAccountId() *pulumi.StringOutput

The Service account id of the Key Pair. This can be a string in the format `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.

func (*Key) URN 

func (r *Key) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

func (*Key) ValidAfter 

func (r *Key) ValidAfter() *pulumi.StringOutput

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

func (*Key) ValidBefore 

func (r *Key) ValidBefore() *pulumi.StringOutput

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

type KeyArgs 

type KeyArgs struct {
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm interface{}
	// An optional PGP key to encrypt the resulting private
	// key material. Only used when creating or importing a new key pair. May either be
	// a base64-encoded public key or a `keybase:keybaseusername` string for looking up
	// in Vault.
	PgpKey interface{}
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType interface{}
	// The output format of the public key requested. X509_PEM is the default output format.
	PublicKeyType interface{}
	// The Service account id of the Key Pair. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId interface{}
}

The set of arguments for constructing a Key resource.

type KeyState 

type KeyState struct {
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm interface{}
	// The name used for this key pair
	Name interface{}
	// An optional PGP key to encrypt the resulting private
	// key material. Only used when creating or importing a new key pair. May either be
	// a base64-encoded public key or a `keybase:keybaseusername` string for looking up
	// in Vault.
	PgpKey interface{}
	// The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
	// service account keys through the CLI or web console. This is only populated when creating a new key, and when no
	// `pgp_key` is provided.
	PrivateKey interface{}
	// The private key material, base 64 encoded and
	// encrypted with the given `pgp_key`. This is only populated when creating a new
	// key and `pgp_key` is supplied
	PrivateKeyEncrypted interface{}
	// The MD5 public key fingerprint for the encrypted
	// private key. This is only populated when creating a new key and `pgp_key` is supplied
	PrivateKeyFingerprint interface{}
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType interface{}
	// The public key, base64 encoded
	PublicKey interface{}
	// The output format of the public key requested. X509_PEM is the default output format.
	PublicKeyType interface{}
	// The Service account id of the Key Pair. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId interface{}
	// The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidAfter interface{}
	// The key can be used before this timestamp.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidBefore interface{}
}

Input properties used for looking up and filtering Key resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.