/
getAccountIdToken.go
56 lines (51 loc) · 2.59 KB
/
getAccountIdToken.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package serviceaccount
import (
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
// This data source provides a Google OpenID Connect (`oidc`) `idToken`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).
//
// For more information see
// [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).
//
// ## Example Usage
//
// ### ServiceAccount JSON Credential File.
// `serviceAccount.getAccountIdToken` will use the configured provider credentials
//
// ### Service Account Impersonation.
// `serviceAccount.getAccountAccessToken` will use background impersonated credentials provided by `serviceAccount.getAccountAccessToken`.
//
// Note: to use the following, you must grant `targetServiceAccount` the
// `roles/iam.serviceAccountTokenCreator` role on itself.
func GetAccountIdToken(ctx *pulumi.Context, args *GetAccountIdTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountIdTokenResult, error) {
var rv GetAccountIdTokenResult
err := ctx.Invoke("gcp:serviceAccount/getAccountIdToken:getAccountIdToken", args, &rv, opts...)
if err != nil {
return nil, err
}
return &rv, nil
}
// A collection of arguments for invoking getAccountIdToken.
type GetAccountIdTokenArgs struct {
// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode.
Delegates []string `pulumi:"delegates"`
// Include the verified email in the claim. Used only when using impersonation mode.
IncludeEmail *bool `pulumi:"includeEmail"`
// The audience claim for the `idToken`.
TargetAudience string `pulumi:"targetAudience"`
// The email of the service account being impersonated. Used only when using impersonation mode.
TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}
// A collection of values returned by getAccountIdToken.
type GetAccountIdTokenResult struct {
Delegates []string `pulumi:"delegates"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// The `idToken` representing the new generated identity.
IdToken string `pulumi:"idToken"`
IncludeEmail *bool `pulumi:"includeEmail"`
TargetAudience string `pulumi:"targetAudience"`
TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}