/
getProjectServiceAccount.go
146 lines (128 loc) · 5.4 KB
/
getProjectServiceAccount.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
package accessapproval
import (
"context"
"reflect"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Get the email address of a project's Access Approval service account.
//
// Each Google Cloud project has a unique service account used by Access Approval.
// When using Access Approval with a
// [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),
// this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
// Cloud KMS key used to sign approvals.
//
// ## Example Usage
//
// ```go
// package main
//
// import (
//
// "fmt"
//
// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accessapproval"
// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// serviceAccount, err := accessapproval.GetProjectServiceAccount(ctx, &accessapproval.GetProjectServiceAccountArgs{
// ProjectId: "my-project",
// }, nil)
// if err != nil {
// return err
// }
// _, err = kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
// CryptoKeyId: pulumi.Any(cryptoKey.Id),
// Role: pulumi.String("roles/cloudkms.signerVerifier"),
// Member: pulumi.String(fmt.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail)),
// })
// if err != nil {
// return err
// }
// return nil
// })
// }
//
// ```
func GetProjectServiceAccount(ctx *pulumi.Context, args *GetProjectServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetProjectServiceAccountResult, error) {
opts = internal.PkgInvokeDefaultOpts(opts)
var rv GetProjectServiceAccountResult
err := ctx.Invoke("gcp:accessapproval/getProjectServiceAccount:getProjectServiceAccount", args, &rv, opts...)
if err != nil {
return nil, err
}
return &rv, nil
}
// A collection of arguments for invoking getProjectServiceAccount.
type GetProjectServiceAccountArgs struct {
// The project ID the service account was created for.
ProjectId string `pulumi:"projectId"`
}
// A collection of values returned by getProjectServiceAccount.
type GetProjectServiceAccountResult struct {
// The email address of the service account. This value is
// often used to refer to the service account in order to grant IAM permissions.
AccountEmail string `pulumi:"accountEmail"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// The Access Approval service account resource name. Format is "projects/{project_id}/serviceAccount".
Name string `pulumi:"name"`
ProjectId string `pulumi:"projectId"`
}
func GetProjectServiceAccountOutput(ctx *pulumi.Context, args GetProjectServiceAccountOutputArgs, opts ...pulumi.InvokeOption) GetProjectServiceAccountResultOutput {
return pulumi.ToOutputWithContext(context.Background(), args).
ApplyT(func(v interface{}) (GetProjectServiceAccountResult, error) {
args := v.(GetProjectServiceAccountArgs)
r, err := GetProjectServiceAccount(ctx, &args, opts...)
var s GetProjectServiceAccountResult
if r != nil {
s = *r
}
return s, err
}).(GetProjectServiceAccountResultOutput)
}
// A collection of arguments for invoking getProjectServiceAccount.
type GetProjectServiceAccountOutputArgs struct {
// The project ID the service account was created for.
ProjectId pulumi.StringInput `pulumi:"projectId"`
}
func (GetProjectServiceAccountOutputArgs) ElementType() reflect.Type {
return reflect.TypeOf((*GetProjectServiceAccountArgs)(nil)).Elem()
}
// A collection of values returned by getProjectServiceAccount.
type GetProjectServiceAccountResultOutput struct{ *pulumi.OutputState }
func (GetProjectServiceAccountResultOutput) ElementType() reflect.Type {
return reflect.TypeOf((*GetProjectServiceAccountResult)(nil)).Elem()
}
func (o GetProjectServiceAccountResultOutput) ToGetProjectServiceAccountResultOutput() GetProjectServiceAccountResultOutput {
return o
}
func (o GetProjectServiceAccountResultOutput) ToGetProjectServiceAccountResultOutputWithContext(ctx context.Context) GetProjectServiceAccountResultOutput {
return o
}
// The email address of the service account. This value is
// often used to refer to the service account in order to grant IAM permissions.
func (o GetProjectServiceAccountResultOutput) AccountEmail() pulumi.StringOutput {
return o.ApplyT(func(v GetProjectServiceAccountResult) string { return v.AccountEmail }).(pulumi.StringOutput)
}
// The provider-assigned unique ID for this managed resource.
func (o GetProjectServiceAccountResultOutput) Id() pulumi.StringOutput {
return o.ApplyT(func(v GetProjectServiceAccountResult) string { return v.Id }).(pulumi.StringOutput)
}
// The Access Approval service account resource name. Format is "projects/{project_id}/serviceAccount".
func (o GetProjectServiceAccountResultOutput) Name() pulumi.StringOutput {
return o.ApplyT(func(v GetProjectServiceAccountResult) string { return v.Name }).(pulumi.StringOutput)
}
func (o GetProjectServiceAccountResultOutput) ProjectId() pulumi.StringOutput {
return o.ApplyT(func(v GetProjectServiceAccountResult) string { return v.ProjectId }).(pulumi.StringOutput)
}
func init() {
pulumi.RegisterOutputType(GetProjectServiceAccountResultOutput{})
}