gcp.serviceaccount.getAccount
Explore with Pulumi AI
Get the service account from a project. For more information see the official API documentation.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const objectViewer = gcp.serviceaccount.getAccount({
    accountId: "object-viewer",
});
import pulumi
import pulumi_gcp as gcp
object_viewer = gcp.serviceaccount.get_account(account_id="object-viewer")
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
			AccountId: "object-viewer",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() => 
{
    var objectViewer = Gcp.ServiceAccount.GetAccount.Invoke(new()
    {
        AccountId = "object-viewer",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var objectViewer = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
            .accountId("object-viewer")
            .build());
    }
}
variables:
  objectViewer:
    fn::invoke:
      function: gcp:serviceaccount:getAccount
      arguments:
        accountId: object-viewer
Save Key In Kubernetes Secret
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as kubernetes from "@pulumi/kubernetes";
import * as std from "@pulumi/std";
const myaccount = gcp.serviceaccount.getAccount({
    accountId: "myaccount-id",
});
const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.then(myaccount => myaccount.name)});
const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", {
    metadata: {
        name: "google-application-credentials",
    },
    data: {
        json: std.base64decodeOutput({
            input: mykey.privateKey,
        }).apply(invoke => invoke.result),
    },
});
import pulumi
import pulumi_gcp as gcp
import pulumi_kubernetes as kubernetes
import pulumi_std as std
myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
    metadata={
        "name": "google-application-credentials",
    },
    data={
        "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
    })
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
	metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
	"github.com/pulumi/pulumi-std/sdk/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
			AccountId: "myaccount-id",
		}, nil)
		if err != nil {
			return err
		}
		mykey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
			ServiceAccountId: pulumi.String(myaccount.Name),
		})
		if err != nil {
			return err
		}
		_, err = corev1.NewSecret(ctx, "google-application-credentials", &corev1.SecretArgs{
			Metadata: &metav1.ObjectMetaArgs{
				Name: pulumi.String("google-application-credentials"),
			},
			Data: pulumi.StringMap{
				"json": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{
					Input: mykey.PrivateKey,
				}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {
					return invoke.Result, nil
				}).(pulumi.StringPtrOutput)),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Kubernetes = Pulumi.Kubernetes;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() => 
{
    var myaccount = Gcp.ServiceAccount.GetAccount.Invoke(new()
    {
        AccountId = "myaccount-id",
    });
    var mykey = new Gcp.ServiceAccount.Key("mykey", new()
    {
        ServiceAccountId = myaccount.Apply(getAccountResult => getAccountResult.Name),
    });
    var google_application_credentials = new Kubernetes.Core.V1.Secret("google-application-credentials", new()
    {
        Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
        {
            Name = "google-application-credentials",
        },
        Data = 
        {
            { "json", Std.Base64decode.Invoke(new()
            {
                Input = mykey.PrivateKey,
            }).Apply(invoke => invoke.Result) },
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
import com.pulumi.gcp.serviceaccount.Key;
import com.pulumi.gcp.serviceaccount.KeyArgs;
import com.pulumi.kubernetes.core_v1.Secret;
import com.pulumi.kubernetes.core_v1.SecretArgs;
import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.Base64decodeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var myaccount = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
            .accountId("myaccount-id")
            .build());
        var mykey = new Key("mykey", KeyArgs.builder()
            .serviceAccountId(myaccount.name())
            .build());
        var google_application_credentials = new Secret("google-application-credentials", SecretArgs.builder()
            .metadata(ObjectMetaArgs.builder()
                .name("google-application-credentials")
                .build())
            .data(Map.of("json", StdFunctions.base64decode(Base64decodeArgs.builder()
                .input(mykey.privateKey())
                .build()).applyValue(_invoke -> _invoke.result())))
            .build());
    }
}
resources:
  mykey:
    type: gcp:serviceaccount:Key
    properties:
      serviceAccountId: ${myaccount.name}
  google-application-credentials:
    type: kubernetes:core/v1:Secret
    properties:
      metadata:
        name: google-application-credentials
      data:
        json:
          fn::invoke:
            function: std:base64decode
            arguments:
              input: ${mykey.privateKey}
            return: result
variables:
  myaccount:
    fn::invoke:
      function: gcp:serviceaccount:getAccount
      arguments:
        accountId: myaccount-id
Using getAccount
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccount(args: GetAccountArgs, opts?: InvokeOptions): Promise<GetAccountResult>
function getAccountOutput(args: GetAccountOutputArgs, opts?: InvokeOptions): Output<GetAccountResult>def get_account(account_id: Optional[str] = None,
                project: Optional[str] = None,
                opts: Optional[InvokeOptions] = None) -> GetAccountResult
def get_account_output(account_id: Optional[pulumi.Input[str]] = None,
                project: Optional[pulumi.Input[str]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetAccountResult]func LookupAccount(ctx *Context, args *LookupAccountArgs, opts ...InvokeOption) (*LookupAccountResult, error)
func LookupAccountOutput(ctx *Context, args *LookupAccountOutputArgs, opts ...InvokeOption) LookupAccountResultOutput> Note: This function is named LookupAccount in the Go SDK.
public static class GetAccount 
{
    public static Task<GetAccountResult> InvokeAsync(GetAccountArgs args, InvokeOptions? opts = null)
    public static Output<GetAccountResult> Invoke(GetAccountInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
public static Output<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
fn::invoke:
  function: gcp:serviceaccount/getAccount:getAccount
  arguments:
    # arguments dictionaryThe following arguments are supported:
- AccountId string
- The Google service account ID. This be one of: - The name of the service account within the project (e.g. - my-service)
- The fully-qualified path to a service account resource (e.g. - projects/my-project/serviceAccounts/...)
- The email address of the service account (e.g. - my-service@my-project.iam.gserviceaccount.com)
 
- Project string
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- AccountId string
- The Google service account ID. This be one of: - The name of the service account within the project (e.g. - my-service)
- The fully-qualified path to a service account resource (e.g. - projects/my-project/serviceAccounts/...)
- The email address of the service account (e.g. - my-service@my-project.iam.gserviceaccount.com)
 
- Project string
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- accountId String
- The Google service account ID. This be one of: - The name of the service account within the project (e.g. - my-service)
- The fully-qualified path to a service account resource (e.g. - projects/my-project/serviceAccounts/...)
- The email address of the service account (e.g. - my-service@my-project.iam.gserviceaccount.com)
 
- project String
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- accountId string
- The Google service account ID. This be one of: - The name of the service account within the project (e.g. - my-service)
- The fully-qualified path to a service account resource (e.g. - projects/my-project/serviceAccounts/...)
- The email address of the service account (e.g. - my-service@my-project.iam.gserviceaccount.com)
 
- project string
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- account_id str
- The Google service account ID. This be one of: - The name of the service account within the project (e.g. - my-service)
- The fully-qualified path to a service account resource (e.g. - projects/my-project/serviceAccounts/...)
- The email address of the service account (e.g. - my-service@my-project.iam.gserviceaccount.com)
 
- project str
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- accountId String
- The Google service account ID. This be one of: - The name of the service account within the project (e.g. - my-service)
- The fully-qualified path to a service account resource (e.g. - projects/my-project/serviceAccounts/...)
- The email address of the service account (e.g. - my-service@my-project.iam.gserviceaccount.com)
 
- project String
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
getAccount Result
The following output properties are available:
- AccountId string
- Disabled bool
- Whether a service account is disabled or not.
- DisplayName string
- The display name for the service account.
- Email string
- The e-mail address of the service account. This value
should be referenced from any gcp.organizations.getIAMPolicydata sources that would grant the service account privileges.
- Id string
- The provider-assigned unique ID for this managed resource.
- Member string
- The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
- Name string
- The fully-qualified name of the service account.
- UniqueId string
- The unique id of the service account.
- Project string
- AccountId string
- Disabled bool
- Whether a service account is disabled or not.
- DisplayName string
- The display name for the service account.
- Email string
- The e-mail address of the service account. This value
should be referenced from any gcp.organizations.getIAMPolicydata sources that would grant the service account privileges.
- Id string
- The provider-assigned unique ID for this managed resource.
- Member string
- The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
- Name string
- The fully-qualified name of the service account.
- UniqueId string
- The unique id of the service account.
- Project string
- accountId String
- disabled Boolean
- Whether a service account is disabled or not.
- displayName String
- The display name for the service account.
- email String
- The e-mail address of the service account. This value
should be referenced from any gcp.organizations.getIAMPolicydata sources that would grant the service account privileges.
- id String
- The provider-assigned unique ID for this managed resource.
- member String
- The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
- name String
- The fully-qualified name of the service account.
- uniqueId String
- The unique id of the service account.
- project String
- accountId string
- disabled boolean
- Whether a service account is disabled or not.
- displayName string
- The display name for the service account.
- email string
- The e-mail address of the service account. This value
should be referenced from any gcp.organizations.getIAMPolicydata sources that would grant the service account privileges.
- id string
- The provider-assigned unique ID for this managed resource.
- member string
- The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
- name string
- The fully-qualified name of the service account.
- uniqueId string
- The unique id of the service account.
- project string
- account_id str
- disabled bool
- Whether a service account is disabled or not.
- display_name str
- The display name for the service account.
- email str
- The e-mail address of the service account. This value
should be referenced from any gcp.organizations.getIAMPolicydata sources that would grant the service account privileges.
- id str
- The provider-assigned unique ID for this managed resource.
- member str
- The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
- name str
- The fully-qualified name of the service account.
- unique_id str
- The unique id of the service account.
- project str
- accountId String
- disabled Boolean
- Whether a service account is disabled or not.
- displayName String
- The display name for the service account.
- email String
- The e-mail address of the service account. This value
should be referenced from any gcp.organizations.getIAMPolicydata sources that would grant the service account privileges.
- id String
- The provider-assigned unique ID for this managed resource.
- member String
- The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
- name String
- The fully-qualified name of the service account.
- uniqueId String
- The unique id of the service account.
- project String
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the google-betaTerraform Provider.