serviceaccount

package
v4.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Account 

type Account struct {
	pulumi.CustomResourceState

	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email pulumi.StringOutput `pulumi:"email"`
	// The fully-qualified name of the service account.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringOutput `pulumi:"project"`
	// The unique id of the service account.
	UniqueId pulumi.StringOutput `pulumi:"uniqueId"`
}

Allows management of a Google Cloud service account.

* [API documentation](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts) * How-to Guides

> **Warning:** If you delete and recreate a service account, you must reapply any IAM roles that it had before.

> Creation of service accounts is eventually consistent, and that can lead to errors when you try to apply ACLs to service accounts immediately after creation.

## Example Usage

This snippet creates a service account in a project.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.NewAccount(ctx, "serviceAccount", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("service-account-id"),
			DisplayName: pulumi.String("Service Account"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service accounts can be imported using their URI, e.g.

```sh 

$ pulumi import gcp:serviceAccount/account:Account my_sa projects/my-project/serviceAccounts/my-sa@my-project.iam.gserviceaccount.com

```

func GetAccount 

func GetAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccountState, opts ...pulumi.ResourceOption) (*Account, error)

GetAccount gets an existing Account resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccount 

func NewAccount(ctx *pulumi.Context,
	name string, args *AccountArgs, opts ...pulumi.ResourceOption) (*Account, error)

NewAccount registers a new resource with the given unique name, arguments, and options.

func (*Account) ElementType added in v4.4.0 

func (*Account) ElementType() reflect.Type

func (*Account) ToAccountOutput added in v4.4.0 

func (i *Account) ToAccountOutput() AccountOutput

func (*Account) ToAccountOutputWithContext added in v4.4.0 

func (i *Account) ToAccountOutputWithContext(ctx context.Context) AccountOutput

func (*Account) ToAccountPtrOutput added in v4.11.1 

func (i *Account) ToAccountPtrOutput() AccountPtrOutput

func (*Account) ToAccountPtrOutputWithContext added in v4.11.1 

func (i *Account) ToAccountPtrOutputWithContext(ctx context.Context) AccountPtrOutput

type AccountArgs 

type AccountArgs struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringInput
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrInput
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a Account resource.

func (AccountArgs) ElementType 

func (AccountArgs) ElementType() reflect.Type

type AccountArray added in v4.11.1 

type AccountArray []AccountInput

func (AccountArray) ElementType added in v4.11.1 

func (AccountArray) ElementType() reflect.Type

func (AccountArray) ToAccountArrayOutput added in v4.11.1 

func (i AccountArray) ToAccountArrayOutput() AccountArrayOutput

func (AccountArray) ToAccountArrayOutputWithContext added in v4.11.1 

func (i AccountArray) ToAccountArrayOutputWithContext(ctx context.Context) AccountArrayOutput

type AccountArrayInput added in v4.11.1 

type AccountArrayInput interface {
	pulumi.Input

	ToAccountArrayOutput() AccountArrayOutput
	ToAccountArrayOutputWithContext(context.Context) AccountArrayOutput
}

AccountArrayInput is an input type that accepts AccountArray and AccountArrayOutput values. You can construct a concrete instance of `AccountArrayInput` via: 

AccountArray{ AccountArgs{...} }

type AccountArrayOutput added in v4.11.1 

type AccountArrayOutput struct{ *pulumi.OutputState }

func (AccountArrayOutput) ElementType added in v4.11.1 

func (AccountArrayOutput) ElementType() reflect.Type

func (AccountArrayOutput) Index added in v4.11.1 

func (o AccountArrayOutput) Index(i pulumi.IntInput) AccountOutput

func (AccountArrayOutput) ToAccountArrayOutput added in v4.11.1 

func (o AccountArrayOutput) ToAccountArrayOutput() AccountArrayOutput

func (AccountArrayOutput) ToAccountArrayOutputWithContext added in v4.11.1 

func (o AccountArrayOutput) ToAccountArrayOutputWithContext(ctx context.Context) AccountArrayOutput

type AccountInput added in v4.4.0 

type AccountInput interface {
	pulumi.Input

	ToAccountOutput() AccountOutput
	ToAccountOutputWithContext(ctx context.Context) AccountOutput
}

type AccountMap added in v4.11.1 

type AccountMap map[string]AccountInput

func (AccountMap) ElementType added in v4.11.1 

func (AccountMap) ElementType() reflect.Type

func (AccountMap) ToAccountMapOutput added in v4.11.1 

func (i AccountMap) ToAccountMapOutput() AccountMapOutput

func (AccountMap) ToAccountMapOutputWithContext added in v4.11.1 

func (i AccountMap) ToAccountMapOutputWithContext(ctx context.Context) AccountMapOutput

type AccountMapInput added in v4.11.1 

type AccountMapInput interface {
	pulumi.Input

	ToAccountMapOutput() AccountMapOutput
	ToAccountMapOutputWithContext(context.Context) AccountMapOutput
}

AccountMapInput is an input type that accepts AccountMap and AccountMapOutput values. You can construct a concrete instance of `AccountMapInput` via: 

AccountMap{ "key": AccountArgs{...} }

type AccountMapOutput added in v4.11.1 

type AccountMapOutput struct{ *pulumi.OutputState }

func (AccountMapOutput) ElementType added in v4.11.1 

func (AccountMapOutput) ElementType() reflect.Type

func (AccountMapOutput) MapIndex added in v4.11.1 

func (o AccountMapOutput) MapIndex(k pulumi.StringInput) AccountOutput

func (AccountMapOutput) ToAccountMapOutput added in v4.11.1 

func (o AccountMapOutput) ToAccountMapOutput() AccountMapOutput

func (AccountMapOutput) ToAccountMapOutputWithContext added in v4.11.1 

func (o AccountMapOutput) ToAccountMapOutputWithContext(ctx context.Context) AccountMapOutput

type AccountOutput added in v4.4.0 

type AccountOutput struct {
	*pulumi.OutputState
}

func (AccountOutput) ElementType added in v4.4.0 

func (AccountOutput) ElementType() reflect.Type

func (AccountOutput) ToAccountOutput added in v4.4.0 

func (o AccountOutput) ToAccountOutput() AccountOutput

func (AccountOutput) ToAccountOutputWithContext added in v4.4.0 

func (o AccountOutput) ToAccountOutputWithContext(ctx context.Context) AccountOutput

func (AccountOutput) ToAccountPtrOutput added in v4.11.1 

func (o AccountOutput) ToAccountPtrOutput() AccountPtrOutput

func (AccountOutput) ToAccountPtrOutputWithContext added in v4.11.1 

func (o AccountOutput) ToAccountPtrOutputWithContext(ctx context.Context) AccountPtrOutput

type AccountPtrInput added in v4.11.1 

type AccountPtrInput interface {
	pulumi.Input

	ToAccountPtrOutput() AccountPtrOutput
	ToAccountPtrOutputWithContext(ctx context.Context) AccountPtrOutput
}

type AccountPtrOutput added in v4.11.1 

type AccountPtrOutput struct {
	*pulumi.OutputState
}

func (AccountPtrOutput) ElementType added in v4.11.1 

func (AccountPtrOutput) ElementType() reflect.Type

func (AccountPtrOutput) ToAccountPtrOutput added in v4.11.1 

func (o AccountPtrOutput) ToAccountPtrOutput() AccountPtrOutput

func (AccountPtrOutput) ToAccountPtrOutputWithContext added in v4.11.1 

func (o AccountPtrOutput) ToAccountPtrOutputWithContext(ctx context.Context) AccountPtrOutput

type AccountState 

type AccountState struct {
	// The account id that is used to generate the service
	// account email address and a stable unique id. It is unique within a project,
	// must be 6-30 characters long, and match the regular expression `a-z`
	// to comply with RFC1035. Changing this forces a new service account to be created.
	AccountId pulumi.StringPtrInput
	// A text description of the service account.
	// Must be less than or equal to 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// The display name for the service account.
	// Can be updated without creating a new resource.
	DisplayName pulumi.StringPtrInput
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email pulumi.StringPtrInput
	// The fully-qualified name of the service account.
	Name pulumi.StringPtrInput
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
	// The unique id of the service account.
	UniqueId pulumi.StringPtrInput
}

func (AccountState) ElementType 

func (AccountState) ElementType() reflect.Type

type GetAccountAccessTokenArgs 

type GetAccountAccessTokenArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.  (e.g. `["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"]`)
	Delegates []string `pulumi:"delegates"`
	// Lifetime of the impersonated token (defaults to its max: `3600s`).
	Lifetime *string `pulumi:"lifetime"`
	// The scopes the new credential should have (e.g. `["cloud-platform"]`)
	Scopes []string `pulumi:"scopes"`
	// The service account _to_ impersonate (e.g. `service_B@your-project-id.iam.gserviceaccount.com`)
	TargetServiceAccount string `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountAccessToken.

type GetAccountAccessTokenResult 

type GetAccountAccessTokenResult struct {
	// The `accessToken` representing the new generated identity.
	AccessToken string   `pulumi:"accessToken"`
	Delegates   []string `pulumi:"delegates"`
	// The provider-assigned unique ID for this managed resource.
	Id                   string   `pulumi:"id"`
	Lifetime             *string  `pulumi:"lifetime"`
	Scopes               []string `pulumi:"scopes"`
	TargetServiceAccount string   `pulumi:"targetServiceAccount"`
}

A collection of values returned by getAccountAccessToken.

func GetAccountAccessToken 

func GetAccountAccessToken(ctx *pulumi.Context, args *GetAccountAccessTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountAccessTokenResult, error)

This data source provides a google `oauth2` `accessToken` for a different service account than the one initially running the script.

For more information see [the official documentation](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials) as well as [iamcredentials.generateAccessToken()](https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken)

type GetAccountIdTokenArgs 

type GetAccountIdTokenArgs struct {
	// Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.   Used only when using impersonation mode.
	Delegates []string `pulumi:"delegates"`
	// Include the verified email in the claim. Used only when using impersonation mode.
	IncludeEmail *bool `pulumi:"includeEmail"`
	// The audience claim for the `idToken`.
	TargetAudience string `pulumi:"targetAudience"`
	// The email of the service account being impersonated.  Used only when using impersonation mode.
	TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}

A collection of arguments for invoking getAccountIdToken.

type GetAccountIdTokenResult 

type GetAccountIdTokenResult struct {
	Delegates []string `pulumi:"delegates"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The `idToken` representing the new generated identity.
	IdToken              string  `pulumi:"idToken"`
	IncludeEmail         *bool   `pulumi:"includeEmail"`
	TargetAudience       string  `pulumi:"targetAudience"`
	TargetServiceAccount *string `pulumi:"targetServiceAccount"`
}

A collection of values returned by getAccountIdToken.

func GetAccountIdToken 

func GetAccountIdToken(ctx *pulumi.Context, args *GetAccountIdTokenArgs, opts ...pulumi.InvokeOption) (*GetAccountIdTokenResult, error)

This data source provides a Google OpenID Connect (`oidc`) `idToken`. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).

For more information see [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).

## Example Usage

### ServiceAccount JSON Credential File. 

`serviceAccount.getAccountIdToken` will use the configured provider credentials

### Service Account Impersonation. 

`serviceAccount.getAccountAccessToken` will use background impersonated credentials provided by `serviceAccount.getAccountAccessToken`.

Note: to use the following, you must grant `targetServiceAccount` the
`roles/iam.serviceAccountTokenCreator` role on itself.

type GetAccountKeyArgs 

type GetAccountKeyArgs struct {
	// The name of the service account key. This must have format
	// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}`
	// is the email address or unique id of the service account.
	Name string `pulumi:"name"`
	// The ID of the project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project *string `pulumi:"project"`
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType *string `pulumi:"publicKeyType"`
}

A collection of arguments for invoking getAccountKey.

type GetAccountKeyResult 

type GetAccountKeyResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id           string  `pulumi:"id"`
	KeyAlgorithm string  `pulumi:"keyAlgorithm"`
	Name         string  `pulumi:"name"`
	Project      *string `pulumi:"project"`
	// The public key, base64 encoded
	PublicKey     string  `pulumi:"publicKey"`
	PublicKeyType *string `pulumi:"publicKeyType"`
}

A collection of values returned by getAccountKey.

func GetAccountKey 

func GetAccountKey(ctx *pulumi.Context, args *GetAccountKeyArgs, opts ...pulumi.InvokeOption) (*GetAccountKeyResult, error)

Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{
			AccountId: pulumi.String("dev-foo-account"),
		})
		if err != nil {
			return err
		}
		mykeyKey, err := serviceAccount.NewKey(ctx, "mykeyKey", &serviceAccount.KeyArgs{
			ServiceAccountId: myaccount.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type IAMBinding 

type IAMBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the service account IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin_account_iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceAccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce_default_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceAccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMBinding:IAMBinding admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMBinding 

func GetIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMBindingState, opts ...pulumi.ResourceOption) (*IAMBinding, error)

GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMBinding 

func NewIAMBinding(ctx *pulumi.Context,
	name string, args *IAMBindingArgs, opts ...pulumi.ResourceOption) (*IAMBinding, error)

NewIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*IAMBinding) ElementType added in v4.4.0 

func (*IAMBinding) ElementType() reflect.Type

func (*IAMBinding) ToIAMBindingOutput added in v4.4.0 

func (i *IAMBinding) ToIAMBindingOutput() IAMBindingOutput

func (*IAMBinding) ToIAMBindingOutputWithContext added in v4.4.0 

func (i *IAMBinding) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

func (*IAMBinding) ToIAMBindingPtrOutput added in v4.11.1 

func (i *IAMBinding) ToIAMBindingPtrOutput() IAMBindingPtrOutput

func (*IAMBinding) ToIAMBindingPtrOutputWithContext added in v4.11.1 

func (i *IAMBinding) ToIAMBindingPtrOutputWithContext(ctx context.Context) IAMBindingPtrOutput

type IAMBindingArgs 

type IAMBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMBinding resource.

func (IAMBindingArgs) ElementType 

func (IAMBindingArgs) ElementType() reflect.Type

type IAMBindingArray added in v4.11.1 

type IAMBindingArray []IAMBindingInput

func (IAMBindingArray) ElementType added in v4.11.1 

func (IAMBindingArray) ElementType() reflect.Type

func (IAMBindingArray) ToIAMBindingArrayOutput added in v4.11.1 

func (i IAMBindingArray) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArray) ToIAMBindingArrayOutputWithContext added in v4.11.1 

func (i IAMBindingArray) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingArrayInput added in v4.11.1 

type IAMBindingArrayInput interface {
	pulumi.Input

	ToIAMBindingArrayOutput() IAMBindingArrayOutput
	ToIAMBindingArrayOutputWithContext(context.Context) IAMBindingArrayOutput
}

IAMBindingArrayInput is an input type that accepts IAMBindingArray and IAMBindingArrayOutput values. You can construct a concrete instance of `IAMBindingArrayInput` via: 

IAMBindingArray{ IAMBindingArgs{...} }

type IAMBindingArrayOutput added in v4.11.1 

type IAMBindingArrayOutput struct{ *pulumi.OutputState }

func (IAMBindingArrayOutput) ElementType added in v4.11.1 

func (IAMBindingArrayOutput) ElementType() reflect.Type

func (IAMBindingArrayOutput) Index added in v4.11.1 

func (o IAMBindingArrayOutput) Index(i pulumi.IntInput) IAMBindingOutput

func (IAMBindingArrayOutput) ToIAMBindingArrayOutput added in v4.11.1 

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext added in v4.11.1 

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingCondition 

type IAMBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMBindingConditionArgs 

type IAMBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMBindingConditionArgs) ElementType 

func (IAMBindingConditionArgs) ElementType() reflect.Type

func (IAMBindingConditionArgs) ToIAMBindingConditionOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionInput 

type IAMBindingConditionInput interface {
	pulumi.Input

	ToIAMBindingConditionOutput() IAMBindingConditionOutput
	ToIAMBindingConditionOutputWithContext(context.Context) IAMBindingConditionOutput
}

IAMBindingConditionInput is an input type that accepts IAMBindingConditionArgs and IAMBindingConditionOutput values. You can construct a concrete instance of `IAMBindingConditionInput` via: 

IAMBindingConditionArgs{...}

type IAMBindingConditionOutput 

type IAMBindingConditionOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionOutput) Description 

func (o IAMBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionOutput) ElementType 

func (IAMBindingConditionOutput) ElementType() reflect.Type

func (IAMBindingConditionOutput) Expression 

func (o IAMBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionOutput) Title 

func (o IAMBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionOutput) ToIAMBindingConditionOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionPtrInput 

type IAMBindingConditionPtrInput interface {
	pulumi.Input

	ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
	ToIAMBindingConditionPtrOutputWithContext(context.Context) IAMBindingConditionPtrOutput
}

IAMBindingConditionPtrInput is an input type that accepts IAMBindingConditionArgs, IAMBindingConditionPtr and IAMBindingConditionPtrOutput values. You can construct a concrete instance of `IAMBindingConditionPtrInput` via: 

        IAMBindingConditionArgs{...}

or:

        nil

func IAMBindingConditionPtr 

func IAMBindingConditionPtr(v *IAMBindingConditionArgs) IAMBindingConditionPtrInput

type IAMBindingConditionPtrOutput 

type IAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionPtrOutput) Description 

func (o IAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionPtrOutput) Elem 

func (o IAMBindingConditionPtrOutput) Elem() IAMBindingConditionOutput

func (IAMBindingConditionPtrOutput) ElementType 

func (IAMBindingConditionPtrOutput) ElementType() reflect.Type

func (IAMBindingConditionPtrOutput) Expression 

func (o IAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionPtrOutput) Title 

func (o IAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingInput added in v4.4.0 

type IAMBindingInput interface {
	pulumi.Input

	ToIAMBindingOutput() IAMBindingOutput
	ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
}

type IAMBindingMap added in v4.11.1 

type IAMBindingMap map[string]IAMBindingInput

func (IAMBindingMap) ElementType added in v4.11.1 

func (IAMBindingMap) ElementType() reflect.Type

func (IAMBindingMap) ToIAMBindingMapOutput added in v4.11.1 

func (i IAMBindingMap) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMap) ToIAMBindingMapOutputWithContext added in v4.11.1 

func (i IAMBindingMap) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingMapInput added in v4.11.1 

type IAMBindingMapInput interface {
	pulumi.Input

	ToIAMBindingMapOutput() IAMBindingMapOutput
	ToIAMBindingMapOutputWithContext(context.Context) IAMBindingMapOutput
}

IAMBindingMapInput is an input type that accepts IAMBindingMap and IAMBindingMapOutput values. You can construct a concrete instance of `IAMBindingMapInput` via: 

IAMBindingMap{ "key": IAMBindingArgs{...} }

type IAMBindingMapOutput added in v4.11.1 

type IAMBindingMapOutput struct{ *pulumi.OutputState }

func (IAMBindingMapOutput) ElementType added in v4.11.1 

func (IAMBindingMapOutput) ElementType() reflect.Type

func (IAMBindingMapOutput) MapIndex added in v4.11.1 

func (o IAMBindingMapOutput) MapIndex(k pulumi.StringInput) IAMBindingOutput

func (IAMBindingMapOutput) ToIAMBindingMapOutput added in v4.11.1 

func (o IAMBindingMapOutput) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMapOutput) ToIAMBindingMapOutputWithContext added in v4.11.1 

func (o IAMBindingMapOutput) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingOutput added in v4.4.0 

type IAMBindingOutput struct {
	*pulumi.OutputState
}

func (IAMBindingOutput) ElementType added in v4.4.0 

func (IAMBindingOutput) ElementType() reflect.Type

func (IAMBindingOutput) ToIAMBindingOutput added in v4.4.0 

func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput

func (IAMBindingOutput) ToIAMBindingOutputWithContext added in v4.4.0 

func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

func (IAMBindingOutput) ToIAMBindingPtrOutput added in v4.11.1 

func (o IAMBindingOutput) ToIAMBindingPtrOutput() IAMBindingPtrOutput

func (IAMBindingOutput) ToIAMBindingPtrOutputWithContext added in v4.11.1 

func (o IAMBindingOutput) ToIAMBindingPtrOutputWithContext(ctx context.Context) IAMBindingPtrOutput

type IAMBindingPtrInput added in v4.11.1 

type IAMBindingPtrInput interface {
	pulumi.Input

	ToIAMBindingPtrOutput() IAMBindingPtrOutput
	ToIAMBindingPtrOutputWithContext(ctx context.Context) IAMBindingPtrOutput
}

type IAMBindingPtrOutput added in v4.11.1 

type IAMBindingPtrOutput struct {
	*pulumi.OutputState
}

func (IAMBindingPtrOutput) ElementType added in v4.11.1 

func (IAMBindingPtrOutput) ElementType() reflect.Type

func (IAMBindingPtrOutput) ToIAMBindingPtrOutput added in v4.11.1 

func (o IAMBindingPtrOutput) ToIAMBindingPtrOutput() IAMBindingPtrOutput

func (IAMBindingPtrOutput) ToIAMBindingPtrOutputWithContext added in v4.11.1 

func (o IAMBindingPtrOutput) ToIAMBindingPtrOutputWithContext(ctx context.Context) IAMBindingPtrOutput

type IAMBindingState 

type IAMBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	// (Computed) The etag of the service account IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMBindingState) ElementType 

func (IAMBindingState) ElementType() reflect.Type

type IAMMember 

type IAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the service account IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin_account_iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceAccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce_default_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceAccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMMember:IAMMember admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMMember 

func GetIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMMemberState, opts ...pulumi.ResourceOption) (*IAMMember, error)

GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMMember 

func NewIAMMember(ctx *pulumi.Context,
	name string, args *IAMMemberArgs, opts ...pulumi.ResourceOption) (*IAMMember, error)

NewIAMMember registers a new resource with the given unique name, arguments, and options.

func (*IAMMember) ElementType added in v4.4.0 

func (*IAMMember) ElementType() reflect.Type

func (*IAMMember) ToIAMMemberOutput added in v4.4.0 

func (i *IAMMember) ToIAMMemberOutput() IAMMemberOutput

func (*IAMMember) ToIAMMemberOutputWithContext added in v4.4.0 

func (i *IAMMember) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

func (*IAMMember) ToIAMMemberPtrOutput added in v4.11.1 

func (i *IAMMember) ToIAMMemberPtrOutput() IAMMemberPtrOutput

func (*IAMMember) ToIAMMemberPtrOutputWithContext added in v4.11.1 

func (i *IAMMember) ToIAMMemberPtrOutputWithContext(ctx context.Context) IAMMemberPtrOutput

type IAMMemberArgs 

type IAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	Member    pulumi.StringInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMMember resource.

func (IAMMemberArgs) ElementType 

func (IAMMemberArgs) ElementType() reflect.Type

type IAMMemberArray added in v4.11.1 

type IAMMemberArray []IAMMemberInput

func (IAMMemberArray) ElementType added in v4.11.1 

func (IAMMemberArray) ElementType() reflect.Type

func (IAMMemberArray) ToIAMMemberArrayOutput added in v4.11.1 

func (i IAMMemberArray) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArray) ToIAMMemberArrayOutputWithContext added in v4.11.1 

func (i IAMMemberArray) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberArrayInput added in v4.11.1 

type IAMMemberArrayInput interface {
	pulumi.Input

	ToIAMMemberArrayOutput() IAMMemberArrayOutput
	ToIAMMemberArrayOutputWithContext(context.Context) IAMMemberArrayOutput
}

IAMMemberArrayInput is an input type that accepts IAMMemberArray and IAMMemberArrayOutput values. You can construct a concrete instance of `IAMMemberArrayInput` via: 

IAMMemberArray{ IAMMemberArgs{...} }

type IAMMemberArrayOutput added in v4.11.1 

type IAMMemberArrayOutput struct{ *pulumi.OutputState }

func (IAMMemberArrayOutput) ElementType added in v4.11.1 

func (IAMMemberArrayOutput) ElementType() reflect.Type

func (IAMMemberArrayOutput) Index added in v4.11.1 

func (o IAMMemberArrayOutput) Index(i pulumi.IntInput) IAMMemberOutput

func (IAMMemberArrayOutput) ToIAMMemberArrayOutput added in v4.11.1 

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext added in v4.11.1 

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberCondition 

type IAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMMemberConditionArgs 

type IAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMMemberConditionArgs) ElementType 

func (IAMMemberConditionArgs) ElementType() reflect.Type

func (IAMMemberConditionArgs) ToIAMMemberConditionOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionInput 

type IAMMemberConditionInput interface {
	pulumi.Input

	ToIAMMemberConditionOutput() IAMMemberConditionOutput
	ToIAMMemberConditionOutputWithContext(context.Context) IAMMemberConditionOutput
}

IAMMemberConditionInput is an input type that accepts IAMMemberConditionArgs and IAMMemberConditionOutput values. You can construct a concrete instance of `IAMMemberConditionInput` via: 

IAMMemberConditionArgs{...}

type IAMMemberConditionOutput 

type IAMMemberConditionOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionOutput) Description 

func (o IAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionOutput) ElementType 

func (IAMMemberConditionOutput) ElementType() reflect.Type

func (IAMMemberConditionOutput) Expression 

func (o IAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionOutput) Title 

func (o IAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionOutput) ToIAMMemberConditionOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionPtrInput 

type IAMMemberConditionPtrInput interface {
	pulumi.Input

	ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
	ToIAMMemberConditionPtrOutputWithContext(context.Context) IAMMemberConditionPtrOutput
}

IAMMemberConditionPtrInput is an input type that accepts IAMMemberConditionArgs, IAMMemberConditionPtr and IAMMemberConditionPtrOutput values. You can construct a concrete instance of `IAMMemberConditionPtrInput` via: 

        IAMMemberConditionArgs{...}

or:

        nil

func IAMMemberConditionPtr 

func IAMMemberConditionPtr(v *IAMMemberConditionArgs) IAMMemberConditionPtrInput

type IAMMemberConditionPtrOutput 

type IAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionPtrOutput) Description 

func (o IAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionPtrOutput) Elem 

func (o IAMMemberConditionPtrOutput) Elem() IAMMemberConditionOutput

func (IAMMemberConditionPtrOutput) ElementType 

func (IAMMemberConditionPtrOutput) ElementType() reflect.Type

func (IAMMemberConditionPtrOutput) Expression 

func (o IAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionPtrOutput) Title 

func (o IAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberInput added in v4.4.0 

type IAMMemberInput interface {
	pulumi.Input

	ToIAMMemberOutput() IAMMemberOutput
	ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
}

type IAMMemberMap added in v4.11.1 

type IAMMemberMap map[string]IAMMemberInput

func (IAMMemberMap) ElementType added in v4.11.1 

func (IAMMemberMap) ElementType() reflect.Type

func (IAMMemberMap) ToIAMMemberMapOutput added in v4.11.1 

func (i IAMMemberMap) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMap) ToIAMMemberMapOutputWithContext added in v4.11.1 

func (i IAMMemberMap) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberMapInput added in v4.11.1 

type IAMMemberMapInput interface {
	pulumi.Input

	ToIAMMemberMapOutput() IAMMemberMapOutput
	ToIAMMemberMapOutputWithContext(context.Context) IAMMemberMapOutput
}

IAMMemberMapInput is an input type that accepts IAMMemberMap and IAMMemberMapOutput values. You can construct a concrete instance of `IAMMemberMapInput` via: 

IAMMemberMap{ "key": IAMMemberArgs{...} }

type IAMMemberMapOutput added in v4.11.1 

type IAMMemberMapOutput struct{ *pulumi.OutputState }

func (IAMMemberMapOutput) ElementType added in v4.11.1 

func (IAMMemberMapOutput) ElementType() reflect.Type

func (IAMMemberMapOutput) MapIndex added in v4.11.1 

func (o IAMMemberMapOutput) MapIndex(k pulumi.StringInput) IAMMemberOutput

func (IAMMemberMapOutput) ToIAMMemberMapOutput added in v4.11.1 

func (o IAMMemberMapOutput) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMapOutput) ToIAMMemberMapOutputWithContext added in v4.11.1 

func (o IAMMemberMapOutput) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberOutput added in v4.4.0 

type IAMMemberOutput struct {
	*pulumi.OutputState
}

func (IAMMemberOutput) ElementType added in v4.4.0 

func (IAMMemberOutput) ElementType() reflect.Type

func (IAMMemberOutput) ToIAMMemberOutput added in v4.4.0 

func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput

func (IAMMemberOutput) ToIAMMemberOutputWithContext added in v4.4.0 

func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

func (IAMMemberOutput) ToIAMMemberPtrOutput added in v4.11.1 

func (o IAMMemberOutput) ToIAMMemberPtrOutput() IAMMemberPtrOutput

func (IAMMemberOutput) ToIAMMemberPtrOutputWithContext added in v4.11.1 

func (o IAMMemberOutput) ToIAMMemberPtrOutputWithContext(ctx context.Context) IAMMemberPtrOutput

type IAMMemberPtrInput added in v4.11.1 

type IAMMemberPtrInput interface {
	pulumi.Input

	ToIAMMemberPtrOutput() IAMMemberPtrOutput
	ToIAMMemberPtrOutputWithContext(ctx context.Context) IAMMemberPtrOutput
}

type IAMMemberPtrOutput added in v4.11.1 

type IAMMemberPtrOutput struct {
	*pulumi.OutputState
}

func (IAMMemberPtrOutput) ElementType added in v4.11.1 

func (IAMMemberPtrOutput) ElementType() reflect.Type

func (IAMMemberPtrOutput) ToIAMMemberPtrOutput added in v4.11.1 

func (o IAMMemberPtrOutput) ToIAMMemberPtrOutput() IAMMemberPtrOutput

func (IAMMemberPtrOutput) ToIAMMemberPtrOutputWithContext added in v4.11.1 

func (o IAMMemberPtrOutput) ToIAMMemberPtrOutputWithContext(ctx context.Context) IAMMemberPtrOutput

type IAMMemberState 

type IAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// (Computed) The etag of the service account IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `serviceAccount.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMMemberState) ElementType 

func (IAMMemberState) ElementType() reflect.Type

type IAMPolicy 

type IAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the service account IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
}

When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the googleProjectIam set of resources.

Three different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:

* `serviceAccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached. * `serviceAccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved. * `serviceAccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.

> **Note:** `serviceAccount.IAMPolicy` **cannot** be used in conjunction with `serviceAccount.IAMBinding` and `serviceAccount.IAMMember` or they will fight over what your policy should be.

> **Note:** `serviceAccount.IAMBinding` resources **can be** used in conjunction with `serviceAccount.IAMMember` resources **only if** they do not grant privilege to the same role.

## google\_service\_account\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iam.serviceAccountUser",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can interact with"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMPolicy(ctx, "admin_account_iam", &serviceAccount.IAMPolicyArgs{
			ServiceAccountId: sa.Name,
			PolicyData:       pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that only Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMBinding(ctx, "admin_account_iam", &serviceAccount.IAMBindingArgs{
			Condition: &serviceAccount.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_service\_account\_iam\_member

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: sa.Name,
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member:           pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "gce_default_account_iam", &serviceAccount.IAMMemberArgs{
			ServiceAccountId: pulumi.String(_default.Name),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			Member: sa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sa, err := serviceAccount.NewAccount(ctx, "sa", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("my-service-account"),
			DisplayName: pulumi.String("A service account that Jane can use"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewIAMMember(ctx, "admin_account_iam", &serviceAccount.IAMMemberArgs{
			Condition: &serviceAccount.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:           pulumi.String("user:jane@example.com"),
			Role:             pulumi.String("roles/iam.serviceAccountUser"),
			ServiceAccountId: sa.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Service account IAM resources can be imported using the project, service account email, role, member identity, and condition (beta).

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam projects/{your-project-id}/serviceAccounts/{your-service-account-email}

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:foo@example.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. With conditions

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31"

```

```sh 

$ pulumi import gcp:serviceAccount/iAMPolicy:IAMPolicy admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31"

```

func GetIAMPolicy 

func GetIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMPolicyState, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMPolicy 

func NewIAMPolicy(ctx *pulumi.Context,
	name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

NewIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*IAMPolicy) ElementType added in v4.4.0 

func (*IAMPolicy) ElementType() reflect.Type

func (*IAMPolicy) ToIAMPolicyOutput added in v4.4.0 

func (i *IAMPolicy) ToIAMPolicyOutput() IAMPolicyOutput

func (*IAMPolicy) ToIAMPolicyOutputWithContext added in v4.4.0 

func (i *IAMPolicy) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

func (*IAMPolicy) ToIAMPolicyPtrOutput added in v4.11.1 

func (i *IAMPolicy) ToIAMPolicyPtrOutput() IAMPolicyPtrOutput

func (*IAMPolicy) ToIAMPolicyPtrOutputWithContext added in v4.11.1 

func (i *IAMPolicy) ToIAMPolicyPtrOutputWithContext(ctx context.Context) IAMPolicyPtrOutput

type IAMPolicyArgs 

type IAMPolicyArgs struct {
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a IAMPolicy resource.

func (IAMPolicyArgs) ElementType 

func (IAMPolicyArgs) ElementType() reflect.Type

type IAMPolicyArray added in v4.11.1 

type IAMPolicyArray []IAMPolicyInput

func (IAMPolicyArray) ElementType added in v4.11.1 

func (IAMPolicyArray) ElementType() reflect.Type

func (IAMPolicyArray) ToIAMPolicyArrayOutput added in v4.11.1 

func (i IAMPolicyArray) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArray) ToIAMPolicyArrayOutputWithContext added in v4.11.1 

func (i IAMPolicyArray) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyArrayInput added in v4.11.1 

type IAMPolicyArrayInput interface {
	pulumi.Input

	ToIAMPolicyArrayOutput() IAMPolicyArrayOutput
	ToIAMPolicyArrayOutputWithContext(context.Context) IAMPolicyArrayOutput
}

IAMPolicyArrayInput is an input type that accepts IAMPolicyArray and IAMPolicyArrayOutput values. You can construct a concrete instance of `IAMPolicyArrayInput` via: 

IAMPolicyArray{ IAMPolicyArgs{...} }

type IAMPolicyArrayOutput added in v4.11.1 

type IAMPolicyArrayOutput struct{ *pulumi.OutputState }

func (IAMPolicyArrayOutput) ElementType added in v4.11.1 

func (IAMPolicyArrayOutput) ElementType() reflect.Type

func (IAMPolicyArrayOutput) Index added in v4.11.1 

func (o IAMPolicyArrayOutput) Index(i pulumi.IntInput) IAMPolicyOutput

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutput added in v4.11.1 

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext added in v4.11.1 

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyInput added in v4.4.0 

type IAMPolicyInput interface {
	pulumi.Input

	ToIAMPolicyOutput() IAMPolicyOutput
	ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
}

type IAMPolicyMap added in v4.11.1 

type IAMPolicyMap map[string]IAMPolicyInput

func (IAMPolicyMap) ElementType added in v4.11.1 

func (IAMPolicyMap) ElementType() reflect.Type

func (IAMPolicyMap) ToIAMPolicyMapOutput added in v4.11.1 

func (i IAMPolicyMap) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMap) ToIAMPolicyMapOutputWithContext added in v4.11.1 

func (i IAMPolicyMap) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyMapInput added in v4.11.1 

type IAMPolicyMapInput interface {
	pulumi.Input

	ToIAMPolicyMapOutput() IAMPolicyMapOutput
	ToIAMPolicyMapOutputWithContext(context.Context) IAMPolicyMapOutput
}

IAMPolicyMapInput is an input type that accepts IAMPolicyMap and IAMPolicyMapOutput values. You can construct a concrete instance of `IAMPolicyMapInput` via: 

IAMPolicyMap{ "key": IAMPolicyArgs{...} }

type IAMPolicyMapOutput added in v4.11.1 

type IAMPolicyMapOutput struct{ *pulumi.OutputState }

func (IAMPolicyMapOutput) ElementType added in v4.11.1 

func (IAMPolicyMapOutput) ElementType() reflect.Type

func (IAMPolicyMapOutput) MapIndex added in v4.11.1 

func (o IAMPolicyMapOutput) MapIndex(k pulumi.StringInput) IAMPolicyOutput

func (IAMPolicyMapOutput) ToIAMPolicyMapOutput added in v4.11.1 

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext added in v4.11.1 

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyOutput added in v4.4.0 

type IAMPolicyOutput struct {
	*pulumi.OutputState
}

func (IAMPolicyOutput) ElementType added in v4.4.0 

func (IAMPolicyOutput) ElementType() reflect.Type

func (IAMPolicyOutput) ToIAMPolicyOutput added in v4.4.0 

func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput

func (IAMPolicyOutput) ToIAMPolicyOutputWithContext added in v4.4.0 

func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

func (IAMPolicyOutput) ToIAMPolicyPtrOutput added in v4.11.1 

func (o IAMPolicyOutput) ToIAMPolicyPtrOutput() IAMPolicyPtrOutput

func (IAMPolicyOutput) ToIAMPolicyPtrOutputWithContext added in v4.11.1 

func (o IAMPolicyOutput) ToIAMPolicyPtrOutputWithContext(ctx context.Context) IAMPolicyPtrOutput

type IAMPolicyPtrInput added in v4.11.1 

type IAMPolicyPtrInput interface {
	pulumi.Input

	ToIAMPolicyPtrOutput() IAMPolicyPtrOutput
	ToIAMPolicyPtrOutputWithContext(ctx context.Context) IAMPolicyPtrOutput
}

type IAMPolicyPtrOutput added in v4.11.1 

type IAMPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (IAMPolicyPtrOutput) ElementType added in v4.11.1 

func (IAMPolicyPtrOutput) ElementType() reflect.Type

func (IAMPolicyPtrOutput) ToIAMPolicyPtrOutput added in v4.11.1 

func (o IAMPolicyPtrOutput) ToIAMPolicyPtrOutput() IAMPolicyPtrOutput

func (IAMPolicyPtrOutput) ToIAMPolicyPtrOutputWithContext added in v4.11.1 

func (o IAMPolicyPtrOutput) ToIAMPolicyPtrOutputWithContext(ctx context.Context) IAMPolicyPtrOutput

type IAMPolicyState 

type IAMPolicyState struct {
	// (Computed) The etag of the service account IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The fully-qualified name of the service account to apply policy to.
	ServiceAccountId pulumi.StringPtrInput
}

func (IAMPolicyState) ElementType 

func (IAMPolicyState) ElementType() reflect.Type

type Key 

type Key struct {
	pulumi.CustomResourceState

	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapOutput `pulumi:"keepers"`
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrOutput `pulumi:"keyAlgorithm"`
	// The name used for this key pair
	Name pulumi.StringOutput `pulumi:"name"`
	// The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
	// service account keys through the CLI or web console. This is only populated when creating a new key.
	PrivateKey pulumi.StringOutput `pulumi:"privateKey"`
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrOutput `pulumi:"privateKeyType"`
	// The public key, base64 encoded
	PublicKey pulumi.StringOutput `pulumi:"publicKey"`
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrOutput `pulumi:"publicKeyData"`
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrOutput `pulumi:"publicKeyType"`
	// The Service account id of the Key. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
	// The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidAfter pulumi.StringOutput `pulumi:"validAfter"`
	// The key can be used before this timestamp.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidBefore pulumi.StringOutput `pulumi:"validBefore"`
}

Creates and manages service account keys, which allow the use of a service account outside of Google Cloud.

* [API documentation](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys) * How-to Guides

## Example Usage ### Creating A New Key

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("myaccount"),
			DisplayName: pulumi.String("My Service Account"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewKey(ctx, "mykey", &serviceAccount.KeyArgs{
			ServiceAccountId: myaccount.Name,
			PublicKeyType:    pulumi.String("TYPE_X509_PEM_FILE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

This resource does not support import.

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) ElementType added in v4.4.0 

func (*Key) ElementType() reflect.Type

func (*Key) ToKeyOutput added in v4.4.0 

func (i *Key) ToKeyOutput() KeyOutput

func (*Key) ToKeyOutputWithContext added in v4.4.0 

func (i *Key) ToKeyOutputWithContext(ctx context.Context) KeyOutput

func (*Key) ToKeyPtrOutput added in v4.11.1 

func (i *Key) ToKeyPtrOutput() KeyPtrOutput

func (*Key) ToKeyPtrOutputWithContext added in v4.11.1 

func (i *Key) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput

type KeyArgs 

type KeyArgs struct {
	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapInput
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrInput
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrInput
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrInput
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrInput
	// The Service account id of the Key. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a Key resource.

func (KeyArgs) ElementType 

func (KeyArgs) ElementType() reflect.Type

type KeyArray added in v4.11.1 

type KeyArray []KeyInput

func (KeyArray) ElementType added in v4.11.1 

func (KeyArray) ElementType() reflect.Type

func (KeyArray) ToKeyArrayOutput added in v4.11.1 

func (i KeyArray) ToKeyArrayOutput() KeyArrayOutput

func (KeyArray) ToKeyArrayOutputWithContext added in v4.11.1 

func (i KeyArray) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput

type KeyArrayInput added in v4.11.1 

type KeyArrayInput interface {
	pulumi.Input

	ToKeyArrayOutput() KeyArrayOutput
	ToKeyArrayOutputWithContext(context.Context) KeyArrayOutput
}

KeyArrayInput is an input type that accepts KeyArray and KeyArrayOutput values. You can construct a concrete instance of `KeyArrayInput` via: 

KeyArray{ KeyArgs{...} }

type KeyArrayOutput added in v4.11.1 

type KeyArrayOutput struct{ *pulumi.OutputState }

func (KeyArrayOutput) ElementType added in v4.11.1 

func (KeyArrayOutput) ElementType() reflect.Type

func (KeyArrayOutput) Index added in v4.11.1 

func (o KeyArrayOutput) Index(i pulumi.IntInput) KeyOutput

func (KeyArrayOutput) ToKeyArrayOutput added in v4.11.1 

func (o KeyArrayOutput) ToKeyArrayOutput() KeyArrayOutput

func (KeyArrayOutput) ToKeyArrayOutputWithContext added in v4.11.1 

func (o KeyArrayOutput) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput

type KeyInput added in v4.4.0 

type KeyInput interface {
	pulumi.Input

	ToKeyOutput() KeyOutput
	ToKeyOutputWithContext(ctx context.Context) KeyOutput
}

type KeyMap added in v4.11.1 

type KeyMap map[string]KeyInput

func (KeyMap) ElementType added in v4.11.1 

func (KeyMap) ElementType() reflect.Type

func (KeyMap) ToKeyMapOutput added in v4.11.1 

func (i KeyMap) ToKeyMapOutput() KeyMapOutput

func (KeyMap) ToKeyMapOutputWithContext added in v4.11.1 

func (i KeyMap) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput

type KeyMapInput added in v4.11.1 

type KeyMapInput interface {
	pulumi.Input

	ToKeyMapOutput() KeyMapOutput
	ToKeyMapOutputWithContext(context.Context) KeyMapOutput
}

KeyMapInput is an input type that accepts KeyMap and KeyMapOutput values. You can construct a concrete instance of `KeyMapInput` via: 

KeyMap{ "key": KeyArgs{...} }

type KeyMapOutput added in v4.11.1 

type KeyMapOutput struct{ *pulumi.OutputState }

func (KeyMapOutput) ElementType added in v4.11.1 

func (KeyMapOutput) ElementType() reflect.Type

func (KeyMapOutput) MapIndex added in v4.11.1 

func (o KeyMapOutput) MapIndex(k pulumi.StringInput) KeyOutput

func (KeyMapOutput) ToKeyMapOutput added in v4.11.1 

func (o KeyMapOutput) ToKeyMapOutput() KeyMapOutput

func (KeyMapOutput) ToKeyMapOutputWithContext added in v4.11.1 

func (o KeyMapOutput) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput

type KeyOutput added in v4.4.0 

type KeyOutput struct {
	*pulumi.OutputState
}

func (KeyOutput) ElementType added in v4.4.0 

func (KeyOutput) ElementType() reflect.Type

func (KeyOutput) ToKeyOutput added in v4.4.0 

func (o KeyOutput) ToKeyOutput() KeyOutput

func (KeyOutput) ToKeyOutputWithContext added in v4.4.0 

func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput

func (KeyOutput) ToKeyPtrOutput added in v4.11.1 

func (o KeyOutput) ToKeyPtrOutput() KeyPtrOutput

func (KeyOutput) ToKeyPtrOutputWithContext added in v4.11.1 

func (o KeyOutput) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput

type KeyPtrInput added in v4.11.1 

type KeyPtrInput interface {
	pulumi.Input

	ToKeyPtrOutput() KeyPtrOutput
	ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput
}

type KeyPtrOutput added in v4.11.1 

type KeyPtrOutput struct {
	*pulumi.OutputState
}

func (KeyPtrOutput) ElementType added in v4.11.1 

func (KeyPtrOutput) ElementType() reflect.Type

func (KeyPtrOutput) ToKeyPtrOutput added in v4.11.1 

func (o KeyPtrOutput) ToKeyPtrOutput() KeyPtrOutput

func (KeyPtrOutput) ToKeyPtrOutputWithContext added in v4.11.1 

func (o KeyPtrOutput) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput

type KeyState 

type KeyState struct {
	// Arbitrary map of values that, when changed, will trigger a new key to be generated.
	Keepers pulumi.MapInput
	// The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
	// Valid values are listed at
	// [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
	// (only used on create)
	KeyAlgorithm pulumi.StringPtrInput
	// The name used for this key pair
	Name pulumi.StringPtrInput
	// The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
	// service account keys through the CLI or web console. This is only populated when creating a new key.
	PrivateKey pulumi.StringPtrInput
	// The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
	PrivateKeyType pulumi.StringPtrInput
	// The public key, base64 encoded
	PublicKey pulumi.StringPtrInput
	// Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `publicKeyType` and `privateKeyType`.
	PublicKeyData pulumi.StringPtrInput
	// The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
	PublicKeyType pulumi.StringPtrInput
	// The Service account id of the Key. This can be a string in the format
	// `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
	// unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
	ServiceAccountId pulumi.StringPtrInput
	// The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidAfter pulumi.StringPtrInput
	// The key can be used before this timestamp.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	ValidBefore pulumi.StringPtrInput
}

func (KeyState) ElementType 

func (KeyState) ElementType() reflect.Type

type LookupAccountArgs 

type LookupAccountArgs struct {
	// The Google service account ID. This be one of:
	AccountId string `pulumi:"accountId"`
	// The ID of the project that the service account is present in.
	// Defaults to the provider project configuration.
	Project *string `pulumi:"project"`
}

A collection of arguments for invoking getAccount.

type LookupAccountResult 

type LookupAccountResult struct {
	AccountId string `pulumi:"accountId"`
	// The display name for the service account.
	DisplayName string `pulumi:"displayName"`
	// The e-mail address of the service account. This value
	// should be referenced from any `organizations.getIAMPolicy` data sources
	// that would grant the service account privileges.
	Email string `pulumi:"email"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The fully-qualified name of the service account.
	Name    string  `pulumi:"name"`
	Project *string `pulumi:"project"`
	// The unique id of the service account.
	UniqueId string `pulumi:"uniqueId"`
}

A collection of values returned by getAccount.

func LookupAccount 

func LookupAccount(ctx *pulumi.Context, args *LookupAccountArgs, opts ...pulumi.InvokeOption) (*LookupAccountResult, error)

Get the service account from a project. For more information see the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/serviceAccount"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceAccount.GetAccount(ctx, &serviceAccount.GetAccountArgs{
			AccountId: "object-viewer",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.