accessapproval

package
v7.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetFolderServiceAccountArgs 

type GetFolderServiceAccountArgs struct {
	// The folder ID the service account was created for.
	FolderId string `pulumi:"folderId"`
}

A collection of arguments for invoking getFolderServiceAccount.

type GetFolderServiceAccountOutputArgs 

type GetFolderServiceAccountOutputArgs struct {
	// The folder ID the service account was created for.
	FolderId pulumi.StringInput `pulumi:"folderId"`
}

A collection of arguments for invoking getFolderServiceAccount.

func (GetFolderServiceAccountOutputArgs) ElementType 

func (GetFolderServiceAccountOutputArgs) ElementType() reflect.Type

type GetFolderServiceAccountResult 

type GetFolderServiceAccountResult struct {
	// The email address of the service account. This value is
	// often used to refer to the service account in order to grant IAM permissions.
	AccountEmail string `pulumi:"accountEmail"`
	FolderId     string `pulumi:"folderId"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Access Approval service account resource name. Format is "folders/{folder_id}/serviceAccount".
	Name string `pulumi:"name"`
}

A collection of values returned by getFolderServiceAccount.

func GetFolderServiceAccount 

func GetFolderServiceAccount(ctx *pulumi.Context, args *GetFolderServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetFolderServiceAccountResult, error)

Get the email address of a folder's Access Approval service account.

Each Google Cloud folder has a unique service account used by Access Approval. When using Access Approval with a [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys), this account needs to be granted the `cloudkms.signerVerifier` IAM role on the Cloud KMS key used to sign approvals.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accessapproval"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		serviceAccount, err := accessapproval.GetFolderServiceAccount(ctx, &accessapproval.GetFolderServiceAccountArgs{
			FolderId: "my-folder",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(cryptoKey.Id),
			Role:        pulumi.String("roles/cloudkms.signerVerifier"),
			Member:      pulumi.String(fmt.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetFolderServiceAccountResultOutput 

type GetFolderServiceAccountResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getFolderServiceAccount.

func GetFolderServiceAccountOutput 

func GetFolderServiceAccountOutput(ctx *pulumi.Context, args GetFolderServiceAccountOutputArgs, opts ...pulumi.InvokeOption) GetFolderServiceAccountResultOutput

func (GetFolderServiceAccountResultOutput) AccountEmail 

func (o GetFolderServiceAccountResultOutput) AccountEmail() pulumi.StringOutput

The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

func (GetFolderServiceAccountResultOutput) ElementType 

func (GetFolderServiceAccountResultOutput) ElementType() reflect.Type

func (GetFolderServiceAccountResultOutput) FolderId 

func (o GetFolderServiceAccountResultOutput) FolderId() pulumi.StringOutput

func (GetFolderServiceAccountResultOutput) Id 

func (o GetFolderServiceAccountResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetFolderServiceAccountResultOutput) Name 

func (o GetFolderServiceAccountResultOutput) Name() pulumi.StringOutput

The Access Approval service account resource name. Format is "folders/{folder_id}/serviceAccount".

func (GetFolderServiceAccountResultOutput) ToGetFolderServiceAccountResultOutput 

func (o GetFolderServiceAccountResultOutput) ToGetFolderServiceAccountResultOutput() GetFolderServiceAccountResultOutput

func (GetFolderServiceAccountResultOutput) ToGetFolderServiceAccountResultOutputWithContext 

func (o GetFolderServiceAccountResultOutput) ToGetFolderServiceAccountResultOutputWithContext(ctx context.Context) GetFolderServiceAccountResultOutput

type GetOrganizationServiceAccountArgs 

type GetOrganizationServiceAccountArgs struct {
	// The organization ID the service account was created for.
	OrganizationId string `pulumi:"organizationId"`
}

A collection of arguments for invoking getOrganizationServiceAccount.

type GetOrganizationServiceAccountOutputArgs 

type GetOrganizationServiceAccountOutputArgs struct {
	// The organization ID the service account was created for.
	OrganizationId pulumi.StringInput `pulumi:"organizationId"`
}

A collection of arguments for invoking getOrganizationServiceAccount.

func (GetOrganizationServiceAccountOutputArgs) ElementType 

func (GetOrganizationServiceAccountOutputArgs) ElementType() reflect.Type

type GetOrganizationServiceAccountResult 

type GetOrganizationServiceAccountResult struct {
	// The email address of the service account. This value is
	// often used to refer to the service account in order to grant IAM permissions.
	AccountEmail string `pulumi:"accountEmail"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Access Approval service account resource name. Format is "organizations/{organization_id}/serviceAccount".
	Name           string `pulumi:"name"`
	OrganizationId string `pulumi:"organizationId"`
}

A collection of values returned by getOrganizationServiceAccount.

func GetOrganizationServiceAccount 

func GetOrganizationServiceAccount(ctx *pulumi.Context, args *GetOrganizationServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetOrganizationServiceAccountResult, error)

Get the email address of an organization's Access Approval service account.

Each Google Cloud organization has a unique service account used by Access Approval. When using Access Approval with a [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys), this account needs to be granted the `cloudkms.signerVerifier` IAM role on the Cloud KMS key used to sign approvals.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accessapproval"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		serviceAccount, err := accessapproval.GetOrganizationServiceAccount(ctx, &accessapproval.GetOrganizationServiceAccountArgs{
			OrganizationId: "my-organization",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(cryptoKey.Id),
			Role:        pulumi.String("roles/cloudkms.signerVerifier"),
			Member:      pulumi.String(fmt.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetOrganizationServiceAccountResultOutput 

type GetOrganizationServiceAccountResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getOrganizationServiceAccount.

func GetOrganizationServiceAccountOutput 

func GetOrganizationServiceAccountOutput(ctx *pulumi.Context, args GetOrganizationServiceAccountOutputArgs, opts ...pulumi.InvokeOption) GetOrganizationServiceAccountResultOutput

func (GetOrganizationServiceAccountResultOutput) AccountEmail 

func (o GetOrganizationServiceAccountResultOutput) AccountEmail() pulumi.StringOutput

The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

func (GetOrganizationServiceAccountResultOutput) ElementType 

func (GetOrganizationServiceAccountResultOutput) ElementType() reflect.Type

func (GetOrganizationServiceAccountResultOutput) Id 

func (o GetOrganizationServiceAccountResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetOrganizationServiceAccountResultOutput) Name 

func (o GetOrganizationServiceAccountResultOutput) Name() pulumi.StringOutput

The Access Approval service account resource name. Format is "organizations/{organization_id}/serviceAccount".

func (GetOrganizationServiceAccountResultOutput) OrganizationId 

func (o GetOrganizationServiceAccountResultOutput) OrganizationId() pulumi.StringOutput

func (GetOrganizationServiceAccountResultOutput) ToGetOrganizationServiceAccountResultOutput 

func (o GetOrganizationServiceAccountResultOutput) ToGetOrganizationServiceAccountResultOutput() GetOrganizationServiceAccountResultOutput

func (GetOrganizationServiceAccountResultOutput) ToGetOrganizationServiceAccountResultOutputWithContext 

func (o GetOrganizationServiceAccountResultOutput) ToGetOrganizationServiceAccountResultOutputWithContext(ctx context.Context) GetOrganizationServiceAccountResultOutput

type GetProjectServiceAccountArgs 

type GetProjectServiceAccountArgs struct {
	// The project ID the service account was created for.
	ProjectId string `pulumi:"projectId"`
}

A collection of arguments for invoking getProjectServiceAccount.

type GetProjectServiceAccountOutputArgs 

type GetProjectServiceAccountOutputArgs struct {
	// The project ID the service account was created for.
	ProjectId pulumi.StringInput `pulumi:"projectId"`
}

A collection of arguments for invoking getProjectServiceAccount.

func (GetProjectServiceAccountOutputArgs) ElementType 

func (GetProjectServiceAccountOutputArgs) ElementType() reflect.Type

type GetProjectServiceAccountResult 

type GetProjectServiceAccountResult struct {
	// The email address of the service account. This value is
	// often used to refer to the service account in order to grant IAM permissions.
	AccountEmail string `pulumi:"accountEmail"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Access Approval service account resource name. Format is "projects/{project_id}/serviceAccount".
	Name      string `pulumi:"name"`
	ProjectId string `pulumi:"projectId"`
}

A collection of values returned by getProjectServiceAccount.

func GetProjectServiceAccount 

func GetProjectServiceAccount(ctx *pulumi.Context, args *GetProjectServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetProjectServiceAccountResult, error)

Get the email address of a project's Access Approval service account.

Each Google Cloud project has a unique service account used by Access Approval. When using Access Approval with a [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys), this account needs to be granted the `cloudkms.signerVerifier` IAM role on the Cloud KMS key used to sign approvals.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accessapproval"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		serviceAccount, err := accessapproval.GetProjectServiceAccount(ctx, &accessapproval.GetProjectServiceAccountArgs{
			ProjectId: "my-project",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(cryptoKey.Id),
			Role:        pulumi.String("roles/cloudkms.signerVerifier"),
			Member:      pulumi.String(fmt.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetProjectServiceAccountResultOutput 

type GetProjectServiceAccountResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getProjectServiceAccount.

func GetProjectServiceAccountOutput 

func GetProjectServiceAccountOutput(ctx *pulumi.Context, args GetProjectServiceAccountOutputArgs, opts ...pulumi.InvokeOption) GetProjectServiceAccountResultOutput

func (GetProjectServiceAccountResultOutput) AccountEmail 

func (o GetProjectServiceAccountResultOutput) AccountEmail() pulumi.StringOutput

The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

func (GetProjectServiceAccountResultOutput) ElementType 

func (GetProjectServiceAccountResultOutput) ElementType() reflect.Type

func (GetProjectServiceAccountResultOutput) Id 

func (o GetProjectServiceAccountResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetProjectServiceAccountResultOutput) Name 

func (o GetProjectServiceAccountResultOutput) Name() pulumi.StringOutput

The Access Approval service account resource name. Format is "projects/{project_id}/serviceAccount".

func (GetProjectServiceAccountResultOutput) ProjectId 

func (o GetProjectServiceAccountResultOutput) ProjectId() pulumi.StringOutput

func (GetProjectServiceAccountResultOutput) ToGetProjectServiceAccountResultOutput 

func (o GetProjectServiceAccountResultOutput) ToGetProjectServiceAccountResultOutput() GetProjectServiceAccountResultOutput

func (GetProjectServiceAccountResultOutput) ToGetProjectServiceAccountResultOutputWithContext 

func (o GetProjectServiceAccountResultOutput) ToGetProjectServiceAccountResultOutputWithContext(ctx context.Context) GetProjectServiceAccountResultOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.