com.pulumi.gcp.serviceaccount.kotlin.Key.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.serviceaccount.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Any
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
/**
* Builder for [Key].
*/
@PulumiTagMarker
public class KeyResourceBuilder internal constructor() {
public var name: String? = null
public var args: KeyArgs = KeyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend KeyArgsBuilder.() -> Unit) {
val builder = KeyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): Key {
val builtJavaResource = com.pulumi.gcp.serviceaccount.Key(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return Key(builtJavaResource)
}
}
/**
* ## Example Usage
* ### Creating A New Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myaccount = new gcp.serviceaccount.Account("myaccount", {
* accountId: "myaccount",
* displayName: "My Service Account",
* });
* const mykey = new gcp.serviceaccount.Key("mykey", {
* serviceAccountId: myaccount.name,
* publicKeyType: "TYPE_X509_PEM_FILE",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* myaccount = gcp.serviceaccount.Account("myaccount",
* account_id="myaccount",
* display_name="My Service Account")
* mykey = gcp.serviceaccount.Key("mykey",
* service_account_id=myaccount.name,
* public_key_type="TYPE_X509_PEM_FILE")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
* {
* AccountId = "myaccount",
* DisplayName = "My Service Account",
* });
* var mykey = new Gcp.ServiceAccount.Key("mykey", new()
* {
* ServiceAccountId = myaccount.Name,
* PublicKeyType = "TYPE_X509_PEM_FILE",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
* AccountId: pulumi.String("myaccount"),
* DisplayName: pulumi.String("My Service Account"),
* })
* if err != nil {
* return err
* }
* _, err = serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
* ServiceAccountId: myaccount.Name,
* PublicKeyType: pulumi.String("TYPE_X509_PEM_FILE"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.serviceaccount.Account;
* import com.pulumi.gcp.serviceaccount.AccountArgs;
* import com.pulumi.gcp.serviceaccount.Key;
* import com.pulumi.gcp.serviceaccount.KeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myaccount = new Account("myaccount", AccountArgs.builder()
* .accountId("myaccount")
* .displayName("My Service Account")
* .build());
* var mykey = new Key("mykey", KeyArgs.builder()
* .serviceAccountId(myaccount.name())
* .publicKeyType("TYPE_X509_PEM_FILE")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myaccount:
* type: gcp:serviceaccount:Account
* properties:
* accountId: myaccount
* displayName: My Service Account
* mykey:
* type: gcp:serviceaccount:Key
* properties:
* serviceAccountId: ${myaccount.name}
* publicKeyType: TYPE_X509_PEM_FILE
* ```
*
* ### Creating And Regularly Rotating A Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as time from "@pulumiverse/time";
* const myaccount = new gcp.serviceaccount.Account("myaccount", {
* accountId: "myaccount",
* displayName: "My Service Account",
* });
* // note this requires the terraform to be run regularly
* const mykeyRotation = new time.Rotating("mykey_rotation", {rotationDays: 30});
* const mykey = new gcp.serviceaccount.Key("mykey", {
* serviceAccountId: myaccount.name,
* keepers: {
* rotation_time: mykeyRotation.rotationRfc3339,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumiverse_time as time
* myaccount = gcp.serviceaccount.Account("myaccount",
* account_id="myaccount",
* display_name="My Service Account")
* # note this requires the terraform to be run regularly
* mykey_rotation = time.Rotating("mykey_rotation", rotation_days=30)
* mykey = gcp.serviceaccount.Key("mykey",
* service_account_id=myaccount.name,
* keepers={
* "rotation_time": mykey_rotation.rotation_rfc3339,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Time = Pulumiverse.Time;
* return await Deployment.RunAsync(() =>
* {
* var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
* {
* AccountId = "myaccount",
* DisplayName = "My Service Account",
* });
* // note this requires the terraform to be run regularly
* var mykeyRotation = new Time.Rotating("mykey_rotation", new()
* {
* RotationDays = 30,
* });
* var mykey = new Gcp.ServiceAccount.Key("mykey", new()
* {
* ServiceAccountId = myaccount.Name,
* Keepers =
* {
* { "rotation_time", mykeyRotation.RotationRfc3339 },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
* "github.com/pulumi/pulumi-time/sdk/go/time"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
* AccountId: pulumi.String("myaccount"),
* DisplayName: pulumi.String("My Service Account"),
* })
* if err != nil {
* return err
* }
* // note this requires the terraform to be run regularly
* mykeyRotation, err := time.NewRotating(ctx, "mykey_rotation", &time.RotatingArgs{
* RotationDays: pulumi.Int(30),
* })
* if err != nil {
* return err
* }
* _, err = serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
* ServiceAccountId: myaccount.Name,
* Keepers: pulumi.Map{
* "rotation_time": mykeyRotation.RotationRfc3339,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.serviceaccount.Account;
* import com.pulumi.gcp.serviceaccount.AccountArgs;
* import com.pulumi.time.Rotating;
* import com.pulumi.time.RotatingArgs;
* import com.pulumi.gcp.serviceaccount.Key;
* import com.pulumi.gcp.serviceaccount.KeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myaccount = new Account("myaccount", AccountArgs.builder()
* .accountId("myaccount")
* .displayName("My Service Account")
* .build());
* // note this requires the terraform to be run regularly
* var mykeyRotation = new Rotating("mykeyRotation", RotatingArgs.builder()
* .rotationDays(30)
* .build());
* var mykey = new Key("mykey", KeyArgs.builder()
* .serviceAccountId(myaccount.name())
* .keepers(Map.of("rotation_time", mykeyRotation.rotationRfc3339()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myaccount:
* type: gcp:serviceaccount:Account
* properties:
* accountId: myaccount
* displayName: My Service Account
* # note this requires the terraform to be run regularly
* mykeyRotation:
* type: time:Rotating
* name: mykey_rotation
* properties:
* rotationDays: 30
* mykey:
* type: gcp:serviceaccount:Key
* properties:
* serviceAccountId: ${myaccount.name}
* keepers:
* rotation_time: ${mykeyRotation.rotationRfc3339}
* ```
*
* ### Save Key In Kubernetes Secret - DEPRECATED
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as kubernetes from "@pulumi/kubernetes";
* import * as std from "@pulumi/std";
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* const myaccount = new gcp.serviceaccount.Account("myaccount", {
* accountId: "myaccount",
* displayName: "My Service Account",
* });
* const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.name});
* const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", {
* metadata: {
* name: "google-application-credentials",
* },
* data: {
* json: std.base64decodeOutput({
* input: mykey.privateKey,
* }).apply(invoke => invoke.result),
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_kubernetes as kubernetes
* import pulumi_std as std
* # Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* myaccount = gcp.serviceaccount.Account("myaccount",
* account_id="myaccount",
* display_name="My Service Account")
* mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
* google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
* metadata=kubernetes.meta.v1.ObjectMetaArgs(
* name="google-application-credentials",
* ),
* data={
* "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Kubernetes = Pulumi.Kubernetes;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
* {
* AccountId = "myaccount",
* DisplayName = "My Service Account",
* });
* var mykey = new Gcp.ServiceAccount.Key("mykey", new()
* {
* ServiceAccountId = myaccount.Name,
* });
* var google_application_credentials = new Kubernetes.Core.V1.Secret("google-application-credentials", new()
* {
* Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
* {
* Name = "google-application-credentials",
* },
* Data =
* {
* { "json", Std.Base64decode.Invoke(new()
* {
* Input = mykey.PrivateKey,
* }).Apply(invoke => invoke.Result) },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
* corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
* metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
* AccountId: pulumi.String("myaccount"),
* DisplayName: pulumi.String("My Service Account"),
* })
* if err != nil {
* return err
* }
* mykey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
* ServiceAccountId: myaccount.Name,
* })
* if err != nil {
* return err
* }
* _, err = corev1.NewSecret(ctx, "google-application-credentials", &corev1.SecretArgs{
* Metadata: &metav1.ObjectMetaArgs{
* Name: pulumi.String("google-application-credentials"),
* },
* Data: pulumi.StringMap{
* "json": std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{
* Input: mykey.PrivateKey,
* }, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {
* return invoke.Result, nil
* }).(pulumi.StringPtrOutput),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.serviceaccount.Account;
* import com.pulumi.gcp.serviceaccount.AccountArgs;
* import com.pulumi.gcp.serviceaccount.Key;
* import com.pulumi.gcp.serviceaccount.KeyArgs;
* import com.pulumi.kubernetes.core_v1.Secret;
* import com.pulumi.kubernetes.core_v1.SecretArgs;
* import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* var myaccount = new Account("myaccount", AccountArgs.builder()
* .accountId("myaccount")
* .displayName("My Service Account")
* .build());
* var mykey = new Key("mykey", KeyArgs.builder()
* .serviceAccountId(myaccount.name())
* .build());
* var google_application_credentials = new Secret("google-application-credentials", SecretArgs.builder()
* .metadata(ObjectMetaArgs.builder()
* .name("google-application-credentials")
* .build())
* .data(Map.of("json", StdFunctions.base64decode().applyValue(invoke -> invoke.result())))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* # Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* myaccount:
* type: gcp:serviceaccount:Account
* properties:
* accountId: myaccount
* displayName: My Service Account
* mykey:
* type: gcp:serviceaccount:Key
* properties:
* serviceAccountId: ${myaccount.name}
* google-application-credentials:
* type: kubernetes:core/v1:Secret
* properties:
* metadata:
* name: google-application-credentials
* data:
* json:
* fn::invoke:
* Function: std:base64decode
* Arguments:
* input: ${mykey.privateKey}
* Return: result
* ```
*
* ## Import
* This resource does not support import.
*/
public class Key internal constructor(
override val javaResource: com.pulumi.gcp.serviceaccount.Key,
) : KotlinCustomResource(javaResource, KeyMapper) {
/**
* Arbitrary map of values that, when changed, will trigger a new key to be generated.
*/
public val keepers: Output>?
get() = javaResource.keepers().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.key.to(args0.value)
}).toMap()
}).orElse(null)
})
/**
* The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
* Valid values are listed at
* [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
* (only used on create)
*/
public val keyAlgorithm: Output?
get() = javaResource.keyAlgorithm().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The name used for this key pair
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
* service account keys through the CLI or web console. This is only populated when creating a new key.
*/
public val privateKey: Output
get() = javaResource.privateKey().applyValue({ args0 -> args0 })
/**
* The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
*/
public val privateKeyType: Output?
get() = javaResource.privateKeyType().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The public key, base64 encoded
*/
public val publicKey: Output
get() = javaResource.publicKey().applyValue({ args0 -> args0 })
/**
* Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `public_key_type` and `private_key_type`.
*/
public val publicKeyData: Output?
get() = javaResource.publicKeyData().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
*/
public val publicKeyType: Output?
get() = javaResource.publicKeyType().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* The Service account id of the Key. This can be a string in the format
* `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. If the `{ACCOUNT}`-only syntax is used, either
* the **full** email address of the service account or its name can be specified as a value, in which case the project will
* automatically be inferred from the account. Otherwise, if the `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`
* syntax is used, the `{ACCOUNT}` specified can be the full email address of the service account or the service account's
* unique id. Substituting `-` as a wildcard for the `{PROJECT_ID}` will infer the project from the account.
*/
public val serviceAccountId: Output
get() = javaResource.serviceAccountId().applyValue({ args0 -> args0 })
/**
* The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
*/
public val validAfter: Output
get() = javaResource.validAfter().applyValue({ args0 -> args0 })
/**
* The key can be used before this timestamp.
* A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
*/
public val validBefore: Output
get() = javaResource.validBefore().applyValue({ args0 -> args0 })
}
public object KeyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.serviceaccount.Key::class == javaResource::class
override fun map(javaResource: Resource): Key = Key(
javaResource as
com.pulumi.gcp.serviceaccount.Key,
)
}
/**
* @see [Key].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [Key].
*/
public suspend fun key(name: String, block: suspend KeyResourceBuilder.() -> Unit): Key {
val builder = KeyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [Key].
* @param name The _unique_ name of the resulting resource.
*/
public fun key(name: String): Key {
val builder = KeyResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy