com.pulumi.gcp.serviceaccount.kotlin.KeyArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.serviceaccount.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.serviceaccount.KeyArgs.builder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.Any
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* ## Example Usage
* ### Creating A New Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myaccount = new gcp.serviceaccount.Account("myaccount", {
* accountId: "myaccount",
* displayName: "My Service Account",
* });
* const mykey = new gcp.serviceaccount.Key("mykey", {
* serviceAccountId: myaccount.name,
* publicKeyType: "TYPE_X509_PEM_FILE",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* myaccount = gcp.serviceaccount.Account("myaccount",
* account_id="myaccount",
* display_name="My Service Account")
* mykey = gcp.serviceaccount.Key("mykey",
* service_account_id=myaccount.name,
* public_key_type="TYPE_X509_PEM_FILE")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
* {
* AccountId = "myaccount",
* DisplayName = "My Service Account",
* });
* var mykey = new Gcp.ServiceAccount.Key("mykey", new()
* {
* ServiceAccountId = myaccount.Name,
* PublicKeyType = "TYPE_X509_PEM_FILE",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
* AccountId: pulumi.String("myaccount"),
* DisplayName: pulumi.String("My Service Account"),
* })
* if err != nil {
* return err
* }
* _, err = serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
* ServiceAccountId: myaccount.Name,
* PublicKeyType: pulumi.String("TYPE_X509_PEM_FILE"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.serviceaccount.Account;
* import com.pulumi.gcp.serviceaccount.AccountArgs;
* import com.pulumi.gcp.serviceaccount.Key;
* import com.pulumi.gcp.serviceaccount.KeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myaccount = new Account("myaccount", AccountArgs.builder()
* .accountId("myaccount")
* .displayName("My Service Account")
* .build());
* var mykey = new Key("mykey", KeyArgs.builder()
* .serviceAccountId(myaccount.name())
* .publicKeyType("TYPE_X509_PEM_FILE")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myaccount:
* type: gcp:serviceaccount:Account
* properties:
* accountId: myaccount
* displayName: My Service Account
* mykey:
* type: gcp:serviceaccount:Key
* properties:
* serviceAccountId: ${myaccount.name}
* publicKeyType: TYPE_X509_PEM_FILE
* ```
*
* ### Creating And Regularly Rotating A Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as time from "@pulumiverse/time";
* const myaccount = new gcp.serviceaccount.Account("myaccount", {
* accountId: "myaccount",
* displayName: "My Service Account",
* });
* // note this requires the terraform to be run regularly
* const mykeyRotation = new time.Rotating("mykey_rotation", {rotationDays: 30});
* const mykey = new gcp.serviceaccount.Key("mykey", {
* serviceAccountId: myaccount.name,
* keepers: {
* rotation_time: mykeyRotation.rotationRfc3339,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumiverse_time as time
* myaccount = gcp.serviceaccount.Account("myaccount",
* account_id="myaccount",
* display_name="My Service Account")
* # note this requires the terraform to be run regularly
* mykey_rotation = time.Rotating("mykey_rotation", rotation_days=30)
* mykey = gcp.serviceaccount.Key("mykey",
* service_account_id=myaccount.name,
* keepers={
* "rotation_time": mykey_rotation.rotation_rfc3339,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Time = Pulumiverse.Time;
* return await Deployment.RunAsync(() =>
* {
* var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
* {
* AccountId = "myaccount",
* DisplayName = "My Service Account",
* });
* // note this requires the terraform to be run regularly
* var mykeyRotation = new Time.Rotating("mykey_rotation", new()
* {
* RotationDays = 30,
* });
* var mykey = new Gcp.ServiceAccount.Key("mykey", new()
* {
* ServiceAccountId = myaccount.Name,
* Keepers =
* {
* { "rotation_time", mykeyRotation.RotationRfc3339 },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
* "github.com/pulumi/pulumi-time/sdk/go/time"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
* AccountId: pulumi.String("myaccount"),
* DisplayName: pulumi.String("My Service Account"),
* })
* if err != nil {
* return err
* }
* // note this requires the terraform to be run regularly
* mykeyRotation, err := time.NewRotating(ctx, "mykey_rotation", &time.RotatingArgs{
* RotationDays: pulumi.Int(30),
* })
* if err != nil {
* return err
* }
* _, err = serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
* ServiceAccountId: myaccount.Name,
* Keepers: pulumi.Map{
* "rotation_time": mykeyRotation.RotationRfc3339,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.serviceaccount.Account;
* import com.pulumi.gcp.serviceaccount.AccountArgs;
* import com.pulumi.time.Rotating;
* import com.pulumi.time.RotatingArgs;
* import com.pulumi.gcp.serviceaccount.Key;
* import com.pulumi.gcp.serviceaccount.KeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myaccount = new Account("myaccount", AccountArgs.builder()
* .accountId("myaccount")
* .displayName("My Service Account")
* .build());
* // note this requires the terraform to be run regularly
* var mykeyRotation = new Rotating("mykeyRotation", RotatingArgs.builder()
* .rotationDays(30)
* .build());
* var mykey = new Key("mykey", KeyArgs.builder()
* .serviceAccountId(myaccount.name())
* .keepers(Map.of("rotation_time", mykeyRotation.rotationRfc3339()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myaccount:
* type: gcp:serviceaccount:Account
* properties:
* accountId: myaccount
* displayName: My Service Account
* # note this requires the terraform to be run regularly
* mykeyRotation:
* type: time:Rotating
* name: mykey_rotation
* properties:
* rotationDays: 30
* mykey:
* type: gcp:serviceaccount:Key
* properties:
* serviceAccountId: ${myaccount.name}
* keepers:
* rotation_time: ${mykeyRotation.rotationRfc3339}
* ```
*
* ### Save Key In Kubernetes Secret - DEPRECATED
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as kubernetes from "@pulumi/kubernetes";
* import * as std from "@pulumi/std";
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* const myaccount = new gcp.serviceaccount.Account("myaccount", {
* accountId: "myaccount",
* displayName: "My Service Account",
* });
* const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.name});
* const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", {
* metadata: {
* name: "google-application-credentials",
* },
* data: {
* json: std.base64decodeOutput({
* input: mykey.privateKey,
* }).apply(invoke => invoke.result),
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_kubernetes as kubernetes
* import pulumi_std as std
* # Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* myaccount = gcp.serviceaccount.Account("myaccount",
* account_id="myaccount",
* display_name="My Service Account")
* mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
* google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
* metadata=kubernetes.meta.v1.ObjectMetaArgs(
* name="google-application-credentials",
* ),
* data={
* "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Kubernetes = Pulumi.Kubernetes;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
* {
* AccountId = "myaccount",
* DisplayName = "My Service Account",
* });
* var mykey = new Gcp.ServiceAccount.Key("mykey", new()
* {
* ServiceAccountId = myaccount.Name,
* });
* var google_application_credentials = new Kubernetes.Core.V1.Secret("google-application-credentials", new()
* {
* Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
* {
* Name = "google-application-credentials",
* },
* Data =
* {
* { "json", Std.Base64decode.Invoke(new()
* {
* Input = mykey.PrivateKey,
* }).Apply(invoke => invoke.Result) },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
* corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
* metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
* AccountId: pulumi.String("myaccount"),
* DisplayName: pulumi.String("My Service Account"),
* })
* if err != nil {
* return err
* }
* mykey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
* ServiceAccountId: myaccount.Name,
* })
* if err != nil {
* return err
* }
* _, err = corev1.NewSecret(ctx, "google-application-credentials", &corev1.SecretArgs{
* Metadata: &metav1.ObjectMetaArgs{
* Name: pulumi.String("google-application-credentials"),
* },
* Data: pulumi.StringMap{
* "json": std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{
* Input: mykey.PrivateKey,
* }, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {
* return invoke.Result, nil
* }).(pulumi.StringPtrOutput),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.serviceaccount.Account;
* import com.pulumi.gcp.serviceaccount.AccountArgs;
* import com.pulumi.gcp.serviceaccount.Key;
* import com.pulumi.gcp.serviceaccount.KeyArgs;
* import com.pulumi.kubernetes.core_v1.Secret;
* import com.pulumi.kubernetes.core_v1.SecretArgs;
* import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* // Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* // https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* var myaccount = new Account("myaccount", AccountArgs.builder()
* .accountId("myaccount")
* .displayName("My Service Account")
* .build());
* var mykey = new Key("mykey", KeyArgs.builder()
* .serviceAccountId(myaccount.name())
* .build());
* var google_application_credentials = new Secret("google-application-credentials", SecretArgs.builder()
* .metadata(ObjectMetaArgs.builder()
* .name("google-application-credentials")
* .build())
* .data(Map.of("json", StdFunctions.base64decode().applyValue(invoke -> invoke.result())))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* # Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
* # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
* myaccount:
* type: gcp:serviceaccount:Account
* properties:
* accountId: myaccount
* displayName: My Service Account
* mykey:
* type: gcp:serviceaccount:Key
* properties:
* serviceAccountId: ${myaccount.name}
* google-application-credentials:
* type: kubernetes:core/v1:Secret
* properties:
* metadata:
* name: google-application-credentials
* data:
* json:
* fn::invoke:
* Function: std:base64decode
* Arguments:
* input: ${mykey.privateKey}
* Return: result
* ```
*
* ## Import
* This resource does not support import.
* @property keepers Arbitrary map of values that, when changed, will trigger a new key to be generated.
* @property keyAlgorithm The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
* Valid values are listed at
* [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountKeyAlgorithm)
* (only used on create)
* @property privateKeyType The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
* @property publicKeyData Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with `public_key_type` and `private_key_type`.
* @property publicKeyType The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
* @property serviceAccountId The Service account id of the Key. This can be a string in the format
* `{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. If the `{ACCOUNT}`-only syntax is used, either
* the **full** email address of the service account or its name can be specified as a value, in which case the project will
* automatically be inferred from the account. Otherwise, if the `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`
* syntax is used, the `{ACCOUNT}` specified can be the full email address of the service account or the service account's
* unique id. Substituting `-` as a wildcard for the `{PROJECT_ID}` will infer the project from the account.
*/
public data class KeyArgs(
public val keepers: Output
© 2015 - 2025 Weber Informatics LLC | Privacy Policy