All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.serviceaccount.kotlin.ServiceaccountFunctions.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.serviceaccount.kotlin

import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions.getAccountAccessTokenPlain
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions.getAccountIdTokenPlain
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions.getAccountJwtPlain
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions.getAccountKeyPlain
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions.getAccountPlain
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions.getIamPolicyPlain
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountAccessTokenPlainArgs
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountAccessTokenPlainArgsBuilder
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountIdTokenPlainArgs
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountIdTokenPlainArgsBuilder
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountJwtPlainArgs
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountJwtPlainArgsBuilder
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountKeyPlainArgs
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountKeyPlainArgsBuilder
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountPlainArgs
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountPlainArgsBuilder
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetIamPolicyPlainArgs
import com.pulumi.gcp.serviceaccount.kotlin.inputs.GetIamPolicyPlainArgsBuilder
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountAccessTokenResult
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountIdTokenResult
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountJwtResult
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountKeyResult
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountResult
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetIamPolicyResult
import kotlinx.coroutines.future.await
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountAccessTokenResult.Companion.toKotlin as getAccountAccessTokenResultToKotlin
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountIdTokenResult.Companion.toKotlin as getAccountIdTokenResultToKotlin
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountJwtResult.Companion.toKotlin as getAccountJwtResultToKotlin
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountKeyResult.Companion.toKotlin as getAccountKeyResultToKotlin
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetAccountResult.Companion.toKotlin as getAccountResultToKotlin
import com.pulumi.gcp.serviceaccount.kotlin.outputs.GetIamPolicyResult.Companion.toKotlin as getIamPolicyResultToKotlin

public object ServiceaccountFunctions {
    /**
     * Get the service account from a project. For more information see
     * the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.
     * ## Example Usage
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * const objectViewer = gcp.serviceaccount.getAccount({
     *     accountId: "object-viewer",
     * });
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * object_viewer = gcp.serviceaccount.get_account(account_id="object-viewer")
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var objectViewer = Gcp.ServiceAccount.GetAccount.Invoke(new()
     *     {
     *         AccountId = "object-viewer",
     *     });
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		_, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
     * 			AccountId: "object-viewer",
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var objectViewer = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
     *             .accountId("object-viewer")
     *             .build());
     *     }
     * }
     * ```
     * ```yaml
     * variables:
     *   objectViewer:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccount
     *       Arguments:
     *         accountId: object-viewer
     * ```
     * 
     * ### Save Key In Kubernetes Secret
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * import * as kubernetes from "@pulumi/kubernetes";
     * import * as std from "@pulumi/std";
     * const myaccount = gcp.serviceaccount.getAccount({
     *     accountId: "myaccount-id",
     * });
     * const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.then(myaccount => myaccount.name)});
     * const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", {
     *     metadata: {
     *         name: "google-application-credentials",
     *     },
     *     data: {
     *         json: std.base64decodeOutput({
     *             input: mykey.privateKey,
     *         }).apply(invoke => invoke.result),
     *     },
     * });
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * import pulumi_kubernetes as kubernetes
     * import pulumi_std as std
     * myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
     * mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
     * google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
     *     metadata=kubernetes.meta.v1.ObjectMetaArgs(
     *         name="google-application-credentials",
     *     ),
     *     data={
     *         "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
     *     })
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * using Kubernetes = Pulumi.Kubernetes;
     * using Std = Pulumi.Std;
     * return await Deployment.RunAsync(() =>
     * {
     *     var myaccount = Gcp.ServiceAccount.GetAccount.Invoke(new()
     *     {
     *         AccountId = "myaccount-id",
     *     });
     *     var mykey = new Gcp.ServiceAccount.Key("mykey", new()
     *     {
     *         ServiceAccountId = myaccount.Apply(getAccountResult => getAccountResult.Name),
     *     });
     *     var google_application_credentials = new Kubernetes.Core.V1.Secret("google-application-credentials", new()
     *     {
     *         Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
     *         {
     *             Name = "google-application-credentials",
     *         },
     *         Data =
     *         {
     *             { "json", Std.Base64decode.Invoke(new()
     *             {
     *                 Input = mykey.PrivateKey,
     *             }).Apply(invoke => invoke.Result) },
     *         },
     *     });
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
     * 	metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
     * 	"github.com/pulumi/pulumi-std/sdk/go/std"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		myaccount, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
     * 			AccountId: "myaccount-id",
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		mykey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
     * 			ServiceAccountId: pulumi.String(myaccount.Name),
     * 		})
     * 		if err != nil {
     * 			return err
     * 		}
     * 		_, err = corev1.NewSecret(ctx, "google-application-credentials", &corev1.SecretArgs{
     * 			Metadata: &metav1.ObjectMetaArgs{
     * 				Name: pulumi.String("google-application-credentials"),
     * 			},
     * 			Data: pulumi.StringMap{
     * 				"json": std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{
     * 					Input: mykey.PrivateKey,
     * 				}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {
     * 					return invoke.Result, nil
     * 				}).(pulumi.StringPtrOutput),
     * 			},
     * 		})
     * 		if err != nil {
     * 			return err
     * 		}
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
     * import com.pulumi.gcp.serviceaccount.Key;
     * import com.pulumi.gcp.serviceaccount.KeyArgs;
     * import com.pulumi.kubernetes.core_v1.Secret;
     * import com.pulumi.kubernetes.core_v1.SecretArgs;
     * import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var myaccount = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
     *             .accountId("myaccount-id")
     *             .build());
     *         var mykey = new Key("mykey", KeyArgs.builder()
     *             .serviceAccountId(myaccount.applyValue(getAccountResult -> getAccountResult.name()))
     *             .build());
     *         var google_application_credentials = new Secret("google-application-credentials", SecretArgs.builder()
     *             .metadata(ObjectMetaArgs.builder()
     *                 .name("google-application-credentials")
     *                 .build())
     *             .data(Map.of("json", StdFunctions.base64decode().applyValue(invoke -> invoke.result())))
     *             .build());
     *     }
     * }
     * ```
     * ```yaml
     * resources:
     *   mykey:
     *     type: gcp:serviceaccount:Key
     *     properties:
     *       serviceAccountId: ${myaccount.name}
     *   google-application-credentials:
     *     type: kubernetes:core/v1:Secret
     *     properties:
     *       metadata:
     *         name: google-application-credentials
     *       data:
     *         json:
     *           fn::invoke:
     *             Function: std:base64decode
     *             Arguments:
     *               input: ${mykey.privateKey}
     *             Return: result
     * variables:
     *   myaccount:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccount
     *       Arguments:
     *         accountId: myaccount-id
     * ```
     * 
     * @param argument A collection of arguments for invoking getAccount.
     * @return A collection of values returned by getAccount.
     */
    public suspend fun getAccount(argument: GetAccountPlainArgs): GetAccountResult =
        getAccountResultToKotlin(getAccountPlain(argument.toJava()).await())

    /**
     * @see [getAccount].
     * @param accountId The Google service account ID. This be one of:
     * * The name of the service account within the project (e.g. `my-service`)
     * * The fully-qualified path to a service account resource (e.g.
     * `projects/my-project/serviceAccounts/...`)
     * * The email address of the service account (e.g.
     * `[email protected]`)
     * @param project The ID of the project that the service account is present in.
     * Defaults to the provider project configuration.
     * @return A collection of values returned by getAccount.
     */
    public suspend fun getAccount(accountId: String, project: String? = null): GetAccountResult {
        val argument = GetAccountPlainArgs(
            accountId = accountId,
            project = project,
        )
        return getAccountResultToKotlin(getAccountPlain(argument.toJava()).await())
    }

    /**
     * @see [getAccount].
     * @param argument Builder for [com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountPlainArgs].
     * @return A collection of values returned by getAccount.
     */
    public suspend fun getAccount(argument: suspend GetAccountPlainArgsBuilder.() -> Unit): GetAccountResult {
        val builder = GetAccountPlainArgsBuilder()
        builder.argument()
        val builtArgument = builder.build()
        return getAccountResultToKotlin(getAccountPlain(builtArgument.toJava()).await())
    }

    /**
     * This data source provides a google `oauth2` `access_token` for a different service account than the one initially running the script.
     * For more information see
     * [the official documentation](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials) as well as [iamcredentials.generateAccessToken()](https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken)
     * ## Example Usage
     * To allow `service_A` to impersonate `service_B`, grant the [Service Account Token Creator](https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role) on B to A.
     * In the IAM policy below, `service_A` is given the Token Creator role impersonate `service_B`
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * const token_creator_iam = new gcp.serviceaccount.IAMBinding("token-creator-iam", {
     *     serviceAccountId: "projects/-/serviceAccounts/[email protected]",
     *     role: "roles/iam.serviceAccountTokenCreator",
     *     members: ["serviceAccount:service_A@projectA.iam.gserviceaccount.com"],
     * });
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * token_creator_iam = gcp.serviceaccount.IAMBinding("token-creator-iam",
     *     service_account_id="projects/-/serviceAccounts/[email protected]",
     *     role="roles/iam.serviceAccountTokenCreator",
     *     members=["serviceAccount:service_A@projectA.iam.gserviceaccount.com"])
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var token_creator_iam = new Gcp.ServiceAccount.IAMBinding("token-creator-iam", new()
     *     {
     *         ServiceAccountId = "projects/-/serviceAccounts/[email protected]",
     *         Role = "roles/iam.serviceAccountTokenCreator",
     *         Members = new[]
     *         {
     *             "serviceAccount:[email protected]",
     *         },
     *     });
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		_, err := serviceaccount.NewIAMBinding(ctx, "token-creator-iam", &serviceaccount.IAMBindingArgs{
     * 			ServiceAccountId: pulumi.String("projects/-/serviceAccounts/[email protected]"),
     * 			Role:             pulumi.String("roles/iam.serviceAccountTokenCreator"),
     * 			Members: pulumi.StringArray{
     * 				pulumi.String("serviceAccount:[email protected]"),
     * 			},
     * 		})
     * 		if err != nil {
     * 			return err
     * 		}
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.IAMBinding;
     * import com.pulumi.gcp.serviceaccount.IAMBindingArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         var token_creator_iam = new IAMBinding("token-creator-iam", IAMBindingArgs.builder()
     *             .serviceAccountId("projects/-/serviceAccounts/[email protected]")
     *             .role("roles/iam.serviceAccountTokenCreator")
     *             .members("serviceAccount:[email protected]")
     *             .build());
     *     }
     * }
     * ```
     * ```yaml
     * resources:
     *   token-creator-iam:
     *     type: gcp:serviceaccount:IAMBinding
     *     properties:
     *       serviceAccountId: projects/-/serviceAccounts/[email protected]
     *       role: roles/iam.serviceAccountTokenCreator
     *       members:
     *         - serviceAccount:[email protected]
     * ```
     * 
     * Once the IAM permissions are set, you can apply the new token to a provider bootstrapped with it.  Any resources that references the aliased provider will run as the new identity.
     * In the example below, `gcp.organizations.Project` will run as `service_B`.
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * export = async () => {
     *     const default = await gcp.organizations.getClientConfig({});
     *     const defaultGetAccountAccessToken = await gcp.serviceaccount.getAccountAccessToken({
     *         targetServiceAccount: "[email protected]",
     *         scopes: [
     *             "userinfo-email",
     *             "cloud-platform",
     *         ],
     *         lifetime: "300s",
     *     });
     *     const me = await gcp.organizations.getClientOpenIdUserInfo({});
     *     return {
     *         "target-email": me.email,
     *     };
     * }
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * default = gcp.organizations.get_client_config()
     * default_get_account_access_token = gcp.serviceaccount.get_account_access_token(target_service_account="[email protected]",
     *     scopes=[
     *         "userinfo-email",
     *         "cloud-platform",
     *     ],
     *     lifetime="300s")
     * me = gcp.organizations.get_client_open_id_user_info()
     * pulumi.export("target-email", me.email)
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var @default = Gcp.Organizations.GetClientConfig.Invoke();
     *     var defaultGetAccountAccessToken = Gcp.ServiceAccount.GetAccountAccessToken.Invoke(new()
     *     {
     *         TargetServiceAccount = "[email protected]",
     *         Scopes = new[]
     *         {
     *             "userinfo-email",
     *             "cloud-platform",
     *         },
     *         Lifetime = "300s",
     *     });
     *     var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();
     *     return new Dictionary
     *     {
     *         ["target-email"] = me.Apply(getClientOpenIdUserInfoResult => getClientOpenIdUserInfoResult.Email),
     *     };
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		_, err := organizations.GetClientConfig(ctx, nil, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		_, err = serviceaccount.GetAccountAccessToken(ctx, &serviceaccount.GetAccountAccessTokenArgs{
     * 			TargetServiceAccount: "[email protected]",
     * 			Scopes: []string{
     * 				"userinfo-email",
     * 				"cloud-platform",
     * 			},
     * 			Lifetime: pulumi.StringRef("300s"),
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		me, err := organizations.GetClientOpenIdUserInfo(ctx, nil, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		ctx.Export("target-email", me.Email)
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.organizations.OrganizationsFunctions;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountAccessTokenArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var default = OrganizationsFunctions.getClientConfig();
     *         final var defaultGetAccountAccessToken = ServiceaccountFunctions.getAccountAccessToken(GetAccountAccessTokenArgs.builder()
     *             .targetServiceAccount("[email protected]")
     *             .scopes(
     *                 "userinfo-email",
     *                 "cloud-platform")
     *             .lifetime("300s")
     *             .build());
     *         final var me = OrganizationsFunctions.getClientOpenIdUserInfo();
     *         ctx.export("target-email", me.applyValue(getClientOpenIdUserInfoResult -> getClientOpenIdUserInfoResult.email()));
     *     }
     * }
     * ```
     * ```yaml
     * variables:
     *   default:
     *     fn::invoke:
     *       Function: gcp:organizations:getClientConfig
     *       Arguments: {}
     *   defaultGetAccountAccessToken:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccountAccessToken
     *       Arguments:
     *         targetServiceAccount: [email protected]
     *         scopes:
     *           - userinfo-email
     *           - cloud-platform
     *         lifetime: 300s
     *   me:
     *     fn::invoke:
     *       Function: gcp:organizations:getClientOpenIdUserInfo
     *       Arguments: {}
     * outputs:
     *   target-email: ${me.email}
     * ```
     * 
     * > *Note*: the generated token is non-refreshable and can have a maximum `lifetime` of `3600` seconds.
     * @param argument A collection of arguments for invoking getAccountAccessToken.
     * @return A collection of values returned by getAccountAccessToken.
     */
    public suspend fun getAccountAccessToken(argument: GetAccountAccessTokenPlainArgs): GetAccountAccessTokenResult =
        getAccountAccessTokenResultToKotlin(getAccountAccessTokenPlain(argument.toJava()).await())

    /**
     * @see [getAccountAccessToken].
     * @param delegates Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.  (e.g. `["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"]`)
     * @param lifetime Lifetime of the impersonated token (defaults to its max: `3600s`).
     * @param scopes The scopes the new credential should have (e.g. `["cloud-platform"]`)
     * @param targetServiceAccount The service account _to_ impersonate (e.g. `[email protected]`)
     * @return A collection of values returned by getAccountAccessToken.
     */
    public suspend fun getAccountAccessToken(
        delegates: List? = null,
        lifetime: String? = null,
        scopes: List,
        targetServiceAccount: String,
    ): GetAccountAccessTokenResult {
        val argument = GetAccountAccessTokenPlainArgs(
            delegates = delegates,
            lifetime = lifetime,
            scopes = scopes,
            targetServiceAccount = targetServiceAccount,
        )
        return getAccountAccessTokenResultToKotlin(getAccountAccessTokenPlain(argument.toJava()).await())
    }

    /**
     * @see [getAccountAccessToken].
     * @param argument Builder for [com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountAccessTokenPlainArgs].
     * @return A collection of values returned by getAccountAccessToken.
     */
    public suspend fun getAccountAccessToken(argument: suspend GetAccountAccessTokenPlainArgsBuilder.() -> Unit): GetAccountAccessTokenResult {
        val builder = GetAccountAccessTokenPlainArgsBuilder()
        builder.argument()
        val builtArgument = builder.build()
        return getAccountAccessTokenResultToKotlin(getAccountAccessTokenPlain(builtArgument.toJava()).await())
    }

    /**
     * This data source provides a Google OpenID Connect (`oidc`) `id_token`.  Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. [Google Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service)).
     * For more information see
     * [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).
     * ## Example Usage
     * ### ServiceAccount JSON Credential File.
     *   `gcp.serviceaccount.getAccountIdToken` will use the configured provider credentials
     *   
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * const oidc = gcp.serviceaccount.getAccountIdToken({
     *     targetAudience: "https://foo.bar/",
     * });
     * export const oidcToken = oidc.then(oidc => oidc.idToken);
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * oidc = gcp.serviceaccount.get_account_id_token(target_audience="https://foo.bar/")
     * pulumi.export("oidcToken", oidc.id_token)
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()
     *     {
     *         TargetAudience = "https://foo.bar/",
     *     });
     *     return new Dictionary
     *     {
     *         ["oidcToken"] = oidc.Apply(getAccountIdTokenResult => getAccountIdTokenResult.IdToken),
     *     };
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		oidc, err := serviceaccount.GetAccountIdToken(ctx, &serviceaccount.GetAccountIdTokenArgs{
     * 			TargetAudience: "https://foo.bar/",
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		ctx.Export("oidcToken", oidc.IdToken)
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()
     *             .targetAudience("https://foo.bar/")
     *             .build());
     *         ctx.export("oidcToken", oidc.applyValue(getAccountIdTokenResult -> getAccountIdTokenResult.idToken()));
     *     }
     * }
     * ```
     * ```yaml
     * variables:
     *   oidc:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccountIdToken
     *       Arguments:
     *         targetAudience: https://foo.bar/
     * outputs:
     *   oidcToken: ${oidc.idToken}
     * ```
     * 
     * ### Service Account Impersonation.
     *   `gcp.serviceaccount.getAccountAccessToken` will use background impersonated credentials provided by `gcp.serviceaccount.getAccountAccessToken`.
     *   Note: to use the following, you must grant `target_service_account` the
     *   `roles/iam.serviceAccountTokenCreator` role on itself.
     *   
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * const impersonated = gcp.serviceaccount.getAccountAccessToken({
     *     targetServiceAccount: "[email protected]",
     *     delegates: [],
     *     scopes: [
     *         "userinfo-email",
     *         "cloud-platform",
     *     ],
     *     lifetime: "300s",
     * });
     * const oidc = gcp.serviceaccount.getAccountIdToken({
     *     targetServiceAccount: "[email protected]",
     *     delegates: [],
     *     includeEmail: true,
     *     targetAudience: "https://foo.bar/",
     * });
     * export const oidcToken = oidc.then(oidc => oidc.idToken);
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * impersonated = gcp.serviceaccount.get_account_access_token(target_service_account="[email protected]",
     *     delegates=[],
     *     scopes=[
     *         "userinfo-email",
     *         "cloud-platform",
     *     ],
     *     lifetime="300s")
     * oidc = gcp.serviceaccount.get_account_id_token(target_service_account="[email protected]",
     *     delegates=[],
     *     include_email=True,
     *     target_audience="https://foo.bar/")
     * pulumi.export("oidcToken", oidc.id_token)
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var impersonated = Gcp.ServiceAccount.GetAccountAccessToken.Invoke(new()
     *     {
     *         TargetServiceAccount = "[email protected]",
     *         Delegates = new() { },
     *         Scopes = new[]
     *         {
     *             "userinfo-email",
     *             "cloud-platform",
     *         },
     *         Lifetime = "300s",
     *     });
     *     var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()
     *     {
     *         TargetServiceAccount = "[email protected]",
     *         Delegates = new() { },
     *         IncludeEmail = true,
     *         TargetAudience = "https://foo.bar/",
     *     });
     *     return new Dictionary
     *     {
     *         ["oidcToken"] = oidc.Apply(getAccountIdTokenResult => getAccountIdTokenResult.IdToken),
     *     };
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		_, err := serviceaccount.GetAccountAccessToken(ctx, &serviceaccount.GetAccountAccessTokenArgs{
     * 			TargetServiceAccount: "[email protected]",
     * 			Delegates:            []interface{}{},
     * 			Scopes: []string{
     * 				"userinfo-email",
     * 				"cloud-platform",
     * 			},
     * 			Lifetime: pulumi.StringRef("300s"),
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		oidc, err := serviceaccount.GetAccountIdToken(ctx, &serviceaccount.GetAccountIdTokenArgs{
     * 			TargetServiceAccount: pulumi.StringRef("[email protected]"),
     * 			Delegates:            []interface{}{},
     * 			IncludeEmail:         pulumi.BoolRef(true),
     * 			TargetAudience:       "https://foo.bar/",
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		ctx.Export("oidcToken", oidc.IdToken)
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountAccessTokenArgs;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var impersonated = ServiceaccountFunctions.getAccountAccessToken(GetAccountAccessTokenArgs.builder()
     *             .targetServiceAccount("[email protected]")
     *             .delegates()
     *             .scopes(
     *                 "userinfo-email",
     *                 "cloud-platform")
     *             .lifetime("300s")
     *             .build());
     *         final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()
     *             .targetServiceAccount("[email protected]")
     *             .delegates()
     *             .includeEmail(true)
     *             .targetAudience("https://foo.bar/")
     *             .build());
     *         ctx.export("oidcToken", oidc.applyValue(getAccountIdTokenResult -> getAccountIdTokenResult.idToken()));
     *     }
     * }
     * ```
     * ```yaml
     * variables:
     *   impersonated:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccountAccessToken
     *       Arguments:
     *         targetServiceAccount: [email protected]
     *         delegates: []
     *         scopes:
     *           - userinfo-email
     *           - cloud-platform
     *         lifetime: 300s
     *   oidc:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccountIdToken
     *       Arguments:
     *         targetServiceAccount: [email protected]
     *         delegates: []
     *         includeEmail: true
     *         targetAudience: https://foo.bar/
     * outputs:
     *   oidcToken: ${oidc.idToken}
     * ```
     * 
     * ### Invoking Cloud Run Endpoint
     *   The following configuration will invoke [Cloud Run](https://cloud.google.com/run/docs/authenticating/service-to-service) endpoint where the service account for the provider has been granted `roles/run.invoker` role previously.
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * import * as http from "@pulumi/http";
     * const oidc = gcp.serviceaccount.getAccountIdToken({
     *     targetAudience: "https://your.cloud.run.app/",
     * });
     * const cloudrun = oidc.then(oidc => http.getHttp({
     *     url: "https://your.cloud.run.app/",
     *     requestHeaders: {
     *         Authorization: `Bearer ${oidc.idToken}`,
     *     },
     * }));
     * export const cloudRunResponse = cloudrun.then(cloudrun => cloudrun.body);
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * import pulumi_http as http
     * oidc = gcp.serviceaccount.get_account_id_token(target_audience="https://your.cloud.run.app/")
     * cloudrun = http.get_http(url="https://your.cloud.run.app/",
     *     request_headers={
     *         "Authorization": f"Bearer {oidc.id_token}",
     *     })
     * pulumi.export("cloudRunResponse", cloudrun.body)
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * using Http = Pulumi.Http;
     * return await Deployment.RunAsync(() =>
     * {
     *     var oidc = Gcp.ServiceAccount.GetAccountIdToken.Invoke(new()
     *     {
     *         TargetAudience = "https://your.cloud.run.app/",
     *     });
     *     var cloudrun = Http.GetHttp.Invoke(new()
     *     {
     *         Url = "https://your.cloud.run.app/",
     *         RequestHeaders =
     *         {
     *             { "Authorization", $"Bearer {oidc.Apply(getAccountIdTokenResult => getAccountIdTokenResult.IdToken)}" },
     *         },
     *     });
     *     return new Dictionary
     *     {
     *         ["cloudRunResponse"] = cloudrun.Apply(getHttpResult => getHttpResult.Body),
     *     };
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"fmt"
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi-http/sdk/go/http"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		oidc, err := serviceaccount.GetAccountIdToken(ctx, &serviceaccount.GetAccountIdTokenArgs{
     * 			TargetAudience: "https://your.cloud.run.app/",
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		cloudrun, err := http.GetHttp(ctx, &http.GetHttpArgs{
     * 			Url: "https://your.cloud.run.app/",
     * 			RequestHeaders: map[string]interface{}{
     * 				"Authorization": fmt.Sprintf("Bearer %v", oidc.IdToken),
     * 			},
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		ctx.Export("cloudRunResponse", cloudrun.Body)
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountIdTokenArgs;
     * import com.pulumi.http.HttpFunctions;
     * import com.pulumi.http.inputs.GetHttpArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var oidc = ServiceaccountFunctions.getAccountIdToken(GetAccountIdTokenArgs.builder()
     *             .targetAudience("https://your.cloud.run.app/")
     *             .build());
     *         final var cloudrun = HttpFunctions.getHttp(GetHttpArgs.builder()
     *             .url("https://your.cloud.run.app/")
     *             .requestHeaders(Map.of("Authorization", String.format("Bearer %s", oidc.applyValue(getAccountIdTokenResult -> getAccountIdTokenResult.idToken()))))
     *             .build());
     *         ctx.export("cloudRunResponse", cloudrun.applyValue(getHttpResult -> getHttpResult.body()));
     *     }
     * }
     * ```
     * ```yaml
     * variables:
     *   oidc:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccountIdToken
     *       Arguments:
     *         targetAudience: https://your.cloud.run.app/
     *   cloudrun:
     *     fn::invoke:
     *       Function: http:getHttp
     *       Arguments:
     *         url: https://your.cloud.run.app/
     *         requestHeaders:
     *           Authorization: Bearer ${oidc.idToken}
     * outputs:
     *   cloudRunResponse: ${cloudrun.body}
     * ```
     * 
     * @param argument A collection of arguments for invoking getAccountIdToken.
     * @return A collection of values returned by getAccountIdToken.
     */
    public suspend fun getAccountIdToken(argument: GetAccountIdTokenPlainArgs): GetAccountIdTokenResult =
        getAccountIdTokenResultToKotlin(getAccountIdTokenPlain(argument.toJava()).await())

    /**
     * @see [getAccountIdToken].
     * @param delegates Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.   Used only when using impersonation mode.
     * @param includeEmail Include the verified email in the claim. Used only when using impersonation mode.
     * @param targetAudience The audience claim for the `id_token`.
     * @param targetServiceAccount The email of the service account being impersonated.  Used only when using impersonation mode.
     * @return A collection of values returned by getAccountIdToken.
     */
    public suspend fun getAccountIdToken(
        delegates: List? = null,
        includeEmail: Boolean? = null,
        targetAudience: String,
        targetServiceAccount: String? = null,
    ): GetAccountIdTokenResult {
        val argument = GetAccountIdTokenPlainArgs(
            delegates = delegates,
            includeEmail = includeEmail,
            targetAudience = targetAudience,
            targetServiceAccount = targetServiceAccount,
        )
        return getAccountIdTokenResultToKotlin(getAccountIdTokenPlain(argument.toJava()).await())
    }

    /**
     * @see [getAccountIdToken].
     * @param argument Builder for [com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountIdTokenPlainArgs].
     * @return A collection of values returned by getAccountIdToken.
     */
    public suspend fun getAccountIdToken(argument: suspend GetAccountIdTokenPlainArgsBuilder.() -> Unit): GetAccountIdTokenResult {
        val builder = GetAccountIdTokenPlainArgsBuilder()
        builder.argument()
        val builtArgument = builder.build()
        return getAccountIdTokenResultToKotlin(getAccountIdTokenPlain(builtArgument.toJava()).await())
    }

    /**
     * This data source provides a [self-signed JWT](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-jwt).  Tokens issued from this data source are typically used to call external services that accept JWTs for authentication.
     * ## Example Usage
     * Note: in order to use the following, the caller must have _at least_ `roles/iam.serviceAccountTokenCreator` on the `target_service_account`.
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * const foo = gcp.serviceaccount.getAccountJwt({
     *     targetServiceAccount: "[email protected]",
     *     payload: JSON.stringify({
     *         foo: "bar",
     *         sub: "subject",
     *     }),
     *     expiresIn: 60,
     * });
     * export const jwt = foo.then(foo => foo.jwt);
     * ```
     * ```python
     * import pulumi
     * import json
     * import pulumi_gcp as gcp
     * foo = gcp.serviceaccount.get_account_jwt(target_service_account="[email protected]",
     *     payload=json.dumps({
     *         "foo": "bar",
     *         "sub": "subject",
     *     }),
     *     expires_in=60)
     * pulumi.export("jwt", foo.jwt)
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using System.Text.Json;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var foo = Gcp.ServiceAccount.GetAccountJwt.Invoke(new()
     *     {
     *         TargetServiceAccount = "[email protected]",
     *         Payload = JsonSerializer.Serialize(new Dictionary
     *         {
     *             ["foo"] = "bar",
     *             ["sub"] = "subject",
     *         }),
     *         ExpiresIn = 60,
     *     });
     *     return new Dictionary
     *     {
     *         ["jwt"] = foo.Apply(getAccountJwtResult => getAccountJwtResult.Jwt),
     *     };
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"encoding/json"
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		tmpJSON0, err := json.Marshal(map[string]interface{}{
     * 			"foo": "bar",
     * 			"sub": "subject",
     * 		})
     * 		if err != nil {
     * 			return err
     * 		}
     * 		json0 := string(tmpJSON0)
     * 		foo, err := serviceaccount.GetAccountJwt(ctx, &serviceaccount.GetAccountJwtArgs{
     * 			TargetServiceAccount: "[email protected]",
     * 			Payload:              json0,
     * 			ExpiresIn:            pulumi.IntRef(60),
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		ctx.Export("jwt", foo.Jwt)
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountJwtArgs;
     * import static com.pulumi.codegen.internal.Serialization.*;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var foo = ServiceaccountFunctions.getAccountJwt(GetAccountJwtArgs.builder()
     *             .targetServiceAccount("[email protected]")
     *             .payload(serializeJson(
     *                 jsonObject(
     *                     jsonProperty("foo", "bar"),
     *                     jsonProperty("sub", "subject")
     *                 )))
     *             .expiresIn(60)
     *             .build());
     *         ctx.export("jwt", foo.applyValue(getAccountJwtResult -> getAccountJwtResult.jwt()));
     *     }
     * }
     * ```
     * ```yaml
     * variables:
     *   foo:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccountJwt
     *       Arguments:
     *         targetServiceAccount: [email protected]
     *         payload:
     *           fn::toJSON:
     *             foo: bar
     *             sub: subject
     *         expiresIn: 60
     * outputs:
     *   jwt: ${foo.jwt}
     * ```
     * 
     * @param argument A collection of arguments for invoking getAccountJwt.
     * @return A collection of values returned by getAccountJwt.
     */
    public suspend fun getAccountJwt(argument: GetAccountJwtPlainArgs): GetAccountJwtResult =
        getAccountJwtResultToKotlin(getAccountJwtPlain(argument.toJava()).await())

    /**
     * @see [getAccountJwt].
     * @param delegates Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
     * @param expiresIn Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expires_in seconds.
     * @param payload The JSON-encoded JWT claims set to include in the self-signed JWT.
     * @param targetServiceAccount The email of the service account that will sign the JWT.
     * @return A collection of values returned by getAccountJwt.
     */
    public suspend fun getAccountJwt(
        delegates: List? = null,
        expiresIn: Int? = null,
        payload: String,
        targetServiceAccount: String,
    ): GetAccountJwtResult {
        val argument = GetAccountJwtPlainArgs(
            delegates = delegates,
            expiresIn = expiresIn,
            payload = payload,
            targetServiceAccount = targetServiceAccount,
        )
        return getAccountJwtResultToKotlin(getAccountJwtPlain(argument.toJava()).await())
    }

    /**
     * @see [getAccountJwt].
     * @param argument Builder for [com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountJwtPlainArgs].
     * @return A collection of values returned by getAccountJwt.
     */
    public suspend fun getAccountJwt(argument: suspend GetAccountJwtPlainArgsBuilder.() -> Unit): GetAccountJwtResult {
        val builder = GetAccountJwtPlainArgsBuilder()
        builder.argument()
        val builtArgument = builder.build()
        return getAccountJwtResultToKotlin(getAccountJwtPlain(builtArgument.toJava()).await())
    }

    /**
     * Get service account public key. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/get).
     * ## Example Usage
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * const myaccount = new gcp.serviceaccount.Account("myaccount", {accountId: "dev-foo-account"});
     * const mykeyKey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.name});
     * const mykey = gcp.serviceaccount.getAccountKeyOutput({
     *     name: mykeyKey.name,
     *     publicKeyType: "TYPE_X509_PEM_FILE",
     * });
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * myaccount = gcp.serviceaccount.Account("myaccount", account_id="dev-foo-account")
     * mykey_key = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
     * mykey = gcp.serviceaccount.get_account_key_output(name=mykey_key.name,
     *     public_key_type="TYPE_X509_PEM_FILE")
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
     *     {
     *         AccountId = "dev-foo-account",
     *     });
     *     var mykeyKey = new Gcp.ServiceAccount.Key("mykey", new()
     *     {
     *         ServiceAccountId = myaccount.Name,
     *     });
     *     var mykey = Gcp.ServiceAccount.GetAccountKey.Invoke(new()
     *     {
     *         Name = mykeyKey.Name,
     *         PublicKeyType = "TYPE_X509_PEM_FILE",
     *     });
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
     * 			AccountId: pulumi.String("dev-foo-account"),
     * 		})
     * 		if err != nil {
     * 			return err
     * 		}
     * 		mykeyKey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
     * 			ServiceAccountId: myaccount.Name,
     * 		})
     * 		if err != nil {
     * 			return err
     * 		}
     * 		_ = serviceaccount.GetAccountKeyOutput(ctx, serviceaccount.GetAccountKeyOutputArgs{
     * 			Name:          mykeyKey.Name,
     * 			PublicKeyType: pulumi.String("TYPE_X509_PEM_FILE"),
     * 		}, nil)
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.Account;
     * import com.pulumi.gcp.serviceaccount.AccountArgs;
     * import com.pulumi.gcp.serviceaccount.Key;
     * import com.pulumi.gcp.serviceaccount.KeyArgs;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetAccountKeyArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         var myaccount = new Account("myaccount", AccountArgs.builder()
     *             .accountId("dev-foo-account")
     *             .build());
     *         var mykeyKey = new Key("mykeyKey", KeyArgs.builder()
     *             .serviceAccountId(myaccount.name())
     *             .build());
     *         final var mykey = ServiceaccountFunctions.getAccountKey(GetAccountKeyArgs.builder()
     *             .name(mykeyKey.name())
     *             .publicKeyType("TYPE_X509_PEM_FILE")
     *             .build());
     *     }
     * }
     * ```
     * ```yaml
     * resources:
     *   myaccount:
     *     type: gcp:serviceaccount:Account
     *     properties:
     *       accountId: dev-foo-account
     *   mykeyKey:
     *     type: gcp:serviceaccount:Key
     *     name: mykey
     *     properties:
     *       serviceAccountId: ${myaccount.name}
     * variables:
     *   mykey:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getAccountKey
     *       Arguments:
     *         name: ${mykeyKey.name}
     *         publicKeyType: TYPE_X509_PEM_FILE
     * ```
     * 
     * @param argument A collection of arguments for invoking getAccountKey.
     * @return A collection of values returned by getAccountKey.
     */
    public suspend fun getAccountKey(argument: GetAccountKeyPlainArgs): GetAccountKeyResult =
        getAccountKeyResultToKotlin(getAccountKeyPlain(argument.toJava()).await())

    /**
     * @see [getAccountKey].
     * @param name The name of the service account key. This must have format
     * `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{KEYID}`, where `{ACCOUNT}`
     * is the email address or unique id of the service account.
     * @param project The ID of the project that the service account will be created in.
     * Defaults to the provider project configuration.
     * @param publicKeyType The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
     * @return A collection of values returned by getAccountKey.
     */
    public suspend fun getAccountKey(
        name: String,
        project: String? = null,
        publicKeyType: String? = null,
    ): GetAccountKeyResult {
        val argument = GetAccountKeyPlainArgs(
            name = name,
            project = project,
            publicKeyType = publicKeyType,
        )
        return getAccountKeyResultToKotlin(getAccountKeyPlain(argument.toJava()).await())
    }

    /**
     * @see [getAccountKey].
     * @param argument Builder for [com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountKeyPlainArgs].
     * @return A collection of values returned by getAccountKey.
     */
    public suspend fun getAccountKey(argument: suspend GetAccountKeyPlainArgsBuilder.() -> Unit): GetAccountKeyResult {
        val builder = GetAccountKeyPlainArgsBuilder()
        builder.argument()
        val builtArgument = builder.build()
        return getAccountKeyResultToKotlin(getAccountKeyPlain(builtArgument.toJava()).await())
    }

    /**
     * Retrieves the current IAM policy data for a service account.
     * ## example
     * 
     * ```typescript
     * import * as pulumi from "@pulumi/pulumi";
     * import * as gcp from "@pulumi/gcp";
     * const foo = gcp.serviceaccount.getIamPolicy({
     *     serviceAccountId: testAccount.name,
     * });
     * ```
     * ```python
     * import pulumi
     * import pulumi_gcp as gcp
     * foo = gcp.serviceaccount.get_iam_policy(service_account_id=test_account["name"])
     * ```
     * ```csharp
     * using System.Collections.Generic;
     * using System.Linq;
     * using Pulumi;
     * using Gcp = Pulumi.Gcp;
     * return await Deployment.RunAsync(() =>
     * {
     *     var foo = Gcp.ServiceAccount.GetIamPolicy.Invoke(new()
     *     {
     *         ServiceAccountId = testAccount.Name,
     *     });
     * });
     * ```
     * ```go
     * package main
     * import (
     * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
     * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
     * )
     * func main() {
     * 	pulumi.Run(func(ctx *pulumi.Context) error {
     * 		_, err := serviceaccount.GetIamPolicy(ctx, &serviceaccount.GetIamPolicyArgs{
     * 			ServiceAccountId: testAccount.Name,
     * 		}, nil)
     * 		if err != nil {
     * 			return err
     * 		}
     * 		return nil
     * 	})
     * }
     * ```
     * ```java
     * package generated_program;
     * import com.pulumi.Context;
     * import com.pulumi.Pulumi;
     * import com.pulumi.core.Output;
     * import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
     * import com.pulumi.gcp.serviceaccount.inputs.GetIamPolicyArgs;
     * import java.util.List;
     * import java.util.ArrayList;
     * import java.util.Map;
     * import java.io.File;
     * import java.nio.file.Files;
     * import java.nio.file.Paths;
     * public class App {
     *     public static void main(String[] args) {
     *         Pulumi.run(App::stack);
     *     }
     *     public static void stack(Context ctx) {
     *         final var foo = ServiceaccountFunctions.getIamPolicy(GetIamPolicyArgs.builder()
     *             .serviceAccountId(testAccount.name())
     *             .build());
     *     }
     * }
     * ```
     * ```yaml
     * variables:
     *   foo:
     *     fn::invoke:
     *       Function: gcp:serviceaccount:getIamPolicy
     *       Arguments:
     *         serviceAccountId: ${testAccount.name}
     * ```
     * 
     * @param argument A collection of arguments for invoking getIamPolicy.
     * @return A collection of values returned by getIamPolicy.
     */
    public suspend fun getIamPolicy(argument: GetIamPolicyPlainArgs): GetIamPolicyResult =
        getIamPolicyResultToKotlin(getIamPolicyPlain(argument.toJava()).await())

    /**
     * @see [getIamPolicy].
     * @param serviceAccountId The fully-qualified name of the service account to apply policy to.
     * @return A collection of values returned by getIamPolicy.
     */
    public suspend fun getIamPolicy(serviceAccountId: String): GetIamPolicyResult {
        val argument = GetIamPolicyPlainArgs(
            serviceAccountId = serviceAccountId,
        )
        return getIamPolicyResultToKotlin(getIamPolicyPlain(argument.toJava()).await())
    }

    /**
     * @see [getIamPolicy].
     * @param argument Builder for [com.pulumi.gcp.serviceaccount.kotlin.inputs.GetIamPolicyPlainArgs].
     * @return A collection of values returned by getIamPolicy.
     */
    public suspend fun getIamPolicy(argument: suspend GetIamPolicyPlainArgsBuilder.() -> Unit): GetIamPolicyResult {
        val builder = GetIamPolicyPlainArgsBuilder()
        builder.argument()
        val builtArgument = builder.build()
        return getIamPolicyResultToKotlin(getIamPolicyPlain(builtArgument.toJava()).await())
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy