Docs Home
Google Cloud v8.25.1 published on Wednesday, Apr 9, 2025 by Pulumi
gcp.serviceaccount.getAccount
Explore with Pulumi AI
Get the service account from a project. For more information see the official API documentation.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const objectViewer = gcp.serviceaccount.getAccount({
accountId: "object-viewer",
});
import pulumi
import pulumi_gcp as gcp
object_viewer = gcp.serviceaccount.get_account(account_id="object-viewer")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
AccountId: "object-viewer",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var objectViewer = Gcp.ServiceAccount.GetAccount.Invoke(new()
{
AccountId = "object-viewer",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var objectViewer = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
.accountId("object-viewer")
.build());
}
}
variables:
objectViewer:
fn::invoke:
function: gcp:serviceaccount:getAccount
arguments:
accountId: object-viewer
Save Key In Kubernetes Secret
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as kubernetes from "@pulumi/kubernetes";
import * as std from "@pulumi/std";
const myaccount = gcp.serviceaccount.getAccount({
accountId: "myaccount-id",
});
const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.then(myaccount => myaccount.name)});
const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", {
metadata: {
name: "google-application-credentials",
},
data: {
json: std.base64decodeOutput({
input: mykey.privateKey,
}).apply(invoke => invoke.result),
},
});
import pulumi
import pulumi_gcp as gcp
import pulumi_kubernetes as kubernetes
import pulumi_std as std
myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
metadata={
"name": "google-application-credentials",
},
data={
"json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myaccount, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
AccountId: "myaccount-id",
}, nil)
if err != nil {
return err
}
mykey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
ServiceAccountId: pulumi.String(myaccount.Name),
})
if err != nil {
return err
}
_, err = corev1.NewSecret(ctx, "google-application-credentials", &corev1.SecretArgs{
Metadata: &metav1.ObjectMetaArgs{
Name: pulumi.String("google-application-credentials"),
},
Data: pulumi.StringMap{
"json": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{
Input: mykey.PrivateKey,
}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {
return invoke.Result, nil
}).(pulumi.StringPtrOutput)),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Kubernetes = Pulumi.Kubernetes;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var myaccount = Gcp.ServiceAccount.GetAccount.Invoke(new()
{
AccountId = "myaccount-id",
});
var mykey = new Gcp.ServiceAccount.Key("mykey", new()
{
ServiceAccountId = myaccount.Apply(getAccountResult => getAccountResult.Name),
});
var google_application_credentials = new Kubernetes.Core.V1.Secret("google-application-credentials", new()
{
Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
{
Name = "google-application-credentials",
},
Data =
{
{ "json", Std.Base64decode.Invoke(new()
{
Input = mykey.PrivateKey,
}).Apply(invoke => invoke.Result) },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
import com.pulumi.gcp.serviceaccount.Key;
import com.pulumi.gcp.serviceaccount.KeyArgs;
import com.pulumi.kubernetes.core_v1.Secret;
import com.pulumi.kubernetes.core_v1.SecretArgs;
import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.Base64decodeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var myaccount = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
.accountId("myaccount-id")
.build());
var mykey = new Key("mykey", KeyArgs.builder()
.serviceAccountId(myaccount.name())
.build());
var google_application_credentials = new Secret("google-application-credentials", SecretArgs.builder()
.metadata(ObjectMetaArgs.builder()
.name("google-application-credentials")
.build())
.data(Map.of("json", StdFunctions.base64decode(Base64decodeArgs.builder()
.input(mykey.privateKey())
.build()).applyValue(_invoke -> _invoke.result())))
.build());
}
}
resources:
mykey:
type: gcp:serviceaccount:Key
properties:
serviceAccountId: ${myaccount.name}
google-application-credentials:
type: kubernetes:core/v1:Secret
properties:
metadata:
name: google-application-credentials
data:
json:
fn::invoke:
function: std:base64decode
arguments:
input: ${mykey.privateKey}
return: result
variables:
myaccount:
fn::invoke:
function: gcp:serviceaccount:getAccount
arguments:
accountId: myaccount-id
Using getAccount
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccount(args: GetAccountArgs, opts?: InvokeOptions): Promise<GetAccountResult>
function getAccountOutput(args: GetAccountOutputArgs, opts?: InvokeOptions): Output<GetAccountResult>def get_account(account_id: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAccountResult
def get_account_output(account_id: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAccountResult]func LookupAccount(ctx *Context, args *LookupAccountArgs, opts ...InvokeOption) (*LookupAccountResult, error)
func LookupAccountOutput(ctx *Context, args *LookupAccountOutputArgs, opts ...InvokeOption) LookupAccountResultOutput> Note: This function is named LookupAccount in the Go SDK.
public static class GetAccount
{
public static Task<GetAccountResult> InvokeAsync(GetAccountArgs args, InvokeOptions? opts = null)
public static Output<GetAccountResult> Invoke(GetAccountInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
public static Output<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
fn::invoke:
function: gcp:serviceaccount/getAccount:getAccount
arguments:
# arguments dictionaryThe following arguments are supported:
- Account
Id This property is required. string The Google service account ID. This be one of:
The name of the service account within the project (e.g.
my-service)The fully-qualified path to a service account resource (e.g.
projects/my-project/serviceAccounts/...)The email address of the service account (e.g.
my-service@my-project.iam.gserviceaccount.com)
- Project string
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- Account
Id This property is required. string The Google service account ID. This be one of:
The name of the service account within the project (e.g.
my-service)The fully-qualified path to a service account resource (e.g.
projects/my-project/serviceAccounts/...)The email address of the service account (e.g.
my-service@my-project.iam.gserviceaccount.com)
- Project string
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- account
Id This property is required. String The Google service account ID. This be one of:
The name of the service account within the project (e.g.
my-service)The fully-qualified path to a service account resource (e.g.
projects/my-project/serviceAccounts/...)The email address of the service account (e.g.
my-service@my-project.iam.gserviceaccount.com)
- project String
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- account
Id This property is required. string The Google service account ID. This be one of:
The name of the service account within the project (e.g.
my-service)The fully-qualified path to a service account resource (e.g.
projects/my-project/serviceAccounts/...)The email address of the service account (e.g.
my-service@my-project.iam.gserviceaccount.com)
- project string
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- account_
id This property is required. str The Google service account ID. This be one of:
The name of the service account within the project (e.g.
my-service)The fully-qualified path to a service account resource (e.g.
projects/my-project/serviceAccounts/...)The email address of the service account (e.g.
my-service@my-project.iam.gserviceaccount.com)
- project str
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
- account
Id This property is required. String The Google service account ID. This be one of:
The name of the service account within the project (e.g.
my-service)The fully-qualified path to a service account resource (e.g.
projects/my-project/serviceAccounts/...)The email address of the service account (e.g.
my-service@my-project.iam.gserviceaccount.com)
- project String
- The ID of the project that the service account is present in. Defaults to the provider project configuration.
getAccount Result
The following output properties are available:
- Account
Id string - Disabled bool
- Whether a service account is disabled or not.
- Display
Name string - The display name for the service account.
- Email string
- The e-mail address of the service account. This value
should be referenced from any
gcp.organizations.getIAMPolicydata sources that would grant the service account privileges. - Id string
- The provider-assigned unique ID for this managed resource.
- Member string
- The Identity of the service account in the form
serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions. - Name string
- The fully-qualified name of the service account.
- Unique
Id string - The unique id of the service account.
- Project string
- Account
Id string - Disabled bool
- Whether a service account is disabled or not.
- Display
Name string - The display name for the service account.
- Email string
- The e-mail address of the service account. This value
should be referenced from any
gcp.organizations.getIAMPolicydata sources that would grant the service account privileges. - Id string
- The provider-assigned unique ID for this managed resource.
- Member string
- The Identity of the service account in the form
serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions. - Name string
- The fully-qualified name of the service account.
- Unique
Id string - The unique id of the service account.
- Project string
- account
Id String - disabled Boolean
- Whether a service account is disabled or not.
- display
Name String - The display name for the service account.
- email String
- The e-mail address of the service account. This value
should be referenced from any
gcp.organizations.getIAMPolicydata sources that would grant the service account privileges. - id String
- The provider-assigned unique ID for this managed resource.
- member String
- The Identity of the service account in the form
serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions. - name String
- The fully-qualified name of the service account.
- unique
Id String - The unique id of the service account.
- project String
- account
Id string - disabled boolean
- Whether a service account is disabled or not.
- display
Name string - The display name for the service account.
- email string
- The e-mail address of the service account. This value
should be referenced from any
gcp.organizations.getIAMPolicydata sources that would grant the service account privileges. - id string
- The provider-assigned unique ID for this managed resource.
- member string
- The Identity of the service account in the form
serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions. - name string
- The fully-qualified name of the service account.
- unique
Id string - The unique id of the service account.
- project string
- account_
id str - disabled bool
- Whether a service account is disabled or not.
- display_
name str - The display name for the service account.
- email str
- The e-mail address of the service account. This value
should be referenced from any
gcp.organizations.getIAMPolicydata sources that would grant the service account privileges. - id str
- The provider-assigned unique ID for this managed resource.
- member str
- The Identity of the service account in the form
serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions. - name str
- The fully-qualified name of the service account.
- unique_
id str - The unique id of the service account.
- project str
- account
Id String - disabled Boolean
- Whether a service account is disabled or not.
- display
Name String - The display name for the service account.
- email String
- The e-mail address of the service account. This value
should be referenced from any
gcp.organizations.getIAMPolicydata sources that would grant the service account privileges. - id String
- The provider-assigned unique ID for this managed resource.
- member String
- The Identity of the service account in the form
serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions. - name String
- The fully-qualified name of the service account.
- unique
Id String - The unique id of the service account.
- project String
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.