1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. serviceaccount
  5. getAccount
Google Cloud v8.25.1 published on Wednesday, Apr 9, 2025 by Pulumi

gcp.serviceaccount.getAccount

Explore with Pulumi AI

Google Cloud v8.25.1 published on Wednesday, Apr 9, 2025 by Pulumi

Get the service account from a project. For more information see the official API documentation.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const objectViewer = gcp.serviceaccount.getAccount({
    accountId: "object-viewer",
});
Copy
import pulumi
import pulumi_gcp as gcp

object_viewer = gcp.serviceaccount.get_account(account_id="object-viewer")
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
			AccountId: "object-viewer",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var objectViewer = Gcp.ServiceAccount.GetAccount.Invoke(new()
    {
        AccountId = "object-viewer",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var objectViewer = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
            .accountId("object-viewer")
            .build());

    }
}
Copy
variables:
  objectViewer:
    fn::invoke:
      function: gcp:serviceaccount:getAccount
      arguments:
        accountId: object-viewer
Copy

Save Key In Kubernetes Secret

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as kubernetes from "@pulumi/kubernetes";
import * as std from "@pulumi/std";

const myaccount = gcp.serviceaccount.getAccount({
    accountId: "myaccount-id",
});
const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.then(myaccount => myaccount.name)});
const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", {
    metadata: {
        name: "google-application-credentials",
    },
    data: {
        json: std.base64decodeOutput({
            input: mykey.privateKey,
        }).apply(invoke => invoke.result),
    },
});
Copy
import pulumi
import pulumi_gcp as gcp
import pulumi_kubernetes as kubernetes
import pulumi_std as std

myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
    metadata={
        "name": "google-application-credentials",
    },
    data={
        "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
	metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
	"github.com/pulumi/pulumi-std/sdk/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceaccount.LookupAccount(ctx, &serviceaccount.LookupAccountArgs{
			AccountId: "myaccount-id",
		}, nil)
		if err != nil {
			return err
		}
		mykey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
			ServiceAccountId: pulumi.String(myaccount.Name),
		})
		if err != nil {
			return err
		}
		_, err = corev1.NewSecret(ctx, "google-application-credentials", &corev1.SecretArgs{
			Metadata: &metav1.ObjectMetaArgs{
				Name: pulumi.String("google-application-credentials"),
			},
			Data: pulumi.StringMap{
				"json": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{
					Input: mykey.PrivateKey,
				}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {
					return invoke.Result, nil
				}).(pulumi.StringPtrOutput)),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Kubernetes = Pulumi.Kubernetes;
using Std = Pulumi.Std;

return await Deployment.RunAsync(() => 
{
    var myaccount = Gcp.ServiceAccount.GetAccount.Invoke(new()
    {
        AccountId = "myaccount-id",
    });

    var mykey = new Gcp.ServiceAccount.Key("mykey", new()
    {
        ServiceAccountId = myaccount.Apply(getAccountResult => getAccountResult.Name),
    });

    var google_application_credentials = new Kubernetes.Core.V1.Secret("google-application-credentials", new()
    {
        Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
        {
            Name = "google-application-credentials",
        },
        Data = 
        {
            { "json", Std.Base64decode.Invoke(new()
            {
                Input = mykey.PrivateKey,
            }).Apply(invoke => invoke.Result) },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
import com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;
import com.pulumi.gcp.serviceaccount.Key;
import com.pulumi.gcp.serviceaccount.KeyArgs;
import com.pulumi.kubernetes.core_v1.Secret;
import com.pulumi.kubernetes.core_v1.SecretArgs;
import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.Base64decodeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var myaccount = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()
            .accountId("myaccount-id")
            .build());

        var mykey = new Key("mykey", KeyArgs.builder()
            .serviceAccountId(myaccount.name())
            .build());

        var google_application_credentials = new Secret("google-application-credentials", SecretArgs.builder()
            .metadata(ObjectMetaArgs.builder()
                .name("google-application-credentials")
                .build())
            .data(Map.of("json", StdFunctions.base64decode(Base64decodeArgs.builder()
                .input(mykey.privateKey())
                .build()).applyValue(_invoke -> _invoke.result())))
            .build());

    }
}
Copy
resources:
  mykey:
    type: gcp:serviceaccount:Key
    properties:
      serviceAccountId: ${myaccount.name}
  google-application-credentials:
    type: kubernetes:core/v1:Secret
    properties:
      metadata:
        name: google-application-credentials
      data:
        json:
          fn::invoke:
            function: std:base64decode
            arguments:
              input: ${mykey.privateKey}
            return: result
variables:
  myaccount:
    fn::invoke:
      function: gcp:serviceaccount:getAccount
      arguments:
        accountId: myaccount-id
Copy

Using getAccount

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAccount(args: GetAccountArgs, opts?: InvokeOptions): Promise<GetAccountResult>
function getAccountOutput(args: GetAccountOutputArgs, opts?: InvokeOptions): Output<GetAccountResult>
Copy
def get_account(account_id: Optional[str] = None,
                project: Optional[str] = None,
                opts: Optional[InvokeOptions] = None) -> GetAccountResult
def get_account_output(account_id: Optional[pulumi.Input[str]] = None,
                project: Optional[pulumi.Input[str]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetAccountResult]
Copy
func LookupAccount(ctx *Context, args *LookupAccountArgs, opts ...InvokeOption) (*LookupAccountResult, error)
func LookupAccountOutput(ctx *Context, args *LookupAccountOutputArgs, opts ...InvokeOption) LookupAccountResultOutput
Copy

> Note: This function is named LookupAccount in the Go SDK.

public static class GetAccount 
{
    public static Task<GetAccountResult> InvokeAsync(GetAccountArgs args, InvokeOptions? opts = null)
    public static Output<GetAccountResult> Invoke(GetAccountInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
public static Output<GetAccountResult> getAccount(GetAccountArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: gcp:serviceaccount/getAccount:getAccount
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

AccountId This property is required. string

The Google service account ID. This be one of:

  • The name of the service account within the project (e.g. my-service)

  • The fully-qualified path to a service account resource (e.g. projects/my-project/serviceAccounts/...)

  • The email address of the service account (e.g. my-service@my-project.iam.gserviceaccount.com)

Project string
The ID of the project that the service account is present in. Defaults to the provider project configuration.
AccountId This property is required. string

The Google service account ID. This be one of:

  • The name of the service account within the project (e.g. my-service)

  • The fully-qualified path to a service account resource (e.g. projects/my-project/serviceAccounts/...)

  • The email address of the service account (e.g. my-service@my-project.iam.gserviceaccount.com)

Project string
The ID of the project that the service account is present in. Defaults to the provider project configuration.
accountId This property is required. String

The Google service account ID. This be one of:

  • The name of the service account within the project (e.g. my-service)

  • The fully-qualified path to a service account resource (e.g. projects/my-project/serviceAccounts/...)

  • The email address of the service account (e.g. my-service@my-project.iam.gserviceaccount.com)

project String
The ID of the project that the service account is present in. Defaults to the provider project configuration.
accountId This property is required. string

The Google service account ID. This be one of:

  • The name of the service account within the project (e.g. my-service)

  • The fully-qualified path to a service account resource (e.g. projects/my-project/serviceAccounts/...)

  • The email address of the service account (e.g. my-service@my-project.iam.gserviceaccount.com)

project string
The ID of the project that the service account is present in. Defaults to the provider project configuration.
account_id This property is required. str

The Google service account ID. This be one of:

  • The name of the service account within the project (e.g. my-service)

  • The fully-qualified path to a service account resource (e.g. projects/my-project/serviceAccounts/...)

  • The email address of the service account (e.g. my-service@my-project.iam.gserviceaccount.com)

project str
The ID of the project that the service account is present in. Defaults to the provider project configuration.
accountId This property is required. String

The Google service account ID. This be one of:

  • The name of the service account within the project (e.g. my-service)

  • The fully-qualified path to a service account resource (e.g. projects/my-project/serviceAccounts/...)

  • The email address of the service account (e.g. my-service@my-project.iam.gserviceaccount.com)

project String
The ID of the project that the service account is present in. Defaults to the provider project configuration.

getAccount Result

The following output properties are available:

AccountId string
Disabled bool
Whether a service account is disabled or not.
DisplayName string
The display name for the service account.
Email string
The e-mail address of the service account. This value should be referenced from any gcp.organizations.getIAMPolicy data sources that would grant the service account privileges.
Id string
The provider-assigned unique ID for this managed resource.
Member string
The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
Name string
The fully-qualified name of the service account.
UniqueId string
The unique id of the service account.
Project string
AccountId string
Disabled bool
Whether a service account is disabled or not.
DisplayName string
The display name for the service account.
Email string
The e-mail address of the service account. This value should be referenced from any gcp.organizations.getIAMPolicy data sources that would grant the service account privileges.
Id string
The provider-assigned unique ID for this managed resource.
Member string
The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
Name string
The fully-qualified name of the service account.
UniqueId string
The unique id of the service account.
Project string
accountId String
disabled Boolean
Whether a service account is disabled or not.
displayName String
The display name for the service account.
email String
The e-mail address of the service account. This value should be referenced from any gcp.organizations.getIAMPolicy data sources that would grant the service account privileges.
id String
The provider-assigned unique ID for this managed resource.
member String
The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
name String
The fully-qualified name of the service account.
uniqueId String
The unique id of the service account.
project String
accountId string
disabled boolean
Whether a service account is disabled or not.
displayName string
The display name for the service account.
email string
The e-mail address of the service account. This value should be referenced from any gcp.organizations.getIAMPolicy data sources that would grant the service account privileges.
id string
The provider-assigned unique ID for this managed resource.
member string
The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
name string
The fully-qualified name of the service account.
uniqueId string
The unique id of the service account.
project string
account_id str
disabled bool
Whether a service account is disabled or not.
display_name str
The display name for the service account.
email str
The e-mail address of the service account. This value should be referenced from any gcp.organizations.getIAMPolicy data sources that would grant the service account privileges.
id str
The provider-assigned unique ID for this managed resource.
member str
The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
name str
The fully-qualified name of the service account.
unique_id str
The unique id of the service account.
project str
accountId String
disabled Boolean
Whether a service account is disabled or not.
displayName String
The display name for the service account.
email String
The e-mail address of the service account. This value should be referenced from any gcp.organizations.getIAMPolicy data sources that would grant the service account privileges.
id String
The provider-assigned unique ID for this managed resource.
member String
The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
name String
The fully-qualified name of the service account.
uniqueId String
The unique id of the service account.
project String

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes
This Pulumi package is based on the google-beta Terraform Provider.
Google Cloud v8.25.1 published on Wednesday, Apr 9, 2025 by Pulumi