Skip to content

googleServiceAccount

Get the service account from a project. For more information see the official API documentation.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataGoogleServiceAccount.DataGoogleServiceAccount(
  this,
  "object_viewer",
  {
    account_id: "object-viewer",
  }
);

Example Usage, save key in Kubernetes secret

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
import * as kubernetes from "./.gen/providers/kubernetes";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google, kubernetes.
For a more precise conversion please use the --provider flag in convert.*/
const dataGoogleServiceAccountMyaccount =
  new google.dataGoogleServiceAccount.DataGoogleServiceAccount(
    this,
    "myaccount",
    {
      account_id: "myaccount-id",
    }
  );
const googleServiceAccountKeyMykey =
  new google.serviceAccountKey.ServiceAccountKey(this, "mykey", {
    service_account_id: dataGoogleServiceAccountMyaccount.name,
  });
new kubernetes.secret.Secret(this, "google-application-credentials", {
  data: [
    {
      "credentials.json": `\${base64decode(${googleServiceAccountKeyMykey.privateKey})}`,
    },
  ],
  metadata: [
    {
      name: "google-application-credentials",
    },
  ],
});

Argument Reference

The following arguments are supported:

  • accountId - (Required) The Google service account ID. This be one of:

    • The name of the service account within the project (e.g. myService)

    • The fully-qualified path to a service account resource (e.g. projects/myProject/serviceAccounts/)

    • The email address of the service account (e.g. myService@myProjectIamGserviceaccountCom)

  • project - (Optional) The ID of the project that the service account is present in. Defaults to the provider project configuration.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • email - The e-mail address of the service account. This value should be referenced from any googleIamPolicy data sources that would grant the service account privileges.

  • uniqueId - The unique id of the service account.

  • name - The fully-qualified name of the service account.

  • displayName - The display name for the service account.

  • member - The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.