1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. serviceaccount
  5. getAccountJwt
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.serviceaccount.getAccountJwt

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    This data source provides a self-signed JWT. Tokens issued from this data source are typically used to call external services that accept JWTs for authentication.

    Example Usage

    Note: in order to use the following, the caller must have at least roles/iam.serviceAccountTokenCreator on the target_service_account.

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const foo = gcp.serviceaccount.getAccountJwt({
        targetServiceAccount: "impersonated-account@project.iam.gserviceaccount.com",
        payload: JSON.stringify({
            foo: "bar",
            sub: "subject",
        }),
        expiresIn: 60,
    });
    export const jwt = foo.then(foo => foo.jwt);
    
    import pulumi
    import json
    import pulumi_gcp as gcp
    
    foo = gcp.serviceaccount.get_account_jwt(target_service_account="impersonated-account@project.iam.gserviceaccount.com",
        payload=json.dumps({
            "foo": "bar",
            "sub": "subject",
        }),
        expires_in=60)
    pulumi.export("jwt", foo.jwt)
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"foo": "bar",
    			"sub": "subject",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		foo, err := serviceaccount.GetAccountJwt(ctx, &serviceaccount.GetAccountJwtArgs{
    			TargetServiceAccount: "impersonated-account@project.iam.gserviceaccount.com",
    			Payload:              json0,
    			ExpiresIn:            pulumi.IntRef(60),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("jwt", foo.Jwt)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var foo = Gcp.ServiceAccount.GetAccountJwt.Invoke(new()
        {
            TargetServiceAccount = "impersonated-account@project.iam.gserviceaccount.com",
            Payload = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["foo"] = "bar",
                ["sub"] = "subject",
            }),
            ExpiresIn = 60,
        });
    
        return new Dictionary<string, object?>
        {
            ["jwt"] = foo.Apply(getAccountJwtResult => getAccountJwtResult.Jwt),
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
    import com.pulumi.gcp.serviceaccount.inputs.GetAccountJwtArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var foo = ServiceaccountFunctions.getAccountJwt(GetAccountJwtArgs.builder()
                .targetServiceAccount("impersonated-account@project.iam.gserviceaccount.com")
                .payload(serializeJson(
                    jsonObject(
                        jsonProperty("foo", "bar"),
                        jsonProperty("sub", "subject")
                    )))
                .expiresIn(60)
                .build());
    
            ctx.export("jwt", foo.applyValue(getAccountJwtResult -> getAccountJwtResult.jwt()));
        }
    }
    
    variables:
      foo:
        fn::invoke:
          Function: gcp:serviceaccount:getAccountJwt
          Arguments:
            targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com
            payload:
              fn::toJSON:
                foo: bar
                sub: subject
            expiresIn: 60
    outputs:
      jwt: ${foo.jwt}
    

    Using getAccountJwt

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAccountJwt(args: GetAccountJwtArgs, opts?: InvokeOptions): Promise<GetAccountJwtResult>
    function getAccountJwtOutput(args: GetAccountJwtOutputArgs, opts?: InvokeOptions): Output<GetAccountJwtResult>
    def get_account_jwt(delegates: Optional[Sequence[str]] = None,
                        expires_in: Optional[int] = None,
                        payload: Optional[str] = None,
                        target_service_account: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetAccountJwtResult
    def get_account_jwt_output(delegates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                        expires_in: Optional[pulumi.Input[int]] = None,
                        payload: Optional[pulumi.Input[str]] = None,
                        target_service_account: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetAccountJwtResult]
    func GetAccountJwt(ctx *Context, args *GetAccountJwtArgs, opts ...InvokeOption) (*GetAccountJwtResult, error)
    func GetAccountJwtOutput(ctx *Context, args *GetAccountJwtOutputArgs, opts ...InvokeOption) GetAccountJwtResultOutput

    > Note: This function is named GetAccountJwt in the Go SDK.

    public static class GetAccountJwt 
    {
        public static Task<GetAccountJwtResult> InvokeAsync(GetAccountJwtArgs args, InvokeOptions? opts = null)
        public static Output<GetAccountJwtResult> Invoke(GetAccountJwtInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAccountJwtResult> getAccountJwt(GetAccountJwtArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:serviceaccount/getAccountJwt:getAccountJwt
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Payload string
    The JSON-encoded JWT claims set to include in the self-signed JWT.
    TargetServiceAccount string
    The email of the service account that will sign the JWT.
    Delegates List<string>
    Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
    ExpiresIn int
    Number of seconds until the JWT expires. If set and non-zero an exp claim will be added to the payload derived from the current timestamp plus expires_in seconds.
    Payload string
    The JSON-encoded JWT claims set to include in the self-signed JWT.
    TargetServiceAccount string
    The email of the service account that will sign the JWT.
    Delegates []string
    Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
    ExpiresIn int
    Number of seconds until the JWT expires. If set and non-zero an exp claim will be added to the payload derived from the current timestamp plus expires_in seconds.
    payload String
    The JSON-encoded JWT claims set to include in the self-signed JWT.
    targetServiceAccount String
    The email of the service account that will sign the JWT.
    delegates List<String>
    Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
    expiresIn Integer
    Number of seconds until the JWT expires. If set and non-zero an exp claim will be added to the payload derived from the current timestamp plus expires_in seconds.
    payload string
    The JSON-encoded JWT claims set to include in the self-signed JWT.
    targetServiceAccount string
    The email of the service account that will sign the JWT.
    delegates string[]
    Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
    expiresIn number
    Number of seconds until the JWT expires. If set and non-zero an exp claim will be added to the payload derived from the current timestamp plus expires_in seconds.
    payload str
    The JSON-encoded JWT claims set to include in the self-signed JWT.
    target_service_account str
    The email of the service account that will sign the JWT.
    delegates Sequence[str]
    Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
    expires_in int
    Number of seconds until the JWT expires. If set and non-zero an exp claim will be added to the payload derived from the current timestamp plus expires_in seconds.
    payload String
    The JSON-encoded JWT claims set to include in the self-signed JWT.
    targetServiceAccount String
    The email of the service account that will sign the JWT.
    delegates List<String>
    Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
    expiresIn Number
    Number of seconds until the JWT expires. If set and non-zero an exp claim will be added to the payload derived from the current timestamp plus expires_in seconds.

    getAccountJwt Result

    The following output properties are available:

    Id string
    The provider-assigned unique ID for this managed resource.
    Jwt string
    The signed JWT containing the JWT Claims Set from the payload.
    Payload string
    TargetServiceAccount string
    Delegates List<string>
    ExpiresIn int
    Id string
    The provider-assigned unique ID for this managed resource.
    Jwt string
    The signed JWT containing the JWT Claims Set from the payload.
    Payload string
    TargetServiceAccount string
    Delegates []string
    ExpiresIn int
    id String
    The provider-assigned unique ID for this managed resource.
    jwt String
    The signed JWT containing the JWT Claims Set from the payload.
    payload String
    targetServiceAccount String
    delegates List<String>
    expiresIn Integer
    id string
    The provider-assigned unique ID for this managed resource.
    jwt string
    The signed JWT containing the JWT Claims Set from the payload.
    payload string
    targetServiceAccount string
    delegates string[]
    expiresIn number
    id str
    The provider-assigned unique ID for this managed resource.
    jwt str
    The signed JWT containing the JWT Claims Set from the payload.
    payload str
    target_service_account str
    delegates Sequence[str]
    expires_in int
    id String
    The provider-assigned unique ID for this managed resource.
    jwt String
    The signed JWT containing the JWT Claims Set from the payload.
    payload String
    targetServiceAccount String
    delegates List<String>
    expiresIn Number

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi