1. Docs
  2. Pulumi ESC
  3. Integrations
  4. Dynamic login credentials
  5. gcp-login

gcp-login

    The gcp-login provider enables you to log in to Google Cloud using OpenID Connect or by providing static credentials. The provider will return a set of credentials that can be used to access Google Cloud resources or fetch secrets using the gcp-secrets provider.

    Example

      values:
        gcp:
          login:
            fn::open::gcp-login:
              project: 123456789
              oidc:
                workloadPoolId: pulumi-esc
                providerId: pulumi-esc
                serviceAccount: pulumi-esc@foo-bar-123456.iam.gserviceaccount.com
    

    Configuring OIDC

    To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Google Cloud, see the OpenID Connect integration documentation.

    Inputs

    PropertyTypeDescription
    projectnumberThe numerical ID of the GCP project, aka project number. (e.g. 951040570662)
    accessTokenGCPLoginAccessToken[Optional] Options for access token login.
    oidcGCPLoginOIDC[Optional] Options for OIDC login.

    GCPLoginAccessToken

    PropertyTypeDescription
    accessTokenstringThe token used to authenticate with Google Cloud.
    serviceAccountstring[Optional] - The service account to impersonate, if any.
    tokenLifetimestring[Optional] - The lifetime of the temporary credentials when impersonating a service account.

    GCPLoginOIDC

    PropertyTypeDescription
    workloadPoolIdstringThe (short) ID of the workload pool to use.
    providerIdstringThe (short) ID of the identity provider associated with the workload pool.
    serviceAccountstringThe email address of the service account to use.
    regionstring[Optional] - The region of the GCP project.
    tokenLifetimestring[Optional] - The lifetime of the temporary credentials.
    subjectAttributesstring[][Optional] - Subject attributes to be included in the OIDC token. For more information see the see the OpenID subject customization documentation

    Outputs

    PropertyTypeDescription
    projectstringThe numerical ID of the GCP project, aka project number. (e.g. 951040570662)
    accessTokenstringThe access token used to authenticate with Google Cloud.
    tokenTypestringThe type of the access token.
    expirystring[Optional] - The access token’s expiry time.
      PulumiUP 2024. Watch On Demand.