1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. bigquery
  5. getDefaultServiceAccount
Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi

gcp.bigquery.getDefaultServiceAccount

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi

    Get the email address of a project’s unique BigQuery service account.

    Each Google Cloud project has a unique service account used by BigQuery. When using BigQuery with customer-managed encryption keys, this account needs to be granted the cloudkms.cryptoKeyEncrypterDecrypter IAM role on the customer-managed Cloud KMS key used to protect the data.

    For more information see the API reference.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const bqSa = gcp.bigquery.getDefaultServiceAccount({});
    const keySaUser = new gcp.kms.CryptoKeyIAMMember("key_sa_user", {
        cryptoKeyId: key.id,
        role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
        member: bqSa.then(bqSa => `serviceAccount:${bqSa.email}`),
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    bq_sa = gcp.bigquery.get_default_service_account()
    key_sa_user = gcp.kms.CryptoKeyIAMMember("key_sa_user",
        crypto_key_id=key["id"],
        role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
        member=f"serviceAccount:{bq_sa.email}")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery"
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		bqSa, err := bigquery.GetDefaultServiceAccount(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		_, err = kms.NewCryptoKeyIAMMember(ctx, "key_sa_user", &kms.CryptoKeyIAMMemberArgs{
    			CryptoKeyId: pulumi.Any(key.Id),
    			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
    			Member:      pulumi.String(fmt.Sprintf("serviceAccount:%v", bqSa.Email)),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var bqSa = Gcp.BigQuery.GetDefaultServiceAccount.Invoke();
    
        var keySaUser = new Gcp.Kms.CryptoKeyIAMMember("key_sa_user", new()
        {
            CryptoKeyId = key.Id,
            Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
            Member = $"serviceAccount:{bqSa.Apply(getDefaultServiceAccountResult => getDefaultServiceAccountResult.Email)}",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.bigquery.BigqueryFunctions;
    import com.pulumi.gcp.bigquery.inputs.GetDefaultServiceAccountArgs;
    import com.pulumi.gcp.kms.CryptoKeyIAMMember;
    import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var bqSa = BigqueryFunctions.getDefaultServiceAccount();
    
            var keySaUser = new CryptoKeyIAMMember("keySaUser", CryptoKeyIAMMemberArgs.builder()
                .cryptoKeyId(key.id())
                .role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
                .member(String.format("serviceAccount:%s", bqSa.applyValue(getDefaultServiceAccountResult -> getDefaultServiceAccountResult.email())))
                .build());
    
        }
    }
    
    resources:
      keySaUser:
        type: gcp:kms:CryptoKeyIAMMember
        name: key_sa_user
        properties:
          cryptoKeyId: ${key.id}
          role: roles/cloudkms.cryptoKeyEncrypterDecrypter
          member: serviceAccount:${bqSa.email}
    variables:
      bqSa:
        fn::invoke:
          Function: gcp:bigquery:getDefaultServiceAccount
          Arguments: {}
    

    Using getDefaultServiceAccount

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getDefaultServiceAccount(args: GetDefaultServiceAccountArgs, opts?: InvokeOptions): Promise<GetDefaultServiceAccountResult>
    function getDefaultServiceAccountOutput(args: GetDefaultServiceAccountOutputArgs, opts?: InvokeOptions): Output<GetDefaultServiceAccountResult>
    def get_default_service_account(project: Optional[str] = None,
                                    opts: Optional[InvokeOptions] = None) -> GetDefaultServiceAccountResult
    def get_default_service_account_output(project: Optional[pulumi.Input[str]] = None,
                                    opts: Optional[InvokeOptions] = None) -> Output[GetDefaultServiceAccountResult]
    func GetDefaultServiceAccount(ctx *Context, args *GetDefaultServiceAccountArgs, opts ...InvokeOption) (*GetDefaultServiceAccountResult, error)
    func GetDefaultServiceAccountOutput(ctx *Context, args *GetDefaultServiceAccountOutputArgs, opts ...InvokeOption) GetDefaultServiceAccountResultOutput

    > Note: This function is named GetDefaultServiceAccount in the Go SDK.

    public static class GetDefaultServiceAccount 
    {
        public static Task<GetDefaultServiceAccountResult> InvokeAsync(GetDefaultServiceAccountArgs args, InvokeOptions? opts = null)
        public static Output<GetDefaultServiceAccountResult> Invoke(GetDefaultServiceAccountInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetDefaultServiceAccountResult> getDefaultServiceAccount(GetDefaultServiceAccountArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:bigquery/getDefaultServiceAccount:getDefaultServiceAccount
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Project string
    The project the unique service account was created for. If it is not provided, the provider project is used.
    Project string
    The project the unique service account was created for. If it is not provided, the provider project is used.
    project String
    The project the unique service account was created for. If it is not provided, the provider project is used.
    project string
    The project the unique service account was created for. If it is not provided, the provider project is used.
    project str
    The project the unique service account was created for. If it is not provided, the provider project is used.
    project String
    The project the unique service account was created for. If it is not provided, the provider project is used.

    getDefaultServiceAccount Result

    The following output properties are available:

    Email string
    The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.
    Id string
    The provider-assigned unique ID for this managed resource.
    Member string
    The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
    Project string
    Email string
    The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.
    Id string
    The provider-assigned unique ID for this managed resource.
    Member string
    The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
    Project string
    email String
    The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.
    id String
    The provider-assigned unique ID for this managed resource.
    member String
    The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
    project String
    email string
    The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.
    id string
    The provider-assigned unique ID for this managed resource.
    member string
    The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
    project string
    email str
    The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.
    id str
    The provider-assigned unique ID for this managed resource.
    member str
    The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
    project str
    email String
    The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.
    id String
    The provider-assigned unique ID for this managed resource.
    member String
    The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.
    project String

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.27.0 published on Thursday, Jun 13, 2024 by Pulumi