Docs Packages
  1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. organizations
  5. getClientOpenIdUserInfo
Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi
pulumi/pulumi-gcp

gcp.organizations.getClientOpenIdUserInfo

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi
pulumi/pulumi-gcp

    Get OpenID userinfo about the credentials used with the Google provider, specifically the email.

    This datasource enables you to export the email of the account you’ve authenticated the provider with; this can be used alongside data.google_client_config’s access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.

    This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.

    Example Usage

    Exporting An Email

    import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

export = async () => {
    const me = await gcp.organizations.getClientOpenIdUserInfo({});
    return {
        "my-email": me.email,
    };
}

    import pulumi
import pulumi_gcp as gcp

me = gcp.organizations.get_client_open_id_user_info()
pulumi.export("my-email", me.email)

    package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		me, err := organizations.GetClientOpenIdUserInfo(ctx, nil, nil)
		if err != nil {
			return err
		}
		ctx.Export("my-email", me.Email)
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();

    return new Dictionary<string, object?>
    {
        ["my-email"] = me.Apply(getClientOpenIdUserInfoResult => getClientOpenIdUserInfoResult.Email),
    };
});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var me = OrganizationsFunctions.getClientOpenIdUserInfo();

        ctx.export("my-email", me.applyValue(getClientOpenIdUserInfoResult -> getClientOpenIdUserInfoResult.email()));
    }
}

    variables:
  me:
    fn::invoke:
      Function: gcp:organizations:getClientOpenIdUserInfo
      Arguments: {}
outputs:
  my-email: ${me.email}

    OpenID Connect W/ Kubernetes Provider + RBAC IAM Role

    Coming soon!

    Coming soon!

    Coming soon!

    Coming soon!

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.container.ContainerFunctions;
import com.pulumi.gcp.container.inputs.GetClusterArgs;
import com.pulumi.kubernetes.rbac.authorization.k8s.io_v1.ClusterRoleBinding;
import com.pulumi.kubernetes.rbac.authorization.k8s.io_v1.ClusterRoleBindingArgs;
import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
import com.pulumi.kubernetes.rbac.authorization.k8s.io_v1.inputs.RoleRefArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var providerIdentity = OrganizationsFunctions.getClientOpenIdUserInfo();

        final var provider = OrganizationsFunctions.getClientConfig();

        final var myCluster = ContainerFunctions.getCluster(GetClusterArgs.builder()
            .name("my-cluster")
            .zone("us-east1-a")
            .build());

        var user = new ClusterRoleBinding("user", ClusterRoleBindingArgs.builder()        
            .metadata(ObjectMetaArgs.builder()
                .name("provider-user-admin")
                .build())
            .roleRef(RoleRefArgs.builder()
                .apiGroup("rbac.authorization.k8s.io")
                .kind("ClusterRole")
                .name("cluster-admin")
                .build())
            .subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
            .build());

    }
}

    resources:
  user:
    type: kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding
    properties:
      metadata:
        name: provider-user-admin
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: cluster-admin
      subject:
        - kind: User
          name: ${providerIdentity.email}
variables:
  providerIdentity:
    fn::invoke:
      Function: gcp:organizations:getClientOpenIdUserInfo
      Arguments: {}
  provider:
    fn::invoke:
      Function: gcp:organizations:getClientConfig
      Arguments: {}
  myCluster:
    fn::invoke:
      Function: gcp:container:getCluster
      Arguments:
        name: my-cluster
        zone: us-east1-a

    Using getClientOpenIdUserInfo

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getClientOpenIdUserInfo(opts?: InvokeOptions): Promise<GetClientOpenIdUserInfoResult>
function getClientOpenIdUserInfoOutput(opts?: InvokeOptions): Output<GetClientOpenIdUserInfoResult>
    def get_client_open_id_user_info(opts: Optional[InvokeOptions] = None) -> GetClientOpenIdUserInfoResult
def get_client_open_id_user_info_output(opts: Optional[InvokeOptions] = None) -> Output[GetClientOpenIdUserInfoResult]
    func GetClientOpenIdUserInfo(ctx *Context, opts ...InvokeOption) (*GetClientOpenIdUserInfoResult, error)
func GetClientOpenIdUserInfoOutput(ctx *Context, opts ...InvokeOption) GetClientOpenIdUserInfoResultOutput

    > Note: This function is named GetClientOpenIdUserInfo in the Go SDK.

    public static class GetClientOpenIdUserInfo 
{
    public static Task<GetClientOpenIdUserInfoResult> InvokeAsync(InvokeOptions? opts = null)
    public static Output<GetClientOpenIdUserInfoResult> Invoke(InvokeOptions? opts = null)
}
    public static CompletableFuture<GetClientOpenIdUserInfoResult> getClientOpenIdUserInfo(InvokeOptions options)
// Output-based functions aren't available in Java yet

    fn::invoke:
  function: gcp:organizations/getClientOpenIdUserInfo:getClientOpenIdUserInfo
  arguments:
    # arguments dictionary

    getClientOpenIdUserInfo Result

    The following output properties are available:

    Email string
    The email of the account used by the provider to authenticate with GCP.
    Id string
    Email string
    The email of the account used by the provider to authenticate with GCP.
    Id string
    email String
    The email of the account used by the provider to authenticate with GCP.
    id String
    email string
    The email of the account used by the provider to authenticate with GCP.
    id string
    email str
    The email of the account used by the provider to authenticate with GCP.
    id str
    email String
    The email of the account used by the provider to authenticate with GCP.
    id String

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.19.0 published on Thursday, Apr 18, 2024 by Pulumi
    pulumi/pulumi-gcp