gcp.serviceAccount.getAccountAccessToken

Explore with Pulumi AI

This data source provides a google oauth2 access_token for a different service account than the one initially running the script.

For more information see the official documentation as well as iamcredentials.generateAccessToken()

Using getAccountAccessToken

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAccountAccessToken(args: GetAccountAccessTokenArgs, opts?: InvokeOptions): Promise<GetAccountAccessTokenResult>
function getAccountAccessTokenOutput(args: GetAccountAccessTokenOutputArgs, opts?: InvokeOptions): Output<GetAccountAccessTokenResult>
def get_account_access_token(delegates: Optional[Sequence[str]] = None,
                             lifetime: Optional[str] = None,
                             scopes: Optional[Sequence[str]] = None,
                             target_service_account: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetAccountAccessTokenResult
def get_account_access_token_output(delegates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                             lifetime: Optional[pulumi.Input[str]] = None,
                             scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                             target_service_account: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetAccountAccessTokenResult]
func GetAccountAccessToken(ctx *Context, args *GetAccountAccessTokenArgs, opts ...InvokeOption) (*GetAccountAccessTokenResult, error)
func GetAccountAccessTokenOutput(ctx *Context, args *GetAccountAccessTokenOutputArgs, opts ...InvokeOption) GetAccountAccessTokenResultOutput

> Note: This function is named GetAccountAccessToken in the Go SDK.

public static class GetAccountAccessToken 
{
    public static Task<GetAccountAccessTokenResult> InvokeAsync(GetAccountAccessTokenArgs args, InvokeOptions? opts = null)
    public static Output<GetAccountAccessTokenResult> Invoke(GetAccountAccessTokenInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAccountAccessTokenResult> getAccountAccessToken(GetAccountAccessTokenArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: gcp:serviceAccount/getAccountAccessToken:getAccountAccessToken
  arguments:
    # arguments dictionary

The following arguments are supported:

Scopes List<string>

The scopes the new credential should have (e.g. ["cloud-platform"])

TargetServiceAccount string

The service account to impersonate (e.g. service_B@your-project-id.iam.gserviceaccount.com)

Delegates List<string>

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. ["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])

Lifetime string

Lifetime of the impersonated token (defaults to its max: 3600s).

Scopes []string

The scopes the new credential should have (e.g. ["cloud-platform"])

TargetServiceAccount string

The service account to impersonate (e.g. service_B@your-project-id.iam.gserviceaccount.com)

Delegates []string

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. ["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])

Lifetime string

Lifetime of the impersonated token (defaults to its max: 3600s).

scopes List<String>

The scopes the new credential should have (e.g. ["cloud-platform"])

targetServiceAccount String

The service account to impersonate (e.g. service_B@your-project-id.iam.gserviceaccount.com)

delegates List<String>

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. ["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])

lifetime String

Lifetime of the impersonated token (defaults to its max: 3600s).

scopes string[]

The scopes the new credential should have (e.g. ["cloud-platform"])

targetServiceAccount string

The service account to impersonate (e.g. service_B@your-project-id.iam.gserviceaccount.com)

delegates string[]

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. ["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])

lifetime string

Lifetime of the impersonated token (defaults to its max: 3600s).

scopes Sequence[str]

The scopes the new credential should have (e.g. ["cloud-platform"])

target_service_account str

The service account to impersonate (e.g. service_B@your-project-id.iam.gserviceaccount.com)

delegates Sequence[str]

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. ["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])

lifetime str

Lifetime of the impersonated token (defaults to its max: 3600s).

scopes List<String>

The scopes the new credential should have (e.g. ["cloud-platform"])

targetServiceAccount String

The service account to impersonate (e.g. service_B@your-project-id.iam.gserviceaccount.com)

delegates List<String>

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. ["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])

lifetime String

Lifetime of the impersonated token (defaults to its max: 3600s).

getAccountAccessToken Result

The following output properties are available:

AccessToken string

The access_token representing the new generated identity.

Id string

The provider-assigned unique ID for this managed resource.

Scopes List<string>
TargetServiceAccount string
Delegates List<string>
Lifetime string
AccessToken string

The access_token representing the new generated identity.

Id string

The provider-assigned unique ID for this managed resource.

Scopes []string
TargetServiceAccount string
Delegates []string
Lifetime string
accessToken String

The access_token representing the new generated identity.

id String

The provider-assigned unique ID for this managed resource.

scopes List<String>
targetServiceAccount String
delegates List<String>
lifetime String
accessToken string

The access_token representing the new generated identity.

id string

The provider-assigned unique ID for this managed resource.

scopes string[]
targetServiceAccount string
delegates string[]
lifetime string
access_token str

The access_token representing the new generated identity.

id str

The provider-assigned unique ID for this managed resource.

scopes Sequence[str]
target_service_account str
delegates Sequence[str]
lifetime str
accessToken String

The access_token representing the new generated identity.

id String

The provider-assigned unique ID for this managed resource.

scopes List<String>
targetServiceAccount String
delegates List<String>
lifetime String

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.