Docs Packages
  1. Pulumi Registry
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. serviceAccount
  5. getAccountIdToken
gcp logo
Google Cloud Classic v6.57.0, May 30 23

gcp.serviceAccount.getAccountIdToken

Explore with Pulumi AI

This data source provides a Google OpenID Connect (oidc) id_token. Tokens issued from this data source are typically used to call external services that accept OIDC tokens for authentication (e.g. Google Cloud Run).

For more information see OpenID Connect.

Using getAccountIdToken

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAccountIdToken(args: GetAccountIdTokenArgs, opts?: InvokeOptions): Promise<GetAccountIdTokenResult>
function getAccountIdTokenOutput(args: GetAccountIdTokenOutputArgs, opts?: InvokeOptions): Output<GetAccountIdTokenResult>
def get_account_id_token(delegates: Optional[Sequence[str]] = None,
                         include_email: Optional[bool] = None,
                         target_audience: Optional[str] = None,
                         target_service_account: Optional[str] = None,
                         opts: Optional[InvokeOptions] = None) -> GetAccountIdTokenResult
def get_account_id_token_output(delegates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                         include_email: Optional[pulumi.Input[bool]] = None,
                         target_audience: Optional[pulumi.Input[str]] = None,
                         target_service_account: Optional[pulumi.Input[str]] = None,
                         opts: Optional[InvokeOptions] = None) -> Output[GetAccountIdTokenResult]
func GetAccountIdToken(ctx *Context, args *GetAccountIdTokenArgs, opts ...InvokeOption) (*GetAccountIdTokenResult, error)
func GetAccountIdTokenOutput(ctx *Context, args *GetAccountIdTokenOutputArgs, opts ...InvokeOption) GetAccountIdTokenResultOutput

> Note: This function is named GetAccountIdToken in the Go SDK.

public static class GetAccountIdToken 
{
    public static Task<GetAccountIdTokenResult> InvokeAsync(GetAccountIdTokenArgs args, InvokeOptions? opts = null)
    public static Output<GetAccountIdTokenResult> Invoke(GetAccountIdTokenInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAccountIdTokenResult> getAccountIdToken(GetAccountIdTokenArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: gcp:serviceAccount/getAccountIdToken:getAccountIdToken
  arguments:
    # arguments dictionary

The following arguments are supported:

TargetAudience string

The audience claim for the id_token.

Delegates List<string>

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode.

IncludeEmail bool

Include the verified email in the claim. Used only when using impersonation mode.

TargetServiceAccount string

The email of the service account being impersonated. Used only when using impersonation mode.

TargetAudience string

The audience claim for the id_token.

Delegates []string

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode.

IncludeEmail bool

Include the verified email in the claim. Used only when using impersonation mode.

TargetServiceAccount string

The email of the service account being impersonated. Used only when using impersonation mode.

targetAudience String

The audience claim for the id_token.

delegates List<String>

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode.

includeEmail Boolean

Include the verified email in the claim. Used only when using impersonation mode.

targetServiceAccount String

The email of the service account being impersonated. Used only when using impersonation mode.

targetAudience string

The audience claim for the id_token.

delegates string[]

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode.

includeEmail boolean

Include the verified email in the claim. Used only when using impersonation mode.

targetServiceAccount string

The email of the service account being impersonated. Used only when using impersonation mode.

target_audience str

The audience claim for the id_token.

delegates Sequence[str]

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode.

include_email bool

Include the verified email in the claim. Used only when using impersonation mode.

target_service_account str

The email of the service account being impersonated. Used only when using impersonation mode.

targetAudience String

The audience claim for the id_token.

delegates List<String>

Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. Used only when using impersonation mode.

includeEmail Boolean

Include the verified email in the claim. Used only when using impersonation mode.

targetServiceAccount String

The email of the service account being impersonated. Used only when using impersonation mode.

getAccountIdToken Result

The following output properties are available:

Id string

The provider-assigned unique ID for this managed resource.

IdToken string

The id_token representing the new generated identity.

TargetAudience string
Delegates List<string>
IncludeEmail bool
TargetServiceAccount string
Id string

The provider-assigned unique ID for this managed resource.

IdToken string

The id_token representing the new generated identity.

TargetAudience string
Delegates []string
IncludeEmail bool
TargetServiceAccount string
id String

The provider-assigned unique ID for this managed resource.

idToken String

The id_token representing the new generated identity.

targetAudience String
delegates List<String>
includeEmail Boolean
targetServiceAccount String
id string

The provider-assigned unique ID for this managed resource.

idToken string

The id_token representing the new generated identity.

targetAudience string
delegates string[]
includeEmail boolean
targetServiceAccount string
id str

The provider-assigned unique ID for this managed resource.

id_token str

The id_token representing the new generated identity.

target_audience str
delegates Sequence[str]
include_email bool
target_service_account str
id String

The provider-assigned unique ID for this managed resource.

idToken String

The id_token representing the new generated identity.

targetAudience String
delegates List<String>
includeEmail Boolean
targetServiceAccount String

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.