pulumi-gcp-kotlin/com.pulumi.gcp.accessapproval.kotlin/AccessapprovalFunctions/getOrganizationServiceAccount

getOrganizationServiceAccount

suspend fun getOrganizationServiceAccount(argument: GetOrganizationServiceAccountPlainArgs): GetOrganizationServiceAccountResult

Get the email address of an organization's Access Approval service account. Each Google Cloud organization has a unique service account used by Access Approval. When using Access Approval with a custom signing key, this account needs to be granted the cloudkms.signerVerifier IAM role on the Cloud KMS key used to sign approvals.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.accessapproval.AccessapprovalFunctions;
import com.pulumi.gcp.accessapproval.inputs.GetOrganizationServiceAccountArgs;
import com.pulumi.gcp.kms.CryptoKeyIAMMember;
import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var serviceAccount = AccessapprovalFunctions.getOrganizationServiceAccount(GetOrganizationServiceAccountArgs.builder()
            .organizationId("my-organization")
            .build());
        var iam = new CryptoKeyIAMMember("iam", CryptoKeyIAMMemberArgs.builder()
            .cryptoKeyId(google_kms_crypto_key.crypto_key().id())
            .role("roles/cloudkms.signerVerifier")
            .member(String.format("serviceAccount:%s", serviceAccount.applyValue(getOrganizationServiceAccountResult -> getOrganizationServiceAccountResult.accountEmail())))
            .build());
    }
}
Content copied to clipboard

Return

A collection of values returned by getOrganizationServiceAccount.

Parameters

argument

A collection of arguments for invoking getOrganizationServiceAccount.

suspend fun getOrganizationServiceAccount(organizationId: String): GetOrganizationServiceAccountResult

Return

A collection of values returned by getOrganizationServiceAccount.

Parameters

organizationId

The organization ID the service account was created for.

See also

.

suspend fun getOrganizationServiceAccount(argument: suspend GetOrganizationServiceAccountPlainArgsBuilder.() -> Unit): GetOrganizationServiceAccountResult

Return

A collection of values returned by getOrganizationServiceAccount.

Parameters

argument

Builder for com.pulumi.gcp.accessapproval.kotlin.inputs.GetOrganizationServiceAccountPlainArgs.

See also

.