get
This data source provides a google oauth2 access_token for a different service account than the one initially running the script. For more information see the official documentation as well as iamcredentials.generateAccessToken()
Example Usage
To allow service_A to impersonate service_B, grant the Service Account Token Creator on B to A. In the IAM policy below, service_A is given the Token Creator role impersonate service_B
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.IAMBinding;
import com.pulumi.gcp.serviceAccount.IAMBindingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var token_creator_iam = new IAMBinding("token-creator-iam", IAMBindingArgs.builder()
.members("serviceAccount:service_A@projectA.iam.gserviceaccount.com")
.role("roles/iam.serviceAccountTokenCreator")
.serviceAccountId("projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com")
.build());
}
}Return
A collection of values returned by getAccountAccessToken.
Parameters
A collection of arguments for invoking getAccountAccessToken.
Return
A collection of values returned by getAccountAccessToken.
Parameters
Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g. ["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])
Lifetime of the impersonated token (defaults to its max: 3600s).
The scopes the new credential should have (e.g. ["cloud-platform"])
The service account to impersonate (e.g. service_B@your-project-id.iam.gserviceaccount.com)
See also
Return
A collection of values returned by getAccountAccessToken.
Parameters
Builder for com.pulumi.gcp.serviceAccount.kotlin.inputs.GetAccountAccessTokenPlainArgs.