get
Get OpenID userinfo about the credentials used with the Google provider, specifically the email. This datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.
This resource will only work as expected if the provider is configured to use the
https://www.googleapis.com/auth/userinfo.emailscope! You will receive an error otherwise. The provider uses this scope by default.
Example Usage
Exporting An Email
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
export = async () => {
const me = await gcp.organizations.getClientOpenIdUserInfo({});
return {
"my-email": me.email,
};
}Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
me = gcp.organizations.get_client_open_id_user_info()
pulumi.export("my-email", me.email)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();
return new Dictionary<string, object?>
{
["my-email"] = me.Apply(getClientOpenIdUserInfoResult => getClientOpenIdUserInfoResult.Email),
};
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
me, err := organizations.GetClientOpenIdUserInfo(ctx, nil, nil)
if err != nil {
return err
}
ctx.Export("my-email", me.Email)
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var me = OrganizationsFunctions.getClientOpenIdUserInfo();
ctx.export("my-email", me.applyValue(getClientOpenIdUserInfoResult -> getClientOpenIdUserInfoResult.email()));
}
}Content copied to clipboard
variables:
me:
fn::invoke:
Function: gcp:organizations:getClientOpenIdUserInfo
Arguments: {}
outputs:
my-email: ${me.email}Content copied to clipboard
OpenID Connect W/ Kubernetes Provider + RBAC IAM Role
resources:
user:
type: kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding
properties:
metadata:
name: provider-user-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subject:
- kind: User
name: ${providerIdentity.email}
variables:
providerIdentity:
fn::invoke:
Function: gcp:organizations:getClientOpenIdUserInfo
Arguments: {}
provider:
fn::invoke:
Function: gcp:organizations:getClientConfig
Arguments: {}
myCluster:
fn::invoke:
Function: gcp:container:getCluster
Arguments:
name: my-cluster
zone: us-east1-aContent copied to clipboard
Return
A collection of values returned by getClientOpenIdUserInfo.
Parameters
argument
Get OpenID userinfo about the credentials used with the Google provider, specifically the email. This datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.
This resource will only work as expected if the provider is configured to use the
https://www.googleapis.com/auth/userinfo.emailscope! You will receive an error otherwise. The provider uses this scope by default.
Example Usage
Exporting An Email
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
export = async () => {
const me = await gcp.organizations.getClientOpenIdUserInfo({});
return {
"my-email": me.email,
};
}Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
me = gcp.organizations.get_client_open_id_user_info()
pulumi.export("my-email", me.email)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();
return new Dictionary<string, object?>
{
["my-email"] = me.Apply(getClientOpenIdUserInfoResult => getClientOpenIdUserInfoResult.Email),
};
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
me, err := organizations.GetClientOpenIdUserInfo(ctx, nil, nil)
if err != nil {
return err
}
ctx.Export("my-email", me.Email)
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var me = OrganizationsFunctions.getClientOpenIdUserInfo();
ctx.export("my-email", me.applyValue(getClientOpenIdUserInfoResult -> getClientOpenIdUserInfoResult.email()));
}
}Content copied to clipboard
variables:
me:
fn::invoke:
Function: gcp:organizations:getClientOpenIdUserInfo
Arguments: {}
outputs:
my-email: ${me.email}Content copied to clipboard
OpenID Connect W/ Kubernetes Provider + RBAC IAM Role
resources:
user:
type: kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding
properties:
metadata:
name: provider-user-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subject:
- kind: User
name: ${providerIdentity.email}
variables:
providerIdentity:
fn::invoke:
Function: gcp:organizations:getClientOpenIdUserInfo
Arguments: {}
provider:
fn::invoke:
Function: gcp:organizations:getClientConfig
Arguments: {}
myCluster:
fn::invoke:
Function: gcp:container:getCluster
Arguments:
name: my-cluster
zone: us-east1-aContent copied to clipboard