pulumi-gcp-kotlin/com.pulumi.gcp.projects.kotlin/DefaultServiceAccountsArgs

DefaultServiceAccountsArgs

data class DefaultServiceAccountsArgs(val action: Output<String>? = null, val project: Output<String>? = null, val restorePolicy: Output<String>? = null) : ConvertibleToJava<DefaultServiceAccountsArgs>

Allows management of Google Cloud Platform project default service accounts. When certain service APIs are enabled, Google Cloud Platform automatically creates service accounts to help get started, but this is not recommended for production environments as per Google's documentation. See the Organization documentation for more details.

WARNING Some Google Cloud products do not work if the default service accounts are deleted so it is better to DEPRIVILEGE as Google CAN NOT recover service accounts that have been deleted for more than 30 days. Also Google recommends using the constraints/iam.automaticIamGrantsForDefaultServiceAccounts constraint to disable automatic IAM Grants to default service accounts. This resource works on a best-effort basis, as no API formally describes the default service accounts and it is for users who are unable to use constraints. If the default service accounts change their name or additional service accounts are added, this resource will need to be updated.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const myProject = new gcp.projects.DefaultServiceAccounts("my_project", {
    project: "my-project-id",
    action: "DELETE",
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
my_project = gcp.projects.DefaultServiceAccounts("my_project",
    project="my-project-id",
    action="DELETE")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var myProject = new Gcp.Projects.DefaultServiceAccounts("my_project", new()
    {
        Project = "my-project-id",
        Action = "DELETE",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewDefaultServiceAccounts(ctx, "my_project", &projects.DefaultServiceAccountsArgs{
			Project: pulumi.String("my-project-id"),
			Action:  pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.DefaultServiceAccounts;
import com.pulumi.gcp.projects.DefaultServiceAccountsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var myProject = new DefaultServiceAccounts("myProject", DefaultServiceAccountsArgs.builder()
            .project("my-project-id")
            .action("DELETE")
            .build());
    }
}
Content copied to clipboard
resources:
  myProject:
    type: gcp:projects:DefaultServiceAccounts
    name: my_project
    properties:
      project: my-project-id
      action: DELETE
Content copied to clipboard

To enable the default service accounts on the resource destroy:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const myProject = new gcp.projects.DefaultServiceAccounts("my_project", {
    project: "my-project-id",
    action: "DISABLE",
    restorePolicy: "REVERT",
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
my_project = gcp.projects.DefaultServiceAccounts("my_project",
    project="my-project-id",
    action="DISABLE",
    restore_policy="REVERT")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var myProject = new Gcp.Projects.DefaultServiceAccounts("my_project", new()
    {
        Project = "my-project-id",
        Action = "DISABLE",
        RestorePolicy = "REVERT",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewDefaultServiceAccounts(ctx, "my_project", &projects.DefaultServiceAccountsArgs{
			Project:       pulumi.String("my-project-id"),
			Action:        pulumi.String("DISABLE"),
			RestorePolicy: pulumi.String("REVERT"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.DefaultServiceAccounts;
import com.pulumi.gcp.projects.DefaultServiceAccountsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var myProject = new DefaultServiceAccounts("myProject", DefaultServiceAccountsArgs.builder()
            .project("my-project-id")
            .action("DISABLE")
            .restorePolicy("REVERT")
            .build());
    }
}
Content copied to clipboard
resources:
  myProject:
    type: gcp:projects:DefaultServiceAccounts
    name: my_project
    properties:
      project: my-project-id
      action: DISABLE
      restorePolicy: REVERT
Content copied to clipboard

Import

This resource does not support import

Constructors

Link copied to clipboard
constructor(action: Output<String>? = null, project: Output<String>? = null, restorePolicy: Output<String>? = null)

Properties

Link copied to clipboard
val action: Output<String>? = null

The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE, DELETE, DISABLE. Note that DEPRIVILEGE action will ignore the REVERT configuration in the restore_policy

Link copied to clipboard
val project: Output<String>? = null

The project ID where service accounts are created.

Link copied to clipboard
val restorePolicy: Output<String>? = null

The action to be performed in the default service accounts on the resource destroy. Valid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE. If set to REVERT it attempts to restore all default SAs but the DEPRIVILEGE action. If set to REVERT_AND_IGNORE_FAILURE it is the same behavior as REVERT but ignores errors returned by the API.

Functions

Link copied to clipboard
open override fun toJava(): DefaultServiceAccountsArgs