get
This data source provides a self-signed JWT. Tokens issued from this data source are typically used to call external services that accept JWTs for authentication.
Example Usage
Note: in order to use the following, the caller must have at least roles/iam.serviceAccountTokenCreator on the target_service_account.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const foo = gcp.serviceaccount.getAccountJwt({
targetServiceAccount: "impersonated-account@project.iam.gserviceaccount.com",
payload: JSON.stringify({
foo: "bar",
sub: "subject",
}),
expiresIn: 60,
});
export const jwt = foo.then(foo => foo.jwt);import pulumi
import json
import pulumi_gcp as gcp
foo = gcp.serviceaccount.get_account_jwt(target_service_account="impersonated-account@project.iam.gserviceaccount.com",
payload=json.dumps({
"foo": "bar",
"sub": "subject",
}),
expires_in=60)
pulumi.export("jwt", foo.jwt)using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var foo = Gcp.ServiceAccount.GetAccountJwt.Invoke(new()
{
TargetServiceAccount = "impersonated-account@project.iam.gserviceaccount.com",
Payload = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["foo"] = "bar",
["sub"] = "subject",
}),
ExpiresIn = 60,
});
return new Dictionary<string, object?>
{
["jwt"] = foo.Apply(getAccountJwtResult => getAccountJwtResult.Jwt),
};
});package main
import (
"encoding/json"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"foo": "bar",
"sub": "subject",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
foo, err := serviceaccount.GetAccountJwt(ctx, &serviceaccount.GetAccountJwtArgs{
TargetServiceAccount: "impersonated-account@project.iam.gserviceaccount.com",
Payload: json0,
ExpiresIn: pulumi.IntRef(60),
}, nil)
if err != nil {
return err
}
ctx.Export("jwt", foo.Jwt)
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;
import com.pulumi.gcp.serviceaccount.inputs.GetAccountJwtArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var foo = ServiceaccountFunctions.getAccountJwt(GetAccountJwtArgs.builder()
.targetServiceAccount("impersonated-account@project.iam.gserviceaccount.com")
.payload(serializeJson(
jsonObject(
jsonProperty("foo", "bar"),
jsonProperty("sub", "subject")
)))
.expiresIn(60)
.build());
ctx.export("jwt", foo.applyValue(getAccountJwtResult -> getAccountJwtResult.jwt()));
}
}variables:
foo:
fn::invoke:
Function: gcp:serviceaccount:getAccountJwt
Arguments:
targetServiceAccount: impersonated-account@project.iam.gserviceaccount.com
payload:
fn::toJSON:
foo: bar
sub: subject
expiresIn: 60
outputs:
jwt: ${foo.jwt}Return
A collection of values returned by getAccountJwt.
Parameters
A collection of arguments for invoking getAccountJwt.
Return
A collection of values returned by getAccountJwt.
Parameters
Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name.
Number of seconds until the JWT expires. If set and non-zero an exp claim will be added to the payload derived from the current timestamp plus expires_in seconds.
The JSON-encoded JWT claims set to include in the self-signed JWT.
The email of the service account that will sign the JWT.
See also
Return
A collection of values returned by getAccountJwt.
Parameters
Builder for com.pulumi.gcp.serviceaccount.kotlin.inputs.GetAccountJwtPlainArgs.