GetAccountAccessToken
This data source provides a google oauth2 access_token for a different service account than the one initially running the script.
For more information see the official documentation as well as iamcredentials.generateAccessToken()
Using GetAccountAccessToken
function getAccountAccessToken(args: GetAccountAccessTokenArgs, opts?: InvokeOptions): Promise<GetAccountAccessTokenResult>function get_account_access_token(delegates=None, lifetime=None, scopes=None, target_service_account=None, opts=None)func GetAccountAccessToken(ctx *Context, args *GetAccountAccessTokenArgs, opts ...InvokeOption) (*GetAccountAccessTokenResult, error)public static class GetAccountAccessToken {
public static Task<GetAccountAccessTokenResult> InvokeAsync(GetAccountAccessTokenArgs args, InvokeOptions? opts = null)
}The following arguments are supported:
- Scopes List<string>
The scopes the new credential should have (e.g.
["storage-ro", "cloud-platform"])- Target
Service stringAccount The service account to impersonate (e.g.
service_B@your-project-id.iam.gserviceaccount.com)- Delegates List<string>
Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g.
["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])- Lifetime string
Lifetime of the impersonated token (defaults to its max:
3600s).
- Scopes []string
The scopes the new credential should have (e.g.
["storage-ro", "cloud-platform"])- Target
Service stringAccount The service account to impersonate (e.g.
service_B@your-project-id.iam.gserviceaccount.com)- Delegates []string
Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g.
["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])- Lifetime string
Lifetime of the impersonated token (defaults to its max:
3600s).
- scopes string[]
The scopes the new credential should have (e.g.
["storage-ro", "cloud-platform"])- target
Service stringAccount The service account to impersonate (e.g.
service_B@your-project-id.iam.gserviceaccount.com)- delegates string[]
Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g.
["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])- lifetime string
Lifetime of the impersonated token (defaults to its max:
3600s).
- scopes List[str]
The scopes the new credential should have (e.g.
["storage-ro", "cloud-platform"])- target_
service_ straccount The service account to impersonate (e.g.
service_B@your-project-id.iam.gserviceaccount.com)- delegates List[str]
Delegate chain of approvals needed to perform full impersonation. Specify the fully qualified service account name. (e.g.
["projects/-/serviceAccounts/delegate-svc-account@project-id.iam.gserviceaccount.com"])- lifetime str
Lifetime of the impersonated token (defaults to its max:
3600s).
GetAccountAccessToken Result
The following output properties are available:
- Access
Token string The
access_tokenrepresenting the new generated identity.- Id string
The provider-assigned unique ID for this managed resource.
- Scopes List<string>
- Target
Service stringAccount - Delegates List<string>
- Lifetime string
Package Details
- Repository
- https://github.com/pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.