2018-06-01 00:31:45 +00:00
|
|
|
---
|
|
|
|
layout: "google"
|
|
|
|
page_title: "Google: google_service_account"
|
|
|
|
sidebar_current: "docs-google-datasource-service-account"
|
|
|
|
description: |-
|
|
|
|
Get the service account from a project.
|
|
|
|
---
|
|
|
|
|
|
|
|
# google\_service\_account
|
|
|
|
|
|
|
|
Get the service account from a project. For more information see
|
|
|
|
the official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.
|
|
|
|
|
|
|
|
## Example Usage
|
|
|
|
|
|
|
|
```hcl
|
|
|
|
data "google_service_account" "object_viewer" {
|
|
|
|
account_id = "object-viewer"
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Example Usage, save key in Kubernetes secret
|
|
|
|
```hcl
|
|
|
|
data "google_service_account" "myaccount" {
|
|
|
|
account_id = "myaccount-id"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_service_account_key" "mykey" {
|
|
|
|
service_account_id = "${data.google_service_account.myaccount.name}"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "kubernetes_secret" "google-application-credentials" {
|
2018-12-27 15:51:23 +00:00
|
|
|
metadata = {
|
2018-06-01 00:31:45 +00:00
|
|
|
name = "google-application-credentials"
|
|
|
|
}
|
|
|
|
data {
|
|
|
|
credentials.json = "${base64decode(google_service_account_key.mykey.private_key)}"
|
|
|
|
}
|
2019-05-07 22:43:25 +00:00
|
|
|
}
|
2018-06-01 00:31:45 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
## Argument Reference
|
|
|
|
|
|
|
|
The following arguments are supported:
|
|
|
|
|
2019-03-07 17:02:20 +00:00
|
|
|
* `account_id` - (Required) The Service account id. (This is the part of the service account's email field that comes before the @ symbol.)
|
2018-06-01 00:31:45 +00:00
|
|
|
|
|
|
|
* `project` - (Optional) The ID of the project that the service account will be created in.
|
|
|
|
Defaults to the provider project configuration.
|
|
|
|
|
|
|
|
## Attributes Reference
|
|
|
|
|
|
|
|
In addition to the arguments listed above, the following computed attributes are
|
|
|
|
exported:
|
|
|
|
|
|
|
|
* `email` - The e-mail address of the service account. This value
|
|
|
|
should be referenced from any `google_iam_policy` data sources
|
|
|
|
that would grant the service account privileges.
|
|
|
|
|
|
|
|
* `unique_id` - The unique id of the service account.
|
|
|
|
|
|
|
|
* `name` - The fully-qualified name of the service account.
|
|
|
|
|
|
|
|
* `display_name` - The display name for the service account.
|