mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-06 10:41:07 +00:00
providers/google: Create and delete Service Accounts
This commit is contained in:
parent
824dbd3a18
commit
ff2f519d6a
@ -19,9 +19,9 @@ project's existing policy. The policy is always specified in a
|
||||
## Example Usage
|
||||
|
||||
```js
|
||||
resource "google_project" "my-project" {
|
||||
resource "google_project" "my_project" {
|
||||
id = "your-project-id"
|
||||
policy_data = "${data.google_iam_policy.admin.policy}"
|
||||
policy_data = "${data.google_iam_policy.admin.policy_data}"
|
||||
}
|
||||
|
||||
data "google_iam_policy" "admin" {
|
||||
|
73
r/google_service_account.html.markdown
Normal file
73
r/google_service_account.html.markdown
Normal file
@ -0,0 +1,73 @@
|
||||
---
|
||||
layout: "google"
|
||||
page_title: "Google: google_service_account"
|
||||
sidebar_current: "docs-google-service-account"
|
||||
description: |-
|
||||
Allows management of a Google Cloud Platform service account.
|
||||
---
|
||||
|
||||
# google\_service\_account
|
||||
|
||||
Allows management of a Google Cloud Platform service account.
|
||||
|
||||
## Example Usage
|
||||
|
||||
This snippet creates a service account, then gives it objectViewer
|
||||
permission in a project.
|
||||
|
||||
```js
|
||||
resource "google_service_account" "object_viewer" {
|
||||
account_id = "object-viewer"
|
||||
display_name = "Object viewer"
|
||||
}
|
||||
|
||||
resource "google_project" "my_project" {
|
||||
id = "your-project-id"
|
||||
policy_data = "${data.google_iam_policy.admin.policy_data}"
|
||||
}
|
||||
|
||||
data "google_iam_policy" "admin" {
|
||||
binding {
|
||||
role = "roles/storage.objectViewer"
|
||||
members = [
|
||||
"serviceAccount:${google_service_account.object_viewer.email}",
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `account_id` - (Required) The service account ID.
|
||||
Changing this forces a new service account to be created.
|
||||
|
||||
* `display_name` - (Optional) The display name for the service account.
|
||||
Can be updated without creating a new resource.
|
||||
|
||||
* `project` - (Optional) The project that the service account will be created in.
|
||||
Defaults to the provider project configuration.
|
||||
|
||||
* `policy_data` - (Optional) The `google_iam_policy` data source that represents
|
||||
the IAM policy that will be applied to the service account. The policy will be
|
||||
merged with any existing policy.
|
||||
|
||||
Changing this updates the policy.
|
||||
|
||||
Deleting this removes the policy, but leaves the original policy
|
||||
intact. If there are overlapping `binding` entries between the original
|
||||
policy and the data source policy, they will be removed.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
In addition to the arguments listed above, the following computed attributes are
|
||||
exported:
|
||||
|
||||
* `email` - The e-mail address of the service account. This value
|
||||
should be referenced from any `google_iam_policy` data sources
|
||||
that would grant the service account privileges.
|
||||
|
||||
* `name` - The fully-qualified name of the service account.
|
||||
|
||||
* `unique_id` - The unique id of the service account.
|
Loading…
Reference in New Issue
Block a user