public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-10-06 10:41:07 +00:00
Code Issues Projects Releases Wiki Activity

providers/google: Create and delete Service Accounts

Browse Source
This commit is contained in:
Evan Brown 2016-11-07 23:27:32 -08:00
parent 824dbd3a18
commit ff2f519d6a
2 changed files with 75 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
r/google_project.html.markdown
View File

@ -19,9 +19,9 @@ project's existing policy. The policy is always specified in a
## Example Usage
```js
resource "google_project" "my-project" {
resource "google_project" "my_project" {
id = "your-project-id"
policy_data = "${data.google_iam_policy.admin.policy}"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
data "google_iam_policy" "admin" {

73
r/google_service_account.html.markdown Normal file
View File

@ -0,0 +1,73 @@
---
layout: "google"
page_title: "Google: google_service_account"
sidebar_current: "docs-google-service-account"
description: |-
Allows management of a Google Cloud Platform service account.
---
# google\_service\_account
Allows management of a Google Cloud Platform service account.
## Example Usage
This snippet creates a service account, then gives it objectViewer
permission in a project.
```js
resource "google_service_account" "object_viewer" {
account_id = "object-viewer"
display_name = "Object viewer"
}
resource "google_project" "my_project" {
id = "your-project-id"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
data "google_iam_policy" "admin" {
binding {
role = "roles/storage.objectViewer"
members = [
"serviceAccount:${google_service_account.object_viewer.email}",
]
}
}
```
## Argument Reference
The following arguments are supported:
* `account_id` - (Required) The service account ID.
Changing this forces a new service account to be created.
* `display_name` - (Optional) The display name for the service account.
Can be updated without creating a new resource.
* `project` - (Optional) The project that the service account will be created in.
Defaults to the provider project configuration.
* `policy_data` - (Optional) The `google_iam_policy` data source that represents
the IAM policy that will be applied to the service account. The policy will be
merged with any existing policy.
Changing this updates the policy.
Deleting this removes the policy, but leaves the original policy
intact. If there are overlapping `binding` entries between the original
policy and the data source policy, they will be removed.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `email` - The e-mail address of the service account. This value
should be referenced from any `google_iam_policy` data sources
that would grant the service account privileges.
* `name` - The fully-qualified name of the service account.
* `unique_id` - The unique id of the service account.