IAMServiceAccount
| Property | Value |
|---|---|
| Google Cloud Service Name | IAM |
| Google Cloud Service Documentation | /iam/docs/ |
| Google Cloud REST Resource Name | v1.projects.serviceAccounts |
| Google Cloud REST Resource Documentation | /iam/reference/rest/v1/projects.serviceAccounts |
| Config Connector Resource Short Names | gcpiamserviceaccount gcpiamserviceaccounts iamserviceaccount |
| Config Connector Service Name | iam.googleapis.com |
| Config Connector Resource Fully Qualified Name | iamserviceaccounts.iam.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | Yes |
| Supports IAM Conditions | Yes |
| Supports IAM Audit Configs | No |
| IAM External Reference Format |
projects/{{project}}/serviceAccounts/{{account_id}}@{{project}}.iam.gserviceaccount.com |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/project-id |
|
Spec
Schema
description: string
disabled: boolean
displayName: string
resourceID: string
| Fields | |
|---|---|
|
Optional |
A text description of the service account. Must be less than or equal to 256 UTF-8 bytes. |
|
Optional |
Whether the service account is disabled. Defaults to false. |
|
Optional |
The display name for the service account. Can be updated without creating a new resource. |
|
Optional |
Immutable. Optional. The accountId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
email: string
member: string
name: string
observedGeneration: integer
uniqueId: string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
email |
The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges. |
member |
The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions. |
name |
The fully-qualified name of the service account. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
uniqueId |
The unique id of the service account. |
Sample YAML(s)
Typical Use Case
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
labels:
label-one: "value-one"
name: iamserviceaccount-sample
spec:
displayName: Example Service Account