service_account#

Exec module for managing ServiceAccounts.

async idem_gcp.exec.gcp.iam.service_account.list_(hub, ctx, project: str = None)[source]#

Lists every ServiceAccount that belongs to a specific project.

Parameters:: project (str, Required) – The resource name of the project associated with the service accounts.

async idem_gcp.exec.gcp.iam.service_account.get(hub, ctx, project_id: str = None, unique_id: str = None, email: str = None, name: str = None, resource_id: str = None)[source]#

Returns the specified ServiceAccount resource.

Parameters:

project_id (str, Optional) – Project ID for this request.
unique_id (str, Optional) – The unique, stable numeric ID for the service account.
email (str, Optional) – The email address of the service account.
name (str, Optional) – Name of the service account in the provider API.
resource_id (str, Optional) – An identifier of the resource in the provider. Defaults to None.

Examples

random-name:
  exec.run:
  - path: gcp.iam.service_account.get
  - kwargs:
      name: service-account-name

async idem_gcp.exec.gcp.iam.service_account.undelete(hub, ctx, unique_id: str, project: str = None)[source]#

Restores a deleted service account.

It is not always possible to restore a deleted service account. Use this method only as a last resort.

After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.

The permission ‘iam.serviceAccounts.undelete’ is required for undeleting resources.

Although the GCP documentation states that either email or unique_id can be used as resource name, using an email results in the following error: “The service account name must be in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}”.

Parameters:

unique_id (str) – The unique, stable numeric ID for the service account.
project (str, Optional) – Project ID for this request.

async idem_gcp.exec.gcp.iam.service_account.disable(hub, ctx, project: str = None, unique_id: str = None, email: str = None, resource_id: str = None)[source]#

Disables a service account immediately.

If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use service_account.enable. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences.

Parameters:

project (str, Optional) – Project ID for this request.
unique_id (str, Optional) – The unique, stable numeric ID for the service account.
email (str, Optional) – The email address of the service account.
resource_id (str, Optional) – An identifier of the resource in the provider. Defaults to None.

async idem_gcp.exec.gcp.iam.service_account.enable(hub, ctx, project: str = None, unique_id: str = None, email: str = None, resource_id: str = None)[source]#

Enables a service account that have previously been disabled.

If the service account is already enabled, then this method has no effect. If the service account was disabled by other means — for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.

Parameters:

project (str, Optional) – Project ID for this request.
unique_id (str, Optional) – The unique, stable numeric ID for the service account.
email (str, Optional) – The email address of the service account.
resource_id (str, Optional) – An identifier of the resource in the provider. Defaults to None.