service_account_key#

Exec module for managing ServiceAccountKeys.

async idem_gcp.exec.gcp.iam.service_account_key.list_(hub, ctx, sa_resource_id: str, project: str = None)[source]#

Lists every ServiceAccountKey that belongs to a specific project.

Parameters:

  • sa_resource_id (str) – Resource id of the service account following the pattern projects/{project}/serviceAccounts/{id}.

  • project (str, Optional) – The resource name of the project associated with the service accounts.

async idem_gcp.exec.gcp.iam.service_account_key.get(hub, ctx, project: str = None, service_account_id: str = None, key_id: str = None, name: str = None, resource_id: str = None)[source]#

Returns the specified ServiceAccountKey resource.

Parameters:

  • project (str, Optional) – Project ID for this request.

  • service_account_id (str, Optional) – Email or unique_id of the service account in GCP.

  • key_id (str, Optional) – Id of the service account key in GCP.

  • name (str, Optional) – Name of the service account in the provider API.

  • resource_id (str, Optional) – An identifier of the service account key in idem. Defaults to None.

Examples

random-name:
  exec.run:
  - path: gcp.iam.service_account_key.get
  - kwargs:
      name: service-account-key-name
async idem_gcp.exec.gcp.iam.service_account_key.upload(hub, ctx, service_account_id: str, public_key_data: str)[source]#

Uploads the public key portion of a key pair that you manage, and associates the public key with a service account key.

After you upload the public key, you can use the private key from the key pair as a service account key.

Parameters:

  • service_account_id (str) – Resource id of the service account

  • public_key_data (str) – The public key to associate with the service account. Must be an RSA public key that is wrapped in an X.509 v3 certificate. Include the first line, —–BEGIN CERTIFICATE—–, and the last line, —–END CERTIFICATE—–. A base64-encoded string.

Examples

random-name:
  exec.run:
  - path: gcp.iam.service_account_key.upload
  - kwargs:
      service_account_id: projects/{...}/serviceAccounts/{...}
      public_key_data: <base64-encoded X.509 v3 certificate>
async idem_gcp.exec.gcp.iam.service_account_key.disable(hub, ctx, resource_id: str)[source]#

Disable a ServiceAccountKey. A disabled service account key can be re-enabled.

Parameters:

resource_id (str) – Resource id of the service account key

Examples

random-name:
  exec.run:
  - path: gcp.iam.service_account_key.disable
  - kwargs:
      resource_id: projects/{...}/serviceAccounts/{...}/keys/{...}
async idem_gcp.exec.gcp.iam.service_account_key.enable(hub, ctx, resource_id: str)[source]#

Enable a ServiceAccountKey.

Parameters:

resource_id (str) – Resource id of the service account key

Examples

random-name:
  exec.run:
  - path: gcp.iam.service_account_key.enable
  - kwargs:
      resource_id: projects/{...}/serviceAccounts/{...}/keys/{...}