Reputation: 48
Getting service account key deployed via Google DM
Is it possible to get a service account key that is deployed via Google Deployment Manager (iam.v1.serviceAccounts.key resource) as a result of request to DM?
I have seen an option to expose it in outputs (https://cloud.google.com/deployment-manager/docs/configuration/expose-information-outputs) , but can't see any possibility to get the key as a response of Deployment Manager insert/update API methods.
Upvotes: 0
Views: 621
Answers (1)
Reputation: 409
To fetch the key you can set up output or reference to the PrivatekeyData in the same configuration as creating the key. If there is not a reference or output to that field, then DM will ignore it.
Example config looks like:
outputs:
- name: key
value: $(ref.iam-key.privateKeyData)
resources:
- name: iam-account
type: iam.v1.serviceAccount
properties:
accountId: iam-account
displayName: iam-account-display
- name: iam-key
type: iam.v1.serviceAccounts.key
properties:
parent: $(ref.iam-account.name)
When running the above yaml file with
gcloud deployment-manager deployments create [DemploymentName] --config key.yaml.
This creates a service account with an associated key. You can look up at the manifest associated with the configuration. You can also access Deployment-> Deployment properties-> Layout in the cloud console.
Upvotes: 1
Related Questions
- How to download the default service account .json key
- GCP IAM REST API Service account key issue
- How to add IAM policy binding to a service account using Google Cloud Deployment Manager?
- Passing GCP service account key to GKE pods
- GCP Download/Get Service Account Key
- How do I know what key value pairs are available for deployment manager?
- Error when trying to create a serviceaccount key in deployment manager
- Deployment Manager, how to obtain google storage service account in resource file
- How to add service-account to instance template with deployment manager
- Get developer keys for Google Cloud Service Accounts