1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. organizations
  5. getClientOpenIdUserInfo
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

gcp.organizations.getClientOpenIdUserInfo

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

    Get OpenID userinfo about the credentials used with the Google provider, specifically the email.

    This datasource enables you to export the email of the account you’ve authenticated the provider with; this can be used alongside data.google_client_config’s access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.

    This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.

    Example Usage

    Exporting An Email

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    export = async () => {
        const me = await gcp.organizations.getClientOpenIdUserInfo({});
        return {
            "my-email": me.email,
        };
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    me = gcp.organizations.get_client_open_id_user_info()
    pulumi.export("my-email", me.email)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		me, err := organizations.GetClientOpenIdUserInfo(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("my-email", me.Email)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();
    
        return new Dictionary<string, object?>
        {
            ["my-email"] = me.Apply(getClientOpenIdUserInfoResult => getClientOpenIdUserInfoResult.Email),
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.OrganizationsFunctions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var me = OrganizationsFunctions.getClientOpenIdUserInfo();
    
            ctx.export("my-email", me.applyValue(getClientOpenIdUserInfoResult -> getClientOpenIdUserInfoResult.email()));
        }
    }
    
    variables:
      me:
        fn::invoke:
          Function: gcp:organizations:getClientOpenIdUserInfo
          Arguments: {}
    outputs:
      my-email: ${me.email}
    

    OpenID Connect W/ Kubernetes Provider + RBAC IAM Role

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    resources:
      user:
        type: kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding
        properties:
          metadata:
            name: provider-user-admin
          roleRef:
            apiGroup: rbac.authorization.k8s.io
            kind: ClusterRole
            name: cluster-admin
          subject:
            - kind: User
              name: ${providerIdentity.email}
    variables:
      providerIdentity:
        fn::invoke:
          Function: gcp:organizations:getClientOpenIdUserInfo
          Arguments: {}
      provider:
        fn::invoke:
          Function: gcp:organizations:getClientConfig
          Arguments: {}
      myCluster:
        fn::invoke:
          Function: gcp:container:getCluster
          Arguments:
            name: my-cluster
            zone: us-east1-a
    

    Using getClientOpenIdUserInfo

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getClientOpenIdUserInfo(opts?: InvokeOptions): Promise<GetClientOpenIdUserInfoResult>
    function getClientOpenIdUserInfoOutput(opts?: InvokeOptions): Output<GetClientOpenIdUserInfoResult>
    def get_client_open_id_user_info(opts: Optional[InvokeOptions] = None) -> GetClientOpenIdUserInfoResult
    def get_client_open_id_user_info_output(opts: Optional[InvokeOptions] = None) -> Output[GetClientOpenIdUserInfoResult]
    func GetClientOpenIdUserInfo(ctx *Context, opts ...InvokeOption) (*GetClientOpenIdUserInfoResult, error)
    func GetClientOpenIdUserInfoOutput(ctx *Context, opts ...InvokeOption) GetClientOpenIdUserInfoResultOutput

    > Note: This function is named GetClientOpenIdUserInfo in the Go SDK.

    public static class GetClientOpenIdUserInfo 
    {
        public static Task<GetClientOpenIdUserInfoResult> InvokeAsync(InvokeOptions? opts = null)
        public static Output<GetClientOpenIdUserInfoResult> Invoke(InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetClientOpenIdUserInfoResult> getClientOpenIdUserInfo(InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:organizations/getClientOpenIdUserInfo:getClientOpenIdUserInfo
      arguments:
        # arguments dictionary

    getClientOpenIdUserInfo Result

    The following output properties are available:

    Email string
    The email of the account used by the provider to authenticate with GCP.
    Id string
    Email string
    The email of the account used by the provider to authenticate with GCP.
    Id string
    email String
    The email of the account used by the provider to authenticate with GCP.
    id String
    email string
    The email of the account used by the provider to authenticate with GCP.
    id string
    email str
    The email of the account used by the provider to authenticate with GCP.
    id str
    email String
    The email of the account used by the provider to authenticate with GCP.
    id String

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi