gcp.organizations.getClientOpenIdUserInfo
Explore with Pulumi AI
Get OpenID userinfo about the credentials used with the Google provider, specifically the email.
This datasource enables you to export the email of the account you’ve
authenticated the provider with; this can be used alongside
data.google_client_config
’s access_token
to perform OpenID Connect
authentication with GKE and configure an RBAC role for the email used.
This resource will only work as expected if the provider is configured to use the
https://www.googleapis.com/auth/userinfo.email
scope! You will receive an error otherwise. The provider uses this scope by default.
Example Usage
Exporting An Email
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
export = async () => {
const me = await gcp.organizations.getClientOpenIdUserInfo({});
return {
"my-email": me.email,
};
}
import pulumi
import pulumi_gcp as gcp
me = gcp.organizations.get_client_open_id_user_info()
pulumi.export("my-email", me.email)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
me, err := organizations.GetClientOpenIdUserInfo(ctx, nil, nil)
if err != nil {
return err
}
ctx.Export("my-email", me.Email)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var me = Gcp.Organizations.GetClientOpenIdUserInfo.Invoke();
return new Dictionary<string, object?>
{
["my-email"] = me.Apply(getClientOpenIdUserInfoResult => getClientOpenIdUserInfoResult.Email),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var me = OrganizationsFunctions.getClientOpenIdUserInfo();
ctx.export("my-email", me.applyValue(getClientOpenIdUserInfoResult -> getClientOpenIdUserInfoResult.email()));
}
}
variables:
me:
fn::invoke:
Function: gcp:organizations:getClientOpenIdUserInfo
Arguments: {}
outputs:
my-email: ${me.email}
OpenID Connect W/ Kubernetes Provider + RBAC IAM Role
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
user:
type: kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding
properties:
metadata:
name: provider-user-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subject:
- kind: User
name: ${providerIdentity.email}
variables:
providerIdentity:
fn::invoke:
Function: gcp:organizations:getClientOpenIdUserInfo
Arguments: {}
provider:
fn::invoke:
Function: gcp:organizations:getClientConfig
Arguments: {}
myCluster:
fn::invoke:
Function: gcp:container:getCluster
Arguments:
name: my-cluster
zone: us-east1-a
Using getClientOpenIdUserInfo
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClientOpenIdUserInfo(opts?: InvokeOptions): Promise<GetClientOpenIdUserInfoResult>
function getClientOpenIdUserInfoOutput(opts?: InvokeOptions): Output<GetClientOpenIdUserInfoResult>
def get_client_open_id_user_info(opts: Optional[InvokeOptions] = None) -> GetClientOpenIdUserInfoResult
def get_client_open_id_user_info_output(opts: Optional[InvokeOptions] = None) -> Output[GetClientOpenIdUserInfoResult]
func GetClientOpenIdUserInfo(ctx *Context, opts ...InvokeOption) (*GetClientOpenIdUserInfoResult, error)
func GetClientOpenIdUserInfoOutput(ctx *Context, opts ...InvokeOption) GetClientOpenIdUserInfoResultOutput
> Note: This function is named GetClientOpenIdUserInfo
in the Go SDK.
public static class GetClientOpenIdUserInfo
{
public static Task<GetClientOpenIdUserInfoResult> InvokeAsync(InvokeOptions? opts = null)
public static Output<GetClientOpenIdUserInfoResult> Invoke(InvokeOptions? opts = null)
}
public static CompletableFuture<GetClientOpenIdUserInfoResult> getClientOpenIdUserInfo(InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:organizations/getClientOpenIdUserInfo:getClientOpenIdUserInfo
arguments:
# arguments dictionary
getClientOpenIdUserInfo Result
The following output properties are available:
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.