pulumi-gcp 7.12.0a1709074764__py3-none-any.whl → 7.12.0a1709133800__py3-none-any.whl

pulumi_gcp/securitycenter/project_custom_module.py

@@ -285,19 +285,19 @@ class ProjectCustomModule(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         example = gcp.securitycenter.ProjectCustomModule("example",
+            display_name="basic_custom_module",
+            enablement_state="ENABLED",
             custom_config=gcp.securitycenter.ProjectCustomModuleCustomConfigArgs(
-                description="The rotation period of the identified cryptokey resource exceeds 30 days.",
                 predicate=gcp.securitycenter.ProjectCustomModuleCustomConfigPredicateArgs(
                     expression="resource.rotationPeriod > duration(\\"2592000s\\")",
                 ),
-                recommendation="Set the rotation period to at most 30 days.",
                 resource_selector=gcp.securitycenter.ProjectCustomModuleCustomConfigResourceSelectorArgs(
                     resource_types=["cloudkms.googleapis.com/CryptoKey"],
                 ),
+                description="The rotation period of the identified cryptokey resource exceeds 30 days.",
+                recommendation="Set the rotation period to at most 30 days.",
                 severity="MEDIUM",
-            ),
-            display_name="basic_custom_module",
-            enablement_state="ENABLED")
+            ))
         ```
         ### Scc Project Custom Module Full
 
@@ -306,33 +306,33 @@ class ProjectCustomModule(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         example = gcp.securitycenter.ProjectCustomModule("example",
+            display_name="full_custom_module",
+            enablement_state="ENABLED",
             custom_config=gcp.securitycenter.ProjectCustomModuleCustomConfigArgs(
+                predicate=gcp.securitycenter.ProjectCustomModuleCustomConfigPredicateArgs(
+                    expression="resource.rotationPeriod > duration(\\"2592000s\\")",
+                    title="Purpose of the expression",
+                    description="description of the expression",
+                    location="location of the expression",
+                ),
                 custom_output=gcp.securitycenter.ProjectCustomModuleCustomConfigCustomOutputArgs(
                     properties=[gcp.securitycenter.ProjectCustomModuleCustomConfigCustomOutputPropertyArgs(
                         name="duration",
                         value_expression=gcp.securitycenter.ProjectCustomModuleCustomConfigCustomOutputPropertyValueExpressionArgs(
-                            description="description of the expression",
                             expression="resource.rotationPeriod",
-                            location="location of the expression",
                             title="Purpose of the expression",
+                            description="description of the expression",
+                            location="location of the expression",
                         ),
                     )],
                 ),
-                description="Description of the custom module",
-                predicate=gcp.securitycenter.ProjectCustomModuleCustomConfigPredicateArgs(
-                    description="description of the expression",
-                    expression="resource.rotationPeriod > duration(\\"2592000s\\")",
-                    location="location of the expression",
-                    title="Purpose of the expression",
-                ),
-                recommendation="Steps to resolve violation",
                 resource_selector=gcp.securitycenter.ProjectCustomModuleCustomConfigResourceSelectorArgs(
                     resource_types=["cloudkms.googleapis.com/CryptoKey"],
                 ),
                 severity="LOW",
-            ),
-            display_name="full_custom_module",
-            enablement_state="ENABLED")
+                description="Description of the custom module",
+                recommendation="Steps to resolve violation",
+            ))
         ```
 
         ## Import
@@ -400,19 +400,19 @@ class ProjectCustomModule(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         example = gcp.securitycenter.ProjectCustomModule("example",
+            display_name="basic_custom_module",
+            enablement_state="ENABLED",
             custom_config=gcp.securitycenter.ProjectCustomModuleCustomConfigArgs(
-                description="The rotation period of the identified cryptokey resource exceeds 30 days.",
                 predicate=gcp.securitycenter.ProjectCustomModuleCustomConfigPredicateArgs(
                     expression="resource.rotationPeriod > duration(\\"2592000s\\")",
                 ),
-                recommendation="Set the rotation period to at most 30 days.",
                 resource_selector=gcp.securitycenter.ProjectCustomModuleCustomConfigResourceSelectorArgs(
                     resource_types=["cloudkms.googleapis.com/CryptoKey"],
                 ),
+                description="The rotation period of the identified cryptokey resource exceeds 30 days.",
+                recommendation="Set the rotation period to at most 30 days.",
                 severity="MEDIUM",
-            ),
-            display_name="basic_custom_module",
-            enablement_state="ENABLED")
+            ))
         ```
         ### Scc Project Custom Module Full
 
@@ -421,33 +421,33 @@ class ProjectCustomModule(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         example = gcp.securitycenter.ProjectCustomModule("example",
+            display_name="full_custom_module",
+            enablement_state="ENABLED",
             custom_config=gcp.securitycenter.ProjectCustomModuleCustomConfigArgs(
+                predicate=gcp.securitycenter.ProjectCustomModuleCustomConfigPredicateArgs(
+                    expression="resource.rotationPeriod > duration(\\"2592000s\\")",
+                    title="Purpose of the expression",
+                    description="description of the expression",
+                    location="location of the expression",
+                ),
                 custom_output=gcp.securitycenter.ProjectCustomModuleCustomConfigCustomOutputArgs(
                     properties=[gcp.securitycenter.ProjectCustomModuleCustomConfigCustomOutputPropertyArgs(
                         name="duration",
                         value_expression=gcp.securitycenter.ProjectCustomModuleCustomConfigCustomOutputPropertyValueExpressionArgs(
-                            description="description of the expression",
                             expression="resource.rotationPeriod",
-                            location="location of the expression",
                             title="Purpose of the expression",
+                            description="description of the expression",
+                            location="location of the expression",
                         ),
                     )],
                 ),
-                description="Description of the custom module",
-                predicate=gcp.securitycenter.ProjectCustomModuleCustomConfigPredicateArgs(
-                    description="description of the expression",
-                    expression="resource.rotationPeriod > duration(\\"2592000s\\")",
-                    location="location of the expression",
-                    title="Purpose of the expression",
-                ),
-                recommendation="Steps to resolve violation",
                 resource_selector=gcp.securitycenter.ProjectCustomModuleCustomConfigResourceSelectorArgs(
                     resource_types=["cloudkms.googleapis.com/CryptoKey"],
                 ),
                 severity="LOW",
-            ),
-            display_name="full_custom_module",
-            enablement_state="ENABLED")
+                description="Description of the custom module",
+                recommendation="Steps to resolve violation",
+            ))
         ```
 
         ## Import

pulumi_gcp/securitycenter/source.py

@@ -199,10 +199,10 @@ class Source(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import
@@ -262,10 +262,10 @@ class Source(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import

pulumi_gcp/securitycenter/source_iam_binding.py

@@ -211,10 +211,10 @@ class SourceIamBinding(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import
@@ -268,10 +268,10 @@ class SourceIamBinding(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import

pulumi_gcp/securitycenter/source_iam_member.py

@@ -211,10 +211,10 @@ class SourceIamMember(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import
@@ -268,10 +268,10 @@ class SourceIamMember(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import

pulumi_gcp/securitycenter/source_iam_policy.py

@@ -160,10 +160,10 @@ class SourceIamPolicy(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import
@@ -217,10 +217,10 @@ class SourceIamPolicy(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        custom_source = gcp.securitycenter.Source("customSource",
-            description="My custom Cloud Security Command Center Finding Source",
+        custom_source = gcp.securitycenter.Source("custom_source",
             display_name="My Source",
-            organization="123456789")
+            organization="123456789",
+            description="My custom Cloud Security Command Center Finding Source")
         ```
 
         ## Import

pulumi_gcp/securityposture/posture.py

@@ -368,76 +368,84 @@ class Posture(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         posture1 = gcp.securityposture.Posture("posture1",
-            description="a new posture",
-            location="global",
+            posture_id="posture_1",
             parent="organizations/123456789",
+            location="global",
+            state="ACTIVE",
+            description="a new posture",
             policy_sets=[
                 gcp.securityposture.PosturePolicySetArgs(
+                    policy_set_id="org_policy_set",
                     description="set of org policies",
                     policies=[
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="canned_org_policy",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
                                     canned_constraint_id="storage.uniformBucketLevelAccess",
                                     policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
+                                        enforce=True,
                                         condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs(
                                             description="condition description",
                                             expression="resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
                                             title="a CEL condition",
                                         ),
-                                        enforce=True,
                                     )],
                                 ),
                             ),
-                            policy_id="canned_org_policy",
                         ),
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="custom_org_policy",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 org_policy_constraint_custom=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs(
                                     custom_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs(
+                                        name="organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
+                                        display_name="Disable GKE auto upgrade",
+                                        description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
                                         action_type="ALLOW",
                                         condition="resource.management.autoUpgrade == false",
-                                        description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
-                                        display_name="Disable GKE auto upgrade",
                                         method_types=[
                                             "CREATE",
                                             "UPDATE",
                                         ],
-                                        name="organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
                                         resource_types=["container.googleapis.com/NodePool"],
                                     ),
                                     policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs(
+                                        enforce=True,
                                         condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs(
                                             description="condition description",
                                             expression="resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
                                             title="a CEL condition",
                                         ),
-                                        enforce=True,
                                     )],
                                 ),
                             ),
-                            policy_id="custom_org_policy",
                         ),
                     ],
-                    policy_set_id="org_policy_set",
                 ),
                 gcp.securityposture.PosturePolicySetArgs(
+                    policy_set_id="sha_policy_set",
                     description="set of sha policies",
                     policies=[
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="sha_builtin_module",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 security_health_analytics_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs(
-                                    module_enablement_state="ENABLED",
                                     module_name="BIGQUERY_TABLE_CMEK_DISABLED",
+                                    module_enablement_state="ENABLED",
                                 ),
                             ),
                             description="enable BIGQUERY_TABLE_CMEK_DISABLED",
-                            policy_id="sha_builtin_module",
                         ),
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="sha_custom_module",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 security_health_analytics_custom_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs(
+                                    display_name="custom_SHA_policy",
                                     config=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs(
+                                        predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
+                                            expression="resource.rotationPeriod > duration('2592000s')",
+                                        ),
                                         custom_output=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs(
                                             properties=[gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs(
                                                 name="duration",
@@ -446,28 +454,20 @@ class Posture(pulumi.CustomResource):
                                                 ),
                                             )],
                                         ),
-                                        description="Custom Module",
-                                        predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
-                                            expression="resource.rotationPeriod > duration('2592000s')",
-                                        ),
-                                        recommendation="Testing custom modules",
                                         resource_selector=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs(
                                             resource_types=["cloudkms.googleapis.com/CryptoKey"],
                                         ),
                                         severity="LOW",
+                                        description="Custom Module",
+                                        recommendation="Testing custom modules",
                                     ),
-                                    display_name="custom_SHA_policy",
                                     module_enablement_state="ENABLED",
                                 ),
                             ),
-                            policy_id="sha_custom_module",
                         ),
                     ],
-                    policy_set_id="sha_policy_set",
                 ),
-            ],
-            posture_id="posture_1",
-            state="ACTIVE")
+            ])
         ```
 
         ## Import
@@ -522,76 +522,84 @@ class Posture(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         posture1 = gcp.securityposture.Posture("posture1",
-            description="a new posture",
-            location="global",
+            posture_id="posture_1",
             parent="organizations/123456789",
+            location="global",
+            state="ACTIVE",
+            description="a new posture",
             policy_sets=[
                 gcp.securityposture.PosturePolicySetArgs(
+                    policy_set_id="org_policy_set",
                     description="set of org policies",
                     policies=[
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="canned_org_policy",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
                                     canned_constraint_id="storage.uniformBucketLevelAccess",
                                     policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
+                                        enforce=True,
                                         condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs(
                                             description="condition description",
                                             expression="resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
                                             title="a CEL condition",
                                         ),
-                                        enforce=True,
                                     )],
                                 ),
                             ),
-                            policy_id="canned_org_policy",
                         ),
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="custom_org_policy",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 org_policy_constraint_custom=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs(
                                     custom_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs(
+                                        name="organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
+                                        display_name="Disable GKE auto upgrade",
+                                        description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
                                         action_type="ALLOW",
                                         condition="resource.management.autoUpgrade == false",
-                                        description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
-                                        display_name="Disable GKE auto upgrade",
                                         method_types=[
                                             "CREATE",
                                             "UPDATE",
                                         ],
-                                        name="organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
                                         resource_types=["container.googleapis.com/NodePool"],
                                     ),
                                     policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs(
+                                        enforce=True,
                                         condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs(
                                             description="condition description",
                                             expression="resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
                                             title="a CEL condition",
                                         ),
-                                        enforce=True,
                                     )],
                                 ),
                             ),
-                            policy_id="custom_org_policy",
                         ),
                     ],
-                    policy_set_id="org_policy_set",
                 ),
                 gcp.securityposture.PosturePolicySetArgs(
+                    policy_set_id="sha_policy_set",
                     description="set of sha policies",
                     policies=[
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="sha_builtin_module",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 security_health_analytics_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs(
-                                    module_enablement_state="ENABLED",
                                     module_name="BIGQUERY_TABLE_CMEK_DISABLED",
+                                    module_enablement_state="ENABLED",
                                 ),
                             ),
                             description="enable BIGQUERY_TABLE_CMEK_DISABLED",
-                            policy_id="sha_builtin_module",
                         ),
                         gcp.securityposture.PosturePolicySetPolicyArgs(
+                            policy_id="sha_custom_module",
                             constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                                 security_health_analytics_custom_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs(
+                                    display_name="custom_SHA_policy",
                                     config=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs(
+                                        predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
+                                            expression="resource.rotationPeriod > duration('2592000s')",
+                                        ),
                                         custom_output=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs(
                                             properties=[gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs(
                                                 name="duration",
@@ -600,28 +608,20 @@ class Posture(pulumi.CustomResource):
                                                 ),
                                             )],
                                         ),
-                                        description="Custom Module",
-                                        predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
-                                            expression="resource.rotationPeriod > duration('2592000s')",
-                                        ),
-                                        recommendation="Testing custom modules",
                                         resource_selector=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs(
                                             resource_types=["cloudkms.googleapis.com/CryptoKey"],
                                         ),
                                         severity="LOW",
+                                        description="Custom Module",
+                                        recommendation="Testing custom modules",
                                     ),
-                                    display_name="custom_SHA_policy",
                                     module_enablement_state="ENABLED",
                                 ),
                             ),
-                            policy_id="sha_custom_module",
                         ),
                     ],
-                    policy_set_id="sha_policy_set",
                 ),
-            ],
-            posture_id="posture_1",
-            state="ACTIVE")
+            ])
         ```
 
         ## Import

pulumi_gcp/serviceaccount/account.py

@@ -347,7 +347,7 @@ class Account(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        service_account = gcp.serviceaccount.Account("serviceAccount",
+        service_account = gcp.serviceaccount.Account("service_account",
             account_id="service-account-id",
             display_name="Service Account")
         ```
@@ -407,7 +407,7 @@ class Account(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        service_account = gcp.serviceaccount.Account("serviceAccount",
+        service_account = gcp.serviceaccount.Account("service_account",
             account_id="service-account-id",
             display_name="Service Account")
         ```

pulumi_gcp/serviceaccount/get_account.py

@@ -139,6 +139,23 @@ def get_account(account_id: Optional[str] = None,
 
     object_viewer = gcp.serviceaccount.get_account(account_id="object-viewer")
     ```
+    ### Save Key In Kubernetes Secret
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+    import pulumi_kubernetes as kubernetes
+    import pulumi_std as std
+
+    myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
+    mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
+    google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
+        metadata=kubernetes.meta.v1.ObjectMetaArgs(
+            name="google-application-credentials",
+        ),
+        data={
+            "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
+        })
+    ```
 
 
     :param str account_id: The Google service account ID. This be one of:
@@ -186,6 +203,23 @@ def get_account_output(account_id: Optional[pulumi.Input[str]] = None,
 
     object_viewer = gcp.serviceaccount.get_account(account_id="object-viewer")
     ```
+    ### Save Key In Kubernetes Secret
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+    import pulumi_kubernetes as kubernetes
+    import pulumi_std as std
+
+    myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
+    mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
+    google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
+        metadata=kubernetes.meta.v1.ObjectMetaArgs(
+            name="google-application-credentials",
+        ),
+        data={
+            "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
+        })
+    ```
 
 
     :param str account_id: The Google service account ID. This be one of:

pulumi_gcp/serviceaccount/get_account_access_token.py

@@ -114,9 +114,9 @@ def get_account_access_token(delegates: Optional[Sequence[str]] = None,
     import pulumi_gcp as gcp
 
     token_creator_iam = gcp.serviceaccount.IAMBinding("token-creator-iam",
-        members=["serviceAccount:service_A@projectA.iam.gserviceaccount.com"],
+        service_account_id="projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com",
         role="roles/iam.serviceAccountTokenCreator",
-        service_account_id="projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com")
+        members=["serviceAccount:service_A@projectA.iam.gserviceaccount.com"])
     ```
 
     Once the IAM permissions are set, you can apply the new token to a provider bootstrapped with it.  Any resources that references the aliased provider will run as the new identity.
@@ -127,14 +127,13 @@ def get_account_access_token(delegates: Optional[Sequence[str]] = None,
     import pulumi
     import pulumi_gcp as gcp
 
-    default_client_config = gcp.organizations.get_client_config()
-    default_account_access_token = gcp.serviceaccount.get_account_access_token(target_service_account="service_B@projectB.iam.gserviceaccount.com",
+    default = gcp.organizations.get_client_config()
+    default_get_account_access_token = gcp.serviceaccount.get_account_access_token(target_service_account="service_B@projectB.iam.gserviceaccount.com",
         scopes=[
             "userinfo-email",
             "cloud-platform",
         ],
         lifetime="300s")
-    impersonated = pulumi.providers.Google("impersonated", access_token=default_account_access_token.access_token)
     me = gcp.organizations.get_client_open_id_user_info()
     pulumi.export("target-email", me.email)
     ```
@@ -187,9 +186,9 @@ def get_account_access_token_output(delegates: Optional[pulumi.Input[Optional[Se
     import pulumi_gcp as gcp
 
     token_creator_iam = gcp.serviceaccount.IAMBinding("token-creator-iam",
-        members=["serviceAccount:service_A@projectA.iam.gserviceaccount.com"],
+        service_account_id="projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com",
         role="roles/iam.serviceAccountTokenCreator",
-        service_account_id="projects/-/serviceAccounts/service_B@projectB.iam.gserviceaccount.com")
+        members=["serviceAccount:service_A@projectA.iam.gserviceaccount.com"])
     ```
 
     Once the IAM permissions are set, you can apply the new token to a provider bootstrapped with it.  Any resources that references the aliased provider will run as the new identity.
@@ -200,14 +199,13 @@ def get_account_access_token_output(delegates: Optional[pulumi.Input[Optional[Se
     import pulumi
     import pulumi_gcp as gcp
 
-    default_client_config = gcp.organizations.get_client_config()
-    default_account_access_token = gcp.serviceaccount.get_account_access_token(target_service_account="service_B@projectB.iam.gserviceaccount.com",
+    default = gcp.organizations.get_client_config()
+    default_get_account_access_token = gcp.serviceaccount.get_account_access_token(target_service_account="service_B@projectB.iam.gserviceaccount.com",
         scopes=[
             "userinfo-email",
             "cloud-platform",
         ],
         lifetime="300s")
-    impersonated = pulumi.providers.Google("impersonated", access_token=default_account_access_token.access_token)
     me = gcp.organizations.get_client_open_id_user_info()
     pulumi.export("target-email", me.email)
     ```