Allows management of Google Cloud Platform project default service accounts.
When certain service APIs are enabled, Google Cloud Platform automatically creates service accounts to help get started, but this is not recommended for production environments as per Google's documentation. See the Organization documentation for more details.
resource "google_project_default_service_accounts" "my_project" {
project = "my-project-id"
action = "DELETE"
}
To enable the default service accounts on the resource destroy:
resource "google_project_default_service_accounts" "my_project" {
project = "my-project-id"
action = "DISABLE"
restore_policy = "REVERT"
}
The following arguments are supported:
project
- (Required) The project ID where service accounts are created.
action
- (Required) The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE
, DELETE
, DISABLE
. Note that DEPRIVILEGE
action will ignore the REVERT configuration in the restore_policy
restore_policy
- (Optional) The action to be performed in the default service accounts on the resource destroy.
Valid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.
If set to REVERT it attempts to restore all default SAs but the DEPRIVILEGE action.
If set to REVERT_AND_IGNORE_FAILURE it is the same behavior as REVERT but ignores errors returned by the API.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}
service_accounts
- The Service Accounts changed by this resource. It is used for REVERT
the action
on the destroy.This resource provides the following Timeouts configuration options: configuration options:
create
- Default is 10 minutes.update
- Default is 10 minutes.delete
- Default is 10 minutes.This resource does not support import