Get OpenID userinfo about the credentials used with the Google provider, specifically the email.
This datasource enables you to export the email of the account you've
authenticated the provider with; this can be used alongside
data.google_client_config
's access_token
to perform OpenID Connect
authentication with GKE and configure an RBAC role for the email used.
data "google_client_openid_userinfo" "me" {
}
output "my-email" {
value = data.google_client_openid_userinfo.me.email
}
data "google_client_openid_userinfo" "provider_identity" {
}
data "google_client_config" "provider" {
}
data "google_container_cluster" "my_cluster" {
name = "my-cluster"
zone = "us-east1-a"
}
provider "kubernetes" {
host = "https://${data.google_container_cluster.my_cluster.endpoint}"
token = data.google_client_config.provider.access_token
cluster_ca_certificate = base64decode(
data.google_container_cluster.my_cluster.master_auth[0].cluster_ca_certificate,
)
}
resource "kubernetes_cluster_role_binding" "user" {
metadata {
name = "provider-user-admin"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
kind = "User"
name = data.google_client_openid_userinfo.provider_identity.email
}
}
There are no arguments available for this data source.
The following attributes are exported:
email
- The email of the account used by the provider to authenticate with GCP.