Amster

GCPServiceAccount

Global Operations

Resource path:

/global-config/services/GoogleCloudServiceAccountService/serviceAccounts

Resource version: 1.0

create

Usage

am> create GCPServiceAccount --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "allowedSecretNamePatterns" : {
      "title" : "Allowed Secret Names",
      "description" : "A list of patterns of Google Secret Manager secret names that are allowed to be usedwith this service account. Patterns can include the wildcard \"*\".",
      "propertyOrder" : 300,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "allowedRealms" : {
      "title" : "Allowed Realms",
      "description" : "A list of realms that are allowed to use this service account. Realms should be specified in path form, such as <code>/subrealm/subsubrealm</code>.",
      "propertyOrder" : 200,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "disallowedSecretNamePatterns" : {
      "title" : "Disallowed Secret Names",
      "description" : "A list of patterns of Google Secret Manager secret names that are <em>not</em> allowed to be used with this service account. Patterns can include the wildcard \"*\".",
      "propertyOrder" : 400,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "credentialsSecretId" : {
      "title" : "Credentials Secret Label",
      "description" : "The label of the secret that contains the GCP service account credentials. Leave blank to use the default credentials from the environment. Credentials can be loaded from disk using a FileSystem Secret Store.",
      "propertyOrder" : 100,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}

delete

Usage

am> delete GCPServiceAccount --global --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action GCPServiceAccount --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action GCPServiceAccount --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action GCPServiceAccount --global --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query GCPServiceAccount --global --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read GCPServiceAccount --global --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update GCPServiceAccount --global --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "allowedSecretNamePatterns" : {
      "title" : "Allowed Secret Names",
      "description" : "A list of patterns of Google Secret Manager secret names that are allowed to be usedwith this service account. Patterns can include the wildcard \"*\".",
      "propertyOrder" : 300,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "allowedRealms" : {
      "title" : "Allowed Realms",
      "description" : "A list of realms that are allowed to use this service account. Realms should be specified in path form, such as <code>/subrealm/subsubrealm</code>.",
      "propertyOrder" : 200,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "disallowedSecretNamePatterns" : {
      "title" : "Disallowed Secret Names",
      "description" : "A list of patterns of Google Secret Manager secret names that are <em>not</em> allowed to be used with this service account. Patterns can include the wildcard \"*\".",
      "propertyOrder" : 400,
      "required" : true,
      "items" : {
        "type" : "string"
      },
      "type" : "array",
      "exampleValue" : ""
    },
    "credentialsSecretId" : {
      "title" : "Credentials Secret Label",
      "description" : "The label of the secret that contains the GCP service account credentials. Leave blank to use the default credentials from the environment. Credentials can be loaded from disk using a FileSystem Secret Store.",
      "propertyOrder" : 100,
      "required" : false,
      "type" : "string",
      "exampleValue" : ""
    }
  }
}
Copyright © 2010-2024 ForgeRock, all rights reserved.