GoogleServiceAccount class final

Factory wrapper for google_service_account (provider hashicorp/google ~> 7.0).

Creates an IAM service account on a project. The most user-facing computed attribute is member — a pre-formatted serviceAccount:<email> string you pass straight into IAM bindings, sidestepping the manual 'serviceAccount:' + email concatenation that's easy to typo.

Required identity:

• localName: Terraform local name (the address segment after google_service_account.).
• accountId: short ID before the @ in the resulting email (e.g. 'my-runner' → my-runner@<project>.iam.gserviceaccount.com). Must be 6-30 chars matching [a-z]([-a-z0-9]*[a-z0-9]). ForceNew: changing this destroys and recreates the SA.

Optional knobs:

• project: explicit project ID; defaults to the provider's project when omitted. ForceNew in the provider.
• displayName: human-readable name shown in the GCP console.
• description: free-form text (≤ 256 UTF-8 bytes).
• createIgnoreAlreadyExists: when true, skip creation if an SA with the same email already exists. Useful for shared environments where a peer Terraform stack may have created the SA first.
• disabled: disables the SA without deleting it. Defaults to false.

Example pairing with GooglePubsubTopicIamMember — the canonical sa.member flow:

final sa = GoogleServiceAccount(
  localName: 'publisher',
  accountId: TfArg.literal('orders-publisher'),
  displayName: TfArg.literal('Orders publisher'),
);

final orders = GooglePubsubTopic(
  localName: 'orders',
  name: TfArg.literal('orders-prod'),
);

// member is `serviceAccount:orders-publisher@<project>.iam.gserviceaccount.com`
// — pass it directly without manually prefixing `serviceAccount:`.
GooglePubsubTopicIamMember(
  localName: 'orders_publisher_binding',
  topic: TfArg.ref(orders.nameRef),
  role: TfArg.literal('roles/pubsub.publisher'),
  member: TfArg.ref(sa.member),
);

Composition pattern: extends Resource<$GoogleServiceAccount> for runtime behavior, implements $GoogleServiceAccount for the schemantic schema surface. argMap stores TfArg<dynamic>? entries directly; synth's JSON-encoding pass walks them and calls arg.toTfJson() to encode at write time.

Constructors

GoogleServiceAccount({required String localName, required TfArg<String> accountId, TfArg<String>? project, TfArg<String>? displayName, TfArg<String>? description, TfArg<bool>? createIgnoreAlreadyExists, TfArg<bool>? disabled, LifecycleOptions? lifecycle, List<DependencyTarget>? dependsOn})

Properties

$sensitiveFields → Set<String>

Field names that are @Sensitive per the IR-derived per-resource constant. Curated factories override with a baked-in static const Set<String> (file-private in v0.5+).

no setter

argMap → Map<String, TfArg?>

Argument-name → TfArg map. Keys are snake_case (Terraform JSON name). Synth emits these keys directly; the factory is responsible for the camelCase → snake_case translation at construction time.

final, inherited

dependsOn → List<DependencyTarget>?

Optional depends_on = [...]. Each entry is a DependencyTarget — either a wholesale resource (rendered as bare address) or an explicit TfRef (rendered via bareAddress).

final, inherited

email → TfRef<String>

email — <accountId>@<project>.iam.gserviceaccount.com. Use this when you need the bare email (e.g. injecting into an external system's config) — for IAM bindings prefer member.

no setter

hashCode → int

The hash code for this object.

no setter, inherited

id → TfRef<String>

id — full resource path projects/{project}/serviceAccounts/{email}.

no setter

kind → ResourceKind

Always ResourceKind.resource. Overridden by Data.

no setter, inherited

lifecycle → LifecycleOptions?

Optional lifecycle { ... } block.

final, inherited

localName → String

User-supplied local name within a Stack.

final, inherited

member → TfRef<String>

member — pre-formatted serviceAccount:<email> string. Use this for IAM bindings (e.g. member: TfArg.ref(sa.member)) — it eliminates the manual 'serviceAccount:' + email concatenation that is easy to typo and brittle when refactoring.

no setter

name → TfRef<String>

name — same as id (legacy alias retained by the provider).

no setter

provider → ProviderBinding?

Optional explicit provider binding. Only the type is referenced here; the concrete Provider class lives in terradart_google (provider classes are defined per-provider, outside the core runtime).

final, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

terraformType → String

Terraform resource type, e.g. google_pubsub_topic.

final, inherited

tfAddress → String

no setter, inherited

uniqueId → TfRef<String>

unique_id — numeric unique identifier assigned by GCP. Stable across rename if you change display_name; differs from id / email.

no setter

Methods

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited

Constants

$tfType → const String