import * as pulumi from "@pulumi/pulumi";
/**
 * Get the email address of an organization's Access Approval service account.
 *
 * Each Google Cloud organization has a unique service account used by Access Approval.
 * When using Access Approval with a
 * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),
 * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
 * Cloud KMS key used to sign approvals.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({
 *     organizationId: "my-organization",
 * });
 * const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
 *     cryptoKeyId: cryptoKey.id,
 *     role: "roles/cloudkms.signerVerifier",
 *     member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
 * });
 * ```
 */
export declare function getOrganizationServiceAccount(args: GetOrganizationServiceAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetOrganizationServiceAccountResult>;
/**
 * A collection of arguments for invoking getOrganizationServiceAccount.
 */
export interface GetOrganizationServiceAccountArgs {
    /**
     * The organization ID the service account was created for.
     */
    organizationId: string;
}
/**
 * A collection of values returned by getOrganizationServiceAccount.
 */
export interface GetOrganizationServiceAccountResult {
    /**
     * The email address of the service account. This value is
     * often used to refer to the service account in order to grant IAM permissions.
     */
    readonly accountEmail: string;
    /**
     * The provider-assigned unique ID for this managed resource.
     */
    readonly id: string;
    /**
     * The Access Approval service account resource name. Format is "organizations/{organization_id}/serviceAccount".
     */
    readonly name: string;
    readonly organizationId: string;
}
/**
 * Get the email address of an organization's Access Approval service account.
 *
 * Each Google Cloud organization has a unique service account used by Access Approval.
 * When using Access Approval with a
 * [custom signing key](https://cloud.google.com/cloud-provider-access-management/access-approval/docs/review-approve-access-requests-custom-keys),
 * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
 * Cloud KMS key used to sign approvals.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const serviceAccount = gcp.accessapproval.getOrganizationServiceAccount({
 *     organizationId: "my-organization",
 * });
 * const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
 *     cryptoKeyId: cryptoKey.id,
 *     role: "roles/cloudkms.signerVerifier",
 *     member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
 * });
 * ```
 */
export declare function getOrganizationServiceAccountOutput(args: GetOrganizationServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetOrganizationServiceAccountResult>;
/**
 * A collection of arguments for invoking getOrganizationServiceAccount.
 */
export interface GetOrganizationServiceAccountOutputArgs {
    /**
     * The organization ID the service account was created for.
     */
    organizationId: pulumi.Input<string>;
}