import * as pulumi from "@pulumi/pulumi";
/**
 * Get the email address of a project's Access Approval service account.
 *
 * Each Google Cloud project has a unique service account used by Access Approval.
 * When using Access Approval with a
 * [custom signing key](https://docs.cloud.google.com/assured-workloads/access-approval/docs/review-approve-access-requests-custom-keys),
 * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
 * Cloud KMS key used to sign approvals.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const serviceAccount = gcp.accessapproval.getProjectServiceAccount({
 *     projectId: "my-project",
 * });
 * const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
 *     cryptoKeyId: cryptoKey.id,
 *     role: "roles/cloudkms.signerVerifier",
 *     member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
 * });
 * ```
 */
export declare function getProjectServiceAccount(args: GetProjectServiceAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectServiceAccountResult>;
/**
 * A collection of arguments for invoking getProjectServiceAccount.
 */
export interface GetProjectServiceAccountArgs {
    /**
     * The project ID the service account was created for.
     */
    projectId: string;
}
/**
 * A collection of values returned by getProjectServiceAccount.
 */
export interface GetProjectServiceAccountResult {
    /**
     * The email address of the service account. This value is
     * often used to refer to the service account in order to grant IAM permissions.
     */
    readonly accountEmail: string;
    /**
     * The provider-assigned unique ID for this managed resource.
     */
    readonly id: string;
    /**
     * The Access Approval service account resource name. Format is "projects/{project_id}/serviceAccount".
     */
    readonly name: string;
    readonly projectId: string;
}
/**
 * Get the email address of a project's Access Approval service account.
 *
 * Each Google Cloud project has a unique service account used by Access Approval.
 * When using Access Approval with a
 * [custom signing key](https://docs.cloud.google.com/assured-workloads/access-approval/docs/review-approve-access-requests-custom-keys),
 * this account needs to be granted the `cloudkms.signerVerifier` IAM role on the
 * Cloud KMS key used to sign approvals.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const serviceAccount = gcp.accessapproval.getProjectServiceAccount({
 *     projectId: "my-project",
 * });
 * const iam = new gcp.kms.CryptoKeyIAMMember("iam", {
 *     cryptoKeyId: cryptoKey.id,
 *     role: "roles/cloudkms.signerVerifier",
 *     member: serviceAccount.then(serviceAccount => `serviceAccount:${serviceAccount.accountEmail}`),
 * });
 * ```
 */
export declare function getProjectServiceAccountOutput(args: GetProjectServiceAccountOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetProjectServiceAccountResult>;
/**
 * A collection of arguments for invoking getProjectServiceAccount.
 */
export interface GetProjectServiceAccountOutputArgs {
    /**
     * The project ID the service account was created for.
     */
    projectId: pulumi.Input<string>;
}