important-leather-28796
08/26/2023, 7:41 PMgreen
, and one blue
. We are seeing the appropriate resources after up green
, but after up blue
, we see that the IAM bindings disappear from green
and disabling those identities because they lose their permissions. The resources are named uniquely, have different urns, and of course different stack names. What am I missing here? How would pulumi or the gcp libs decide to take away from one when creating another?important-leather-28796
08/26/2023, 7:43 PMprovider
name of gcp
is the same. The names of each resource including the bindings are diff. These are different stacks (targeting the same GOOGLE_CLOUD_PROJECT
, so I see no logical reason why pulumi is having this conflict.important-leather-28796
08/26/2023, 7:46 PMgreen
, then blue
, going back to up green
- pulumi thinks it is unchanged even though the IAM bindings are now missing. I have bumped into a case where it thinks 1 of 3 accounts have members changed. It does not appear to be reliableimportant-leather-28796
08/26/2023, 7:54 PMimportant-leather-28796
08/26/2023, 8:37 PMbillowy-army-68599
pulumi stack init
to create an entirely new stack, then provisioning those resources is deleting the blue stack?important-leather-28796
08/26/2023, 8:41 PMbillowy-army-68599
gcp.projects.IAMBinding
resource, from the docs:
https://www.pulumi.com/registry/packages/gcp/api-docs/projects/iambinding/
Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.I think you want
IamMember
important-leather-28796
08/26/2023, 8:41 PMimportant-leather-28796
08/26/2023, 8:42 PMimportant-leather-28796
08/26/2023, 8:43 PMbillowy-army-68599
important-leather-28796
08/26/2023, 8:43 PMimportant-leather-28796
08/26/2023, 8:44 PMbillowy-army-68599
important-leather-28796
08/26/2023, 8:45 PMimportant-leather-28796
08/26/2023, 8:59 PMIAMBinding
(authoritative) to IAMMember
works. Thank you for the pointer!