Hello All -- just getting to know google cloud and pulumi. I'm not sure I understand how the cloudrunv2 iam stuff works. I'd like to allow unauthenticated users access to invoke a cloudrun service. I'm guessing I'm supposed to attach the "allUsers" to "roles/run.invoker" for the service. However, none of the service iam functions let you specify which service you're referring to. What am I missing? https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrunv2/serviceiambinding/

This is what I do in TypeScript:

new gcp.cloudrun.IamBinding('idp-api-service-iam-binding', {
  location: gcpConfig.require('region'),
  service: idpApiCloudRunService.name,
  role: 'roles/run.invoker',
  members: ['allUsers'],
});

Adding that binding will ensure the CloudRun service allows unauthenticated user access.

Yeah -- I'm trying the go version of that now. But that is using the cloudrun package not the cloudrunv2 package

We got this to work for cloudrunv2 (TypeScript)

// Create an IAM member to allow the service to be publicly accessible.
const apiNestInvoker = new gcp.cloudrunv2.ServiceIamBinding(
  'api-server-invoker',
  {
    role: 'roles/run.invoker',
    members: ['allUsers'],
    name: apiServerService.name,
    location: gcpRegion,
    project: projectNameAndId,
  },
);

I tried that before I used the cloudrun package. It doesn't even compile as the args don't have a name property