Hello All -- just getting to know google cloud and...
# google-cloudc
colossal-tailor-72573
11/02/2023, 6:22 PMHello All -- just getting to know google cloud and pulumi. I'm not sure I understand how the cloudrunv2 iam stuff works. I'd like to allow unauthenticated users access to invoke a cloudrun service. I'm guessing I'm supposed to attach the "allUsers" to "roles/run.invoker" for the service. However, none of the service iam functions let you specify which service you're referring to. What am I missing?
https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrunv2/serviceiambinding/
f
full-eve-52536
11/02/2023, 6:28 PMThis is what I do in TypeScript:
Copy code
new gcp.cloudrun.IamBinding('idp-api-service-iam-binding', {
location: gcpConfig.require('region'),
service: idpApiCloudRunService.name,
role: 'roles/run.invoker',
members: ['allUsers'],
});full-eve-52536
11/02/2023, 6:29 PMI know that's not cloudrun V2, but it seems to work fine even though the service was created with cloudrunv2
c
colossal-tailor-72573
11/02/2023, 6:29 PMYeah -- I'm trying the go version of that now. But that is using the cloudrun package not the cloudrunv2 package
colossal-tailor-72573
11/02/2023, 6:29 PMgiving it a shot right now 🙂
colossal-tailor-72573
11/02/2023, 6:31 PMThat does indeed work! Thanks
g
glamorous-jelly-86558
11/02/2023, 10:19 PMWe got this to work for cloudrunv2 (TypeScript)
Copy code
// Create an IAM member to allow the service to be publicly accessible.
const apiNestInvoker = new gcp.cloudrunv2.ServiceIamBinding(
'api-server-invoker',
{
role: 'roles/run.invoker',
members: ['allUsers'],
name: apiServerService.name,
location: gcpRegion,
project: projectNameAndId,
},
);c
colossal-tailor-72573
11/02/2023, 11:20 PMI tried that before I used the cloudrun package. It doesn't even compile as the args don't have a name property
3 Views