Hello All -- just getting to know google cloud and...
# google-cloud
Hello All -- just getting to know google cloud and pulumi. I'm not sure I understand how the cloudrunv2 iam stuff works. I'd like to allow unauthenticated users access to invoke a cloudrun service. I'm guessing I'm supposed to attach the "allUsers" to "roles/run.invoker" for the service. However, none of the service iam functions let you specify which service you're referring to. What am I missing? https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrunv2/serviceiambinding/
This is what I do in TypeScript:
Copy code
new gcp.cloudrun.IamBinding('idp-api-service-iam-binding', {
  location: gcpConfig.require('region'),
  service: idpApiCloudRunService.name,
  role: 'roles/run.invoker',
  members: ['allUsers'],
Adding that binding will ensure the CloudRun service allows unauthenticated user access.
I know that's not cloudrun V2, but it seems to work fine even though the service was created with cloudrunv2
Yeah -- I'm trying the go version of that now. But that is using the cloudrun package not the cloudrunv2 package
giving it a shot right now 🙂
That does indeed work! Thanks
We got this to work for cloudrunv2 (TypeScript)
Copy code
// Create an IAM member to allow the service to be publicly accessible.
const apiNestInvoker = new gcp.cloudrunv2.ServiceIamBinding(
    role: 'roles/run.invoker',
    members: ['allUsers'],
    name: apiServerService.name,
    location: gcpRegion,
    project: projectNameAndId,
I tried that before I used the cloudrun package. It doesn't even compile as the args don't have a name property