No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I can't for the life of me get `cloudrunv2.JobIamBinding` to work ...

I've been getting this erro:
```* Error retrieving IAM policy for cloudrunv2 job "projects/catalist-test-01/locations/us-central1-a/jobs/insight-generation": googleapi: Error 501: Operation is not implemented, or supported, or enabled.```
And it's driving me quite nutty. I've tried different ways to approach this, but I could use some help...

```invoker_policy = cloudrunv2.JobIamBinding(
            "trigger-binding",
            name=service_name,
            role="roles/run.invoker",
            members=[
                pulumi.Output.concat(
                    "serviceAccount:",
                    sa.service_accounts["service-account"].email,
                ),
            ],
        )```
e.g.

Hey <@U05DFQG5UF2>,
I ran into a similar problem making the cloudfunctionv2 invokable without authentication. My problem was that GCP internally implements cloud functions gen2 with a cloud run service with the same name. I had to apply IAM policies to the underlying cloud run service to get it to work.

E.g.,
```my_function = gcp.cloudfunctionsv2.Function(
    "my_function",
    ...
)

# This has no effect, or results in an operation not permitted depending on whether you use role "roles/cloudfunctions.invoker" or "roles/run.invoker"
my_function_invoker = gcp.cloudfunctionsv2.FunctionIamMember(
    "my_function_invoker",
    project=my_function.project,
    location=my_function.location,
    cloud_function=my_function.name,
    role="roles/cloudfunctions.invoker",
    member="allUsers",
)

# The next two statements have exactly the effect that I desire by setting a policy on the underlying cloud run service
my_iam_policy = gcp.organizations.get_iam_policy(
    bindings=[
        gcp.organizations.GetIAMPolicyBindingArgs(
            role="roles/run.invoker",
            members=["allUsers"],
        )
    ]
)

my_iam_policy = gcp.cloudrun.IamPolicy(
    "no-auth-IAM-policy",
    location=my_function.location,
    project=my_function.project,
    service=my_function.name,
    policy_data=my_iam_policy.policy_data
)```

Some of the underlying APIs are a little finnicky, eh?

Turned out my problem was I needed to specify `location` WOOPS :joy:

thanks for the info tho, good to know when I migrate to cloudfunctions v2