https://pulumi.com logo
#general
Title
# general
c

careful-country-29079

02/02/2024, 10:02 PM
Hello! Hoping someone can point me in the right direction here. I am working on Deployments to a GCP project and have configured the service account, Workload Identity pool and OIDC. My preview is good but when I run the update I'm receiving
"message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist)."
"status": "PERMISSION_DENIED"
. I configured the service account with the
preview
and
update
attributes.
google.subject="pulumi:deploy:org:orgnamehere:project:projectnamehere:stack:stackname:operation:preview:scope:write"
google.subject="pulumi:deploy:org:orgnamehere:project:projectnamehere:stack:stackname:operation:update:scope:write"
Also, granted the Owner, Security Admin and Service Account Token Creator roles.