No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello!  Hoping someone can point me in the right direction here.  I am working on Deployments to a GCP project and have configured the service account, Workload Identity pool and OIDC.  My preview is good but when I run the update I'm receiving `"message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist)."`  `"status": "PERMISSION_DENIED"`.

I configured the service account with the `preview` and `update` attributes.
`google.subject="pulumi:deploy:org:orgnamehere:project:projectnamehere:stack:stackname:operation:preview:scope:write"`
 `google.subject="pulumi:deploy:org:orgnamehere:project:projectnamehere:stack:stackname:operation:update:scope:write"`

Also, granted the Owner, Security Admin and Service Account Token Creator roles.