hey guys, is there any way to get a reference of t...
# general
hey guys, is there any way to get a reference of the user/serviceaccount that is running the pulumi command? I’m trying to create a
GCP CloudRun
service, but as specified in the docs, unless you specify a
ServiceTemplateSpec serviceAccountName
it will use the default cloud engine service account which has Editor permissions and therefore gets a permission denied on SecretManager resources for example. I’m setting my service account credentials in my stack config file through the
value. Any help or tips would be greatly appreciated!
Is this the correct way to go? Is it feasible that you might specify a different account for this purpose than the one being used to run the deployment? I think providing the correct service account name as a stack config parameter might be more robust.
You’re absolutely right! The more I was messing around with this idea, the more I’ve come to the same conclusion. I think the best would be to create a service account that only has CloudRun privileges and Secret Manager Accessor in this case 🙂