Hello guys!! What is the best practice to wait for the resource before applying further changes in GCP and Typescript? I have following flow: Project -> enable API -> enable Role

const myProject = new gcp.organizations.Project("gcp proj", settings)

const service = new gcp.projects.Service("Kubernetes Engine API", {

disableDependentServices: true,

project: myProject.projectId,

service: "<http://container.googleapis.com|container.googleapis.com>",

});

And then I want to grand permission to the service account (created by default by container.googleapis.com)

const iamMember = new gcp.projects.IAMMember("iamMember", {

project:  myProject.projectId,

role: "roles/compute.securityAdmin",

`member:

serviceAccount:<mailto:service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com|service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com>

,

});` But this generates error:

googleapi: Error 400: Service account <mailto:service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com|service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com> does not exist

When I run the

pulumi up

again then it works as service account has been already provisioned by that time by GCP. Is there any way to pull status of the service account and wait if not yet created before calling enabling the role.