chilly-laptop-44574
04/02/2020, 2:07 AMconst myProject = new gcp.organizations.Project("gcp proj", settings)
const service = new gcp.projects.Service("Kubernetes Engine API", {
disableDependentServices: true,
project: myProject.projectId,
service: "<http://container.googleapis.com|container.googleapis.com>",
});
And then I want to grand permission to the service account (created by default by container.googleapis.com)
const iamMember = new gcp.projects.IAMMember("iamMember", {
project: myProject.projectId,
role: "roles/compute.securityAdmin",
`member: serviceAccount:<mailto:service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com|service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com>
,
});`
But this generates error: googleapi: Error 400: Service account <mailto:service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com|service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com> does not exist
When I run the pulumi up
again then it works as service account has been already provisioned by that time by GCP.
Is there any way to pull status of the service account and wait if not yet created before calling enabling the role.