Hoi ! I have the issue that the creation of pub/sub and datasets fail when i have configured an encryption key for them.
This setup requires the Encrypter/Decryptor role for the particular service accounts of pubsub and bigquery.
I use CryptoKeyIAMBinding to provide access the key for these services accounts.
I also added these bindings as an explicit dependency to the construction of the pubsub topc and the dataset.
When I look at the deployment, pulumi behaves as expected: it only starts the creation of the pubsub topics and the datasets after the key bindings are completed. so thats good.
however, it seems that additional time needs to be waited.
because when i rerun the deployment, it works just fine.
does anybody have a good idea for mitigations/solutions ?
is there a way to configure retires ?
or to introduce a “sleep” 🙈 ?