https://pulumi.com logo
Join Slack
Powered by
Hey All, I'm trying out Pulumi and having a time t...
# google-cloud
c
Hey All, I'm trying out Pulumi and having a time trying to get Aggregated Log sinks to work. Creating the bucket and logging sink works fine.
Copy code
bucket = storage.Bucket(resource_name=bucket_name, 
                        location="us-central1")

sink = logging.OrganizationSink("resource-ops-sink",
                        destination=Output.concat("<http://storage.googleapis.com/|storage.googleapis.com/>", bucket.id),
                        filter="logName:activity",
                        include_children=True,
                        org_id=org)
What I can't determine now is how to grant the write permissions to the bucket for service account used on the sink (writer_identity). I've been trying IAMBinding and IAMMember (each separately). However I get errors when it runs.
Copy code
member = serviceaccount.IAMMember(
                        member=sink.writer_identity,
                        resource_name="log_writer",
                        role="roles/storage.objectCreator",
                        service_account_id=sink.writer_identity)
Copy code
Diagnostics:
  gcp:serviceAccount:IAMMember (service-account-role-member):
    error: gcp:serviceAccount/iAMMember:IAMMember resource 'log-writer' has a problem: "service_account_id" ("serviceAccount:o976583563296-639776@gcp-sa-logging.iam.gserviceaccount.com") doesn't match regexp "projects/(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?)|-)/serviceAccounts/((?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))@[a-z]+.<http://gserviceaccount.com|gserviceaccount.com>$|[0-9]{1,20}-compute@developer.gserviceaccount.com|[a-z](?:[-a-z0-9]{4,28}[a-z0-9])@[-a-z0-9\\.]{1,63}\\.iam\\.gserviceaccount\\.com$)"
With Terraform I would only be providing the role and the member. I'm at a loss on this as to whether 1) am Im using the correct Pulumi object (IAMMember) and 2) why I'm getting the regex error on the resource_name attribute. I appreciate any assistance. Thanks.
Open in Slack
PreviousNext
Powered by