Is this the appropriate place to bring up a problem with the Pulumi Community #google-cloud

Is this the appropriate place to bring up a proble...

prehistoric-house-87407

07/30/2021, 6:49 PM

Is this the appropriate place to bring up a problem with the Google Native provider? I'm trying to create a ServiceAccount and ServiceAccountIamPolicy. I think I need to use the generated email from the ServiceAccount in the ServiceAccountIamPolicy, but I can't since the members field will only take a

str

and not an

Output

. My python example:

Copy code

import pulumi_google_native as google

sa = google.iam.v1.ServiceAccount(
    "test-sa",
    account_id="test-sa",
)

google.iam.v1.ServiceAccountIamPolicy(
    sa.name,
    service_account_id=sa.id,
    bindings=[
        google.iam.v1.BindingArgs(
            members=[sa.email.apply(lambda emailid: f"user:{emailid}")], role="roles/cloudsql.client"
        )
    ],
)

numerous-thailand-80976

07/30/2021, 11:41 PM

I had to do something similar but for a different resource (kubernetes SA), wrap the entire IAM policy creation statement inside an apply, that way you’ll get the email as a string and will be able to pass it to the method without issue

numerous-thailand-80976

07/30/2021, 11:42 PM

BTW, if it’s an SA, the email needs to be preceded with

serviceAccount:

instead of

user:

in the bindings

numerous-thailand-80976

07/30/2021, 11:42 PM

I can provide a go sample of this if you want

prehistoric-house-87407

08/02/2021, 1:48 PM

@numerous-thailand-80976 thanks for the advice, I'll give it a shot!

👍 1

Open in Slack

Previous Next