No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi, I have one GCP project with a GKE cluster, our pulumi code is written so each stack creates a new namespace but they have access to some shared resources like Firestore. The issue is that whenever I create a new stack, which creates a new service account (workload identity), the permissions from the previous stacks get removed. Anyone ever seen this behavior before? The python code looks like:

```firestore_iam = gcp.projects.IAMBinding(
    resource_name=f"{SHORT_NAME}-firestore-binding",
    project=project,
    role="roles/datastore.owner",
    members=[gcp_sa.email.apply(lambda email: f"serviceAccount:{email}")],
    opts=pulumi.ResourceOptions(provider=gcp_provider),
)```