This message was deleted.

You can get the project via

gcp.organizations.getClientConfig()

. And you can get the org detals via

gcp.organizations.getOrganization({ domain: "<http://pulumi.com|pulumi.com>" })

. Do those help?

Thanks @white-balloon-205 Unfortunately it does not give me what I want. But good to know those exist. Maybe I’m doing it wrong but I would like to assign a

ClusterRoleBinding

to the current account running pulumi (kind of a project master) which then in turns would be able to assign roles to dedicated service accounts with lesser privileges. That’s why I wanted to “guess” what was the current account, since I need its email as an argument to grant the role but it looks like I can’t do that, unless you got a clue here ?

Just so I understand - what exactly is the "account" you need here? There is a notion of "billing account", but other than that I believe there are only "organizations" and "projects"? Are you actually looking for a user credential of some kind?

Yeah sorry, I was not clear about what I was looking for. So since I’m using

gcp

to create a cluster, the first run of pulumi is supposed to use the service account selected by

gcloud auth

or the exported credentials in

GOOGLE_APPLICATION_CREDENTIALS

(if I understand well, the

env

value is the right one it seems,

@pulumi/gcp

does not use the

gcloud

tool for that ?). That’s what I called the account, or to be more precise : the current active gcloud service account in my shell pulumi is using to take actions in gcp. This service account has all the permissions in

gcp

to create and manage clusters and other service accounts. I would like to give it some roles in the cluster it just created and I was looking for a way to “guess” this service account (or even just the email) instead of having to put it explicitly in the config. That’s not a big deal since I can definitely reference it somewhere, but I’m used to make things as much reusable as possible with the least amount of configuration changes.