No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@UF8ACTKPV> I’ve seen this too but I wasn’t sure if I accidentally did this to myself somehow from the console. I ran `refresh` and then `up` again and it figured itself out.

Oh, I mean we fixed it manually in the console

but this was 2 days of the k8s cluster being unable to talk to the container registry so deploys would fail

So you didn’t get the opportunity to run `refresh` at all?

Actually I dunno that we even ran a refresh/up in that stack

yah, sorry, so we have a stack that broke the roles

and then another stack that was running refresh, so I am confused

What kind of IAM APIs are you using? Bindings are different and non-deleterious.

I forget what the API is, but one of them (like AWS) is an API that will delete other policies bound to a role

Its a call to SetIamPolicy that caused the editor role to be nuked off of unrelated accounts

I have to run to a meeting, but will check the thread when I get back!

Re reporting: feel free to send it to either me or <@UB3BGTV63> , with whatever you feel needs redacting removed

I dont think it needs to be redacted from y’all, just not sure I wanna paste the payload into github issues!

Is there any more info? (i.e. the program etc or any background on what was expected etc)

It was a pretty typical gcp identity stack