flat-mechanic-75334
05/06/2020, 4:19 PMpulumi destroy
didn’t only delete the service account in question, but also blew away the role assignments from ALL service accounts that had identical role. Am I doing this wrong? Seems quite risky. Here’s the code I used to create the service account and assign the role:
const serviceAccount = new gcp.serviceAccount.Account("myServiceAccount",
{
accountId: SID,
displayName: SNAME,
description: "Service account Created by Pulumi"
}
);
const iam = new gcp.projects.IAMBinding("myBinding",
{
members: [pulumi.interpolate `serviceAccount:${serviceAccount.email}`],
role: "roles/storage.objectViewer",
}
);
green-school-95910
05/06/2020, 4:28 PMIAMMember
to prevent thatflat-mechanic-75334
05/06/2020, 4:39 PMgcp.projects.IAMMember?
green-school-95910
05/06/2020, 4:49 PMflat-mechanic-75334
05/06/2020, 5:27 PM