# general


11/16/2021, 6:20 AM
hi all, I have a use case here involving a call-back or webhook or whatever it maybe, basically, I am running Pulumi from one GCP project that will spin up a new GCP project along with the cloud resources like VPC, GKE etc. In this deployment, I'd need to grant access compute.imageUser to the child GCP project service account so that the GKE cluster can download docker images from the Container registry in the GCP project where Pulumi is running. Is there any way that I can achieve this as part of the process in deploying the child GCP project along with the other resources? I'd imagine if there's some kind of remote_exec in Terraform that I can use to run some gcloud command to grant the permission, otherwise any idea would be helpful, thanks!