Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
f
fast-arm-63150
10/27/2021, 11:51 AMHi all! Crawling through the pulumi documentation on creating service accounts but would anyone know how to add additional roles to a service account on GCP?
p
prehistoric-activity-61023
10/27/2021, 11:52 AMI can copy’n’paste you a snippet from my project, gimme me a sec
👍 1
# create service account
svc_account = gcp.serviceaccount.Account(
f"sa-{svc_account_spec.account_id}",
account_id=svc_account_spec.account_id,
display_name=svc_account_spec.display_name,
project=project.project_id,
opts=pulumi.ResourceOptions(parent=project),
)
# assign project roles
for role in svc_account_spec.project_roles:
gcp.projects.IAMMember(
f"sa-{svc_account_spec.account_id}-{simple_role_name(role)}",
member=pulumi.Output.concat("serviceAccount:", svc_account.email),
project=project.project_id,
role=role,
opts=pulumi.ResourceOptions(parent=svc_account),
)hope that will help you 🙂
f
fast-arm-63150
10/27/2021, 11:55 AMhey cheers will take a look!
p
prehistoric-activity-61023
10/27/2021, 11:56 AMjust in case,
rolegcp.projects.IAMMemberroles/roles/storage.adminsimple_role_namedef simple_role_name(role: str) -> str:
"""
Create a simplified role name that can be used as a part of resource name.
Example: "roles/logging.logWriter" becomes "logging-logwriter"
"""
return role.replace("roles/", "").replace(".", "-").lower()f
fast-arm-63150
10/27/2021, 11:59 AMah cool, what is svc_account_spec?
p
prehistoric-activity-61023
10/27/2021, 12:16 PMinstance of ServiceAccount class (my Pydantic model):
class ServiceAccount(BaseModel):
account_id: str
display_name: Optional[str]
project_roles: List[str] = []
create_key: bool = Falseas I said, it’s just a copy’n’paste from one of my projects so it contains additional references to such things 🙂