Channels
#python
Title
# python
f
fast-arm-63150
10/27/2021, 11:51 AMHi all! Crawling through the pulumi documentation on creating service accounts but would anyone know how to add additional roles to a service account on GCP?
p
prehistoric-activity-61023
10/27/2021, 11:52 AMI can copy’n’paste you a snippet from my project, gimme me a sec
👍 1
Copy code
# create service account
svc_account = gcp.serviceaccount.Account(
f"sa-{svc_account_spec.account_id}",
account_id=svc_account_spec.account_id,
display_name=svc_account_spec.display_name,
project=project.project_id,
opts=pulumi.ResourceOptions(parent=project),
)
# assign project roles
for role in svc_account_spec.project_roles:
gcp.projects.IAMMember(
f"sa-{svc_account_spec.account_id}-{simple_role_name(role)}",
member=pulumi.Output.concat("serviceAccount:", svc_account.email),
project=project.project_id,
role=role,
opts=pulumi.ResourceOptions(parent=svc_account),
)hope that will help you 🙂
f
fast-arm-63150
10/27/2021, 11:55 AMhey cheers will take a look!
p
prehistoric-activity-61023
10/27/2021, 11:56 AMjust in case,
rolegcp.projects.IAMMemberroles/roles/storage.adminsimple_role_name Copy code
def simple_role_name(role: str) -> str:
"""
Create a simplified role name that can be used as a part of resource name.
Example: "roles/logging.logWriter" becomes "logging-logwriter"
"""
return role.replace("roles/", "").replace(".", "-").lower()f
fast-arm-63150
10/27/2021, 11:59 AMah cool, what is svc_account_spec?
p
prehistoric-activity-61023
10/27/2021, 12:16 PMinstance of ServiceAccount class (my Pydantic model):
Copy code
class ServiceAccount(BaseModel):
account_id: str
display_name: Optional[str]
project_roles: List[str] = []
create_key: bool = Falseas I said, it’s just a copy’n’paste from one of my projects so it contains additional references to such things 🙂
4 Views