https://pulumi.com logo
Join Slack
Powered by
Hi all! Crawling through the pulumi documentation ...
# python
f
Hi all! Crawling through the pulumi documentation on creating service accounts but would anyone know how to add additional roles to a service account on GCP?
p
I can copy’n’paste you a snippet from my project, gimme me a sec
👍 1
Copy code
# create service account
    svc_account = gcp.serviceaccount.Account(
        f"sa-{svc_account_spec.account_id}",
        account_id=svc_account_spec.account_id,
        display_name=svc_account_spec.display_name,
        project=project.project_id,
        opts=pulumi.ResourceOptions(parent=project),
    )

    # assign project roles
    for role in svc_account_spec.project_roles:
        gcp.projects.IAMMember(
            f"sa-{svc_account_spec.account_id}-{simple_role_name(role)}",
            member=pulumi.Output.concat("serviceAccount:", svc_account.email),
            project=project.project_id,
            role=role,
            opts=pulumi.ResourceOptions(parent=svc_account),
        )
hope that will help you 🙂
f
hey cheers will take a look!
p
just in case, 
role
in 
gcp.projects.IAMMember
is a string with 
roles/
prefix, e.g. 
roles/storage.admin
simple_role_name
is just my util function:
Copy code
def simple_role_name(role: str) -> str:
    """
    Create a simplified role name that can be used as a part of resource name.

    Example: "roles/logging.logWriter" becomes "logging-logwriter"
    """
    return role.replace("roles/", "").replace(".", "-").lower()
f
ah cool, what is svc_account_spec?
p
instance of ServiceAccount class (my Pydantic model):
Copy code
class ServiceAccount(BaseModel):
    account_id: str
    display_name: Optional[str]

    project_roles: List[str] = []

    create_key: bool = False
as I said, it’s just a copy’n’paste from one of my projects so it contains additional references to such things 🙂
4 Views
Open in Slack
PreviousNext
Powered by