Hi, I am trying to create a service account and assign it a role. Here is the sample code.

p, err := serviceaccount.NewAccount(ctx, "prom-frontend",
		&serviceaccount.AccountArgs{
			AccountId:   pulumi.String("prom-frontend"),
			DisplayName: pulumi.String("prom-frontend"),
			Project:     pulumi.String(c.Project),
		})
	if err != nil {
		return err
	}

	// create Project Iam policy binding for the service account to the role roles/storage.admin
	_, err = serviceaccount.NewIAMBinding(ctx, "foo-bar-iam-binding", &serviceaccount.IAMBindingArgs{
		Role: pulumi.String("roles/storage.admin"),
		Members: pulumi.StringArray{
			pulumi.String("serviceAccount:prom-frontend@experiments.iam.gserviceaccount.com"),
		},
		ServiceAccountId: p.Name,
	})
	if err != nil {
		return err
	}

Are you trying to give

roles/storage.admin

role to service account

p

? And if you are trying to grant a permission to the service account(resource) using the same service account as member (identity), it is not possible. What you can do is, you can bind this role at project level using

projects.NewIAMBinding

resource. It can be smtg similar to this

_, err := projects.NewIAMBinding(ctx, "foo-bar-iam-binding", &projects.IAMBindingArgs{
			Members: pulumi.StringArray{
				pulumi.Sprintf("serviceAccount:%s",p.Email),
			},
			Project: pulumi.String("your-project"),
			Role:    pulumi.String("roles/storage.admin"),
		})