sparse-intern-71089
10/18/2022, 9:53 PMbillowy-nightfall-59212
10/18/2022, 9:54 PM* Error applying IAM policy for service account 'projects/endor-experiments/serviceAccounts/prom-frontend@xperiments.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/experiments/serviceAccounts/prom-frontend@experiments.iam.gserviceaccount.com': googleapi: Error 400: Role roles/storage.admin is not supported for this resource., badRequest
billowy-nightfall-59212
10/18/2022, 9:54 PMbitter-winter-22829
10/21/2022, 7:44 AMroles/storage.admin
role to service account p
? And if you are trying to grant a permission to the service account(resource) using the same service account as member (identity), it is not possible. What you can do is, you can bind this role at project level using projects.NewIAMBinding
resource. It can be smtg similar to this
_, err := projects.NewIAMBinding(ctx, "foo-bar-iam-binding", &projects.IAMBindingArgs{
Members: pulumi.StringArray{
pulumi.Sprintf("serviceAccount:%s",p.Email),
},
Project: pulumi.String("your-project"),
Role: pulumi.String("roles/storage.admin"),
})
bitter-winter-22829
10/21/2022, 7:49 AM