lemon-wire-69305
02/17/2022, 2:29 AMconst org = gcp.organizations.getOrganization({
domain: "my-org-name",
});
const myRole = new gcp.organizations.IAMCustomRole("role-xyz", {
description: "xyz",
orgId: org.then(o => o.orgId),
permissions: [
"storage.objects.create",
"storage.objects.delete",
"storage.objects.get",
"storage.objects.list",
"storage.objects.update",
],
roleId: "my-role-id",
title: "My New Role",
});
When I pulumi up
I get the following error:
* Unable to verify whether custom org role organizations/<my-org-id>/roles/my-role-id already exists and must be undeleted: Error when reading or editing Custom Organization Role "organizations/<my-org-id>/roles/my-role-id": googleapi: Error 400: The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}"., badRequest
Any idea what's happening? The error message contains the correct org id, and I've checked in GCP Console and no role has been created.
Thanks for your help!-
...
I changed my roleId to be camel case and now getting a new error:
Error 403: You don't have permission to get the role at organizations/<my-org-id>/roles/<myRoleName>
const policyTopic = new gcp.pubsub.TopicIAMMember("policy-topic-abc", {
member: emailOfServiceAcct,
topic: myTopic.name,
role: "roles/pubsub.publisher",
});
const policyBucket = new gcp.storage.BucketIAMMember("policy-bucket-abc", {
member: emailOfServiceAcct,
bucket: myBucket.name,
role: "roles/storage.admin",
});