https://pulumi.com logo
Powered by
#google-cloud
Title
# google-cloud
l

lemon-monkey-228

01/26/2022, 1:20 PM
I'm currently creating the bucket then looking up the IAM policy and setting it again with amendments. Seems contrived, and it means that Pulumi gets upset if the bucket doesn't exist
p

prehistoric-activity-61023

01/27/2022, 8:42 AM
It shouldn’t be a problem - if you create a bucket using pulumi and pass the created 
Bucket
object (in TS/python etc.) to the next object (
BucketIAMBinding
), it should implicitly create a dependency graph. In other words, bucket must exist before the code responsible for setting up IAM is executed:
Copy code
bucket_name = "my-bucket-name"

    bucket = gcp.storage.Bucket(
        bucket_name,
        location="EU",
        uniform_bucket_level_access=True,
    )
    gcp.storage.BucketIAMBinding(
        f"{bucket_name}-allusers-storage-legacyobjectreader",
=>      bucket=bucket.name,
        role="roles/storage.legacyObjectReader",
        members=["allUsers"],
    )
Additionally, take a closer look at the differences among: 
BucketIAMPolicy
, 
BucketIAMBinding
and 
BucketIAMMember
, especially the part regarding authoritative vs non-authoritative: https://www.pulumi.com/registry/packages/gcp/api-docs/storage/bucketiambinding/#bucketiambinding
l

lemon-monkey-228

01/27/2022, 1:30 PM
I'm not sure all of these are present in the new 
gcp-native
provider are they?
I might just roll back to the 
gcp
one until I'm sure about this
p

prehistoric-activity-61023

01/27/2022, 1:31 PM
Oh… I have no experience with 
gcp-native
so I won’t help with that. I’m still using classic gcp provider.
l

lemon-monkey-228

01/27/2022, 1:31 PM
I've done it ages ago with the old 
gcp
one, but we never used that pulumi stack in the end
I'll switch back anyways. I'd rather roll with something I know works and hopefully docs, etc. will improve on the new one
Thanks for your help, I appreciate it!
Powered by