lemon-monkey-228
01/26/2022, 1:20 PMprehistoric-activity-61023
01/27/2022, 8:42 AMBucket
object (in TS/python etc.) to the next object (BucketIAMBinding
), it should implicitly create a dependency graph. In other words, bucket must exist before the code responsible for setting up IAM is executed:bucket_name = "my-bucket-name"
bucket = gcp.storage.Bucket(
bucket_name,
location="EU",
uniform_bucket_level_access=True,
)
gcp.storage.BucketIAMBinding(
f"{bucket_name}-allusers-storage-legacyobjectreader",
=> bucket=bucket.name,
role="roles/storage.legacyObjectReader",
members=["allUsers"],
)
BucketIAMPolicy
, BucketIAMBinding
and BucketIAMMember
, especially the part regarding authoritative vs non-authoritative:
https://www.pulumi.com/registry/packages/gcp/api-docs/storage/bucketiambinding/#bucketiambindinglemon-monkey-228
01/27/2022, 1:30 PMgcp-native
provider are they?gcp
one until I'm sure about thisprehistoric-activity-61023
01/27/2022, 1:31 PMgcp-native
so I won’t help with that. I’m still using classic gcp provider.lemon-monkey-228
01/27/2022, 1:31 PMgcp
one, but we never used that pulumi stack in the end