No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hey lovely community ! Can someone help me to understand this ?

Let’s imagine that I have a piece of code that creates a GCP service account, a custom role (both works fine) and a IAM Binding to assign this role to this service account (this one fails)

Here is my IAM binding call
```sarolebinding = gcp.projects.IAMBinding(
            f"sa-role-binding-{self.projectName}-owner",
            role=self.role,
            project=self.project.name,
            members=[f"serviceAccount:{self.service_account.email}"],
        )
        return sarolebinding```
This fails with the following error
```Request `Set IAM Binding for role "projects/app-burger-nonprod-wzj/roles/projectOwner" on "project \"app-burger-nonprod-wzj\""` returned error: Error applying IAM policy for project "app-burger-nonprod-wzj": Error setting IAM policy for project "app-burger-nonprod-wzj": googleapi: Error 400: Invalid service account (&lt;pulumi.output.Output object at 0x7fbf29648640&gt;)., badRequest```
Looks like the service_account.email field is wrong.
How can I refer to the email of the newly created service account and use it as the value of the members arguments ?

Thanks for reading, have a nice day.