02/02/2023, 6:57 AM
I am creating a service account in gcp via pulumi that would use workload identity (gke pods) and access a bucket. I have created a service account, role with bucket objects get/list etc and added binding, code is here while the worload identity works, bucket access isn’t set so I am trying to do something like
gsutil iam ch serviceAccount:<sa-name>:<bucketrole> gs://<bucket-name>
to give access for the sa to the bucket. How do I do that in pulumi,
I was looking at it from SA point of view, adding a binding on the bucket is simpler way rather than patch the service account. All good for now.