https://pulumi.com logo
#google-cloud
Title
# google-cloud
s

stocky-sundown-45608

02/02/2023, 6:57 AM
I am creating a service account in gcp via pulumi that would use workload identity (gke pods) and access a bucket. I have created a service account, role with bucket objects get/list etc and added binding, code is here https://gist.github.com/seeker815/4b8df54ee2a41bccb5ec84547582b13b while the worload identity works, bucket access isn’t set so I am trying to do something like
gsutil iam ch serviceAccount:<sa-name>:<bucketrole> gs://<bucket-name>
to give access for the sa to the bucket. How do I do that in pulumi,
I was looking at it from SA point of view, adding a binding on the bucket is simpler way rather than patch the service account. All good for now.
2 Views