No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I am creating a service account in gcp via pulumi that would use workload identity (gke pods) and access a bucket. I have created a service account, role with bucket objects get/list etc and added binding, code is here <https://gist.github.com/seeker815/4b8df54ee2a41bccb5ec84547582b13b>

while the worload identity works, bucket access isn’t set so I am trying to do something like `gsutil iam ch serviceAccount:&lt;sa-name&gt;:&lt;bucketrole&gt; gs://&lt;bucket-name&gt;`   to give access for the sa to the bucket.  How do I do that in pulumi,

I was looking at it from SA point of view, adding a binding on the bucket is simpler way rather than patch the service account.  All good for now.