Open valkum opened 1 year ago
Hi @valkum thanks for logging this detail. Unfortunately we're not in a position to work on this provider right now as we're focusing on the pulumi-gcp
provider while this provider is only in preview. Are you able to work around this by using the gcp provider for now?
Yeah, we switched to the classic version for now. At least for the things that don't work in the native one.
What happened?
I am trying to create a policy binding for a Workload Identity and kept receiving
Error 404: Unknown service account
Running Pulumi withpulumi up --logtostderr --logflow -v=9 2> out.txt
some errors revealed themselves.First: A post call to
/v1/projects/{PROJECT}/serviceAccounts/%7BserviceAccountsId%7D:getIamPolicy?optionsRequestedPolicyVersion=3
returnsI removed the
<{%reset%}>)
lines.Second: A POST call to
/v1/projects/{PROJECT}/serviceAccounts/%7BserviceAccountsId%7D:getIamPolicy
which looks like the identifierserviceAccountsId
is used and not properly replaced with thename
property ofServiceAccountIamMember
or theserviceAccountId
sdk property is missing fromServiceAccountIamMember
These are the endpoint and sdkProperties metadata for the
ServiceAccountIamMember
lookup (formatted for visibility reason):Expected Behavior
I expect the resource to be created.
Steps to reproduce
Have GKE setup with Workload Identity enabled. Create a ServiceAccount in GCP and in k8s. Try to create a resource like:
Output of
pulumi about
We have the
yarn.lock
in a yarn workspace.Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).