Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Storage Notification IAM permission example #1071

Open
dror-g opened this issue Apr 30, 2020 · 1 comment
Open

Storage Notification IAM permission example #1071

dror-g opened this issue Apr 30, 2020 · 1 comment
Labels
area/api-docs area/docs Improvements or additions to documentation area/examples kind/enhancement Improvements or new features

Comments

@dror-g
Copy link

dror-g commented Apr 30, 2020

File: docs/reference/pkg/gcp/storage/notification.md

Hi, the doc suggests an example for granting permissions for the Storage project Service Account to publish to Pub/Sub.
I suggest such an example, which is currently missing, be included as it's a bit tricky.

I also used pubsub.TopicIAMMember to grant the storage SA role/pubsub.publisher on the topic itself rather than project-wide "projects.topics.publish" on the SA,
Not sure what's the best approach but might be worth a mention.
Cheers
@susanev susanev added the kind/enhancement Improvements or new features label Apr 2, 2022
@susanev susanev transferred this issue from pulumi/docs Apr 26, 2023
@susanev susanev added needs-triage Needs attention from the triage team area/docs Improvements or additions to documentation labels Apr 26, 2023
@mikhailshilkov mikhailshilkov added area/examples area/api-docs and removed needs-triage Needs attention from the triage team labels Apr 27, 2023
@rshade
Copy link
Contributor

rshade commented Nov 8, 2024

@dror-g does the current example meet your needs? it seems to set the binding to:

const binding = new gcp.pubsub.TopicIAMBinding("binding", {
    topic: topic.id,
    role: "roles/pubsub.publisher",
    members: [gcsAccount.then(gcsAccount => `serviceAccount:${gcsAccount.emailAddress}`)],
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/api-docs area/docs Improvements or additions to documentation area/examples kind/enhancement Improvements or new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rshade @mikhailshilkov @susanev @dror-g