1

There is an existing Deployment-1 that creates a PubSub Topic.

resources:
- name: customer-updates-topic
  type: pubsub.v1.topic
  properties:
    topic: customer-updates
  accessControl:
    gcpIamPolicy:
      bindings:
      - members:
        - serviceAccount:955977181320@cloudbuild.gserviceaccount.com
        role: roles/pubsub.publisher
      - members:
        - serviceAccount:955977181320@cloudbuild.gserviceaccount.com
        role: roles/pubsub.viewer

I need to create my own Deployment-2 like below, where I want to create a Service Account and grant it Publisher role on the topic created in the above deployment.

resources:
- name: customer-updates-svc
  type: iam.v1.serviceAccount
  properties:
    accountId: customer-updates-svc

- name: pubsub-topic
  type: pubsub.v1.topic
  properties:
    topic: customer-updates
  accessControl:
    gcpIamPolicy:
      bindings:
      - members:
        - serviceAccount:$(ref.customer-updates-svc.email)
        role: roles/pubsub.publisher
  metadata:
    dependsOn:
    - customer-updates-svc

My Deployment-2 works fine, but it removes the gcpIamPolicy.bindings set by the Deployment-1.

Is there a way to add/append new gcpIamPolicy.bindings to an existing topic?

Thanks, TM

TarunaM
  • 11
  • 1
  • This [link](https://stackoverflow.com/questions/48710548/google-deployment-manager-assigning-iam-policies-at-project) may be of help – Milad Tabrizi Dec 03 '19 at 15:31
  • As suggested by the previous community member, have you followed the directions in the similar [Stackoverflow](https://stackoverflow.com/questions/48710548/google-deployment-manager-assigning-iam-policies-at-project?answertab=active#tab-top) in order to append new iamBindings to an existing topic? – Digil Dec 09 '19 at 20:02
  • @ Milan/ Digil , Thnaks for your response the link shared is assigning IAM permissions at project level , I need to assign permissions at topic(resource) level . – TarunaM Dec 18 '19 at 08:03

0 Answers0