Google cloud platform Google Cloud Deployment Manager-如何授予pubsub publisher对现有主题的服务帐户的访问权限_Google Cloud Platform_Google Deployment Manager

Google cloud platform Google Cloud Deployment Manager-如何授予pubsub publisher对现有主题的服务帐户的访问权限

google-cloud-platform

Google cloud platform Google Cloud Deployment Manager-如何授予pubsub publisher对现有主题的服务帐户的访问权限,google-cloud-platform,google-deployment-manager,Google Cloud Platform,Google Deployment Manager,现有的部署-1创建了一个子主题 resources: - name: customer-updates-topic type: pubsub.v1.topic properties: topic: customer-updates accessControl: gcpIamPolicy: bindings: - members: - serviceAccount:955977181320@cloudbuild.gservicea

现有的部署-1创建了一个子主题

resources:
- name: customer-updates-topic
  type: pubsub.v1.topic
  properties:
    topic: customer-updates
  accessControl:
    gcpIamPolicy:
      bindings:
      - members:
        - serviceAccount:955977181320@cloudbuild.gserviceaccount.com
        role: roles/pubsub.publisher
      - members:
        - serviceAccount:955977181320@cloudbuild.gserviceaccount.com
        role: roles/pubsub.viewer

我需要创建自己的Deployment-2，如下所示，我希望创建一个服务帐户，并授予它在上述部署中创建的主题的发布者角色

resources:
- name: customer-updates-svc
  type: iam.v1.serviceAccount
  properties:
    accountId: customer-updates-svc

- name: pubsub-topic
  type: pubsub.v1.topic
  properties:
    topic: customer-updates
  accessControl:
    gcpIamPolicy:
      bindings:
      - members:
        - serviceAccount:$(ref.customer-updates-svc.email)
        role: roles/pubsub.publisher
  metadata:
    dependsOn:
    - customer-updates-svc

My Deployment-2工作正常，但它删除了Deployment-1设置的gcpIamPolicy.bindings

是否有方法向现有主题添加/附加新的gcpIamPolicy.bindings

谢谢，

这可能会有所帮助正如前一位社区成员所建议的，您是否按照类似的说明将新的IAM绑定附加到现有主题？@Milan/Digil，Thnaks对于您的响应，共享的链接正在项目级别分配IAM权限，我需要在主题（资源）上分配权限级别。这可能会有所帮助。正如前一位社区成员所建议的，您是否按照类似的说明将新IAM绑定附加到现有主题？@Milan/Digil，Thnaks对于您的响应，共享的链接正在项目级别分配IAM权限，我需要在主题（资源）级别分配权限。