I use Deployment Manager and try to describe my resources in python files ( Deployment Manager allows to create configuration using Python or Jinja). Actually,
I use json-format for topic-resource's creating -
return
{
'name': topic,
'type': 'pubsub.v1.topic',
'properties': {
'topic': topic
},
'accessControl': {
'gcpIamPolicy': {
'bindings': [
{
'role':
'roles/pubsub.publisher',
'members': [ 'service_account = project_name + '@gs-project-accounts.iam.gserviceaccount.com' ]
}
]
}
}
}
The format [project_name]@gs-project-accounts.iam.gserviceaccount.com
worked fine several weeks ago but for new created project such service account is not found.
Is it correct that format of Google Cloud Storage service accounts was changed for a new created project it is failure
service account ... doesn't exist
? It was -[project-name]@gs-project-accounts.iam.gserviceaccount.com
, and currently it isservice-[projectId]@gs-project-accounts.iam.gserviceaccount.com
. I check it by this API and for special new-created projects I get - this format :service-[project_Id]@gs-project-accounts.iam.gserviceaccount.com
.How we can fetch the google cloud storage service account dynamically in Deployment Manager config files? As I can see here there are only several environment variables like project_name, project_id, time etc. and there isn't any storage_service_account environment variable