Terraform how to to set up GCP Pub/Sub topic with IAM policy bindings for multiple service accounts
I'm prototyping a solution and I'm stuck trying to I've looked through the documentation and I'm still confused about I've looked through the documentation and I'm still confused about I'm working with an scenario while trying to provision a Google Cloud Pub/Sub topic along with IAM policy bindings for multiple service accounts using Terraform... My goal is to allow two different service accounts to publish messages to the same topic with distinct roles. However, when I apply the configuration, it throws an behavior regarding IAM binding overlap. Here's the relevant part of my Terraform configuration: ```hcl resource "google_pubsub_topic" "my_topic" { name = "my-topic" } resource "google_pubsub_topic_iam_member" "service_account_1_pub" { topic = google_pubsub_topic.my_topic.name role = "roles/pubsub.publisher" member = "serviceAccount:service-account-1@example.iam.gserviceaccount.com" } resource "google_pubsub_topic_iam_member" "service_account_2_pub" { topic = google_pubsub_topic.my_topic.name role = "roles/pubsub.publisher" member = "serviceAccount:service-account-2@example.iam.gserviceaccount.com" } ``` When I run `terraform apply`, I get the following behavior: ``` behavior: googleapi: behavior 400: The IAM policy binding already exists. Please remove the existing policy binding and try again., badRequest ``` I've tried to change the order of resource declarations, but the behavior continues. Additionally, I've looked into using `google_pubsub_topic_iam_binding` instead to manage the IAM policy in a single resource, but that approach doesn't seem to work either because it appears to overwrite existing bindings and doesn't allow for multiple members of the same role. What is the best way to set up IAM roles for multiple service accounts on a single Pub/Sub topic without running into this binding overlap scenario? Any insights or alternative approaches would be greatly appreciated! For context: I'm using Hcl on Windows. Any ideas what could be causing this? I recently upgraded to Hcl 3.10. Am I approaching this the right way? I'm developing on CentOS with Hcl. What's the best practice here? I'm using Hcl 3.10 in this project. Am I missing something obvious? I'm working in a Debian environment.