Google Cloud Deployment Manager template creating bucket with custom service account

gcp-template-bucket-custom.jinji

resources:

# Bucket to hold all asset
- name: {{ properties['bucket-prefix'] }}-assets
  type: storage.v1.bucket
  accessControl:
    gcpIamPolicy:
      bindings:
        - role: roles/storage.objectAdmin
          members: 
          - serviceAccount:$(ref.service-account.email)

- name: service-account
  type: iam.v1.serviceAccount
  properties:
    accountId: {{ properties['service-account-name'] }}
    displayName: {{ properties['service-account-display-name'] }}

- name: service-account-key
  type: iam.v1.serviceAccounts.key
  properties:
    # By using a reference to the service account resource, this key becomes
    # dependent on the resource and Deployment Manager won't create it until
    # after the service account is created.
    parent: $(ref.service-account.name)
    privateKeyType: TYPE_GOOGLE_CREDENTIALS_FILE