gcp: support projects with no default permissions (#3656)

* helm/gcp: use service account in operator and joinservice * helm: format operator testdata * terraform/iam: create additional service account for VMs This service account is used in the following commits and is attached to the VMs * config: pass VM service account from iam create to cluster create via config * cli/iamcreate: limit name prefix length * docs: add minimal gcp IAM permissions
2025-09-18 12:04:41 -04:00 · 2025-03-25 14:13:38 +01:00 · 2025-03-25 14:13:38 +01:00 · 66815a4a47
commit 66815a4a47
parent 83e08e3e37
42 changed files with 771 additions and 466 deletions
--- a/terraform/infrastructure/iam/gcp/variables.tf
+++ b/terraform/infrastructure/iam/gcp/variables.tf
@ -5,7 +5,12 @@ variable "project_id" {

 variable "service_account_id" {
  type        = string
-  description = "ID for the service account being created. Must match ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$."
+  description = "[DEPRECATED use var.name_prefix] ID for the service account being created. Must match ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$."
+}
+
+variable "name_prefix" {
+  type        = string
+  description = "Prefix to be used for all resources created by this module."
 }

 variable "region" {