Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

cli: use non-authoritative methods to manage iam policy memberships (#989)

Browse Source 
- google_project_iam_binding -> google_project_iam_member
This commit is contained in:
Malte Poll 2023-01-16 18:08:57 +01:00 committed by GitHub
parent d39cf1cd6e
commit 7902dc470f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
cli/internal/terraform/terraform/iam/gcp/main.tf
View File

@ -19,49 +19,34 @@ resource "google_service_account" "service_account" {
description = "Service account used inside Constellation"
}
resource "google_project_iam_binding" "instance_admin_role" {
resource "google_project_iam_member" "instance_admin_role" {
project = var.project_id
role = "roles/compute.instanceAdmin.v1"
members = [
"serviceAccount:${google_service_account.service_account.email}",
]
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "google_project_iam_binding" "network_admin_role" {
resource "google_project_iam_member" "network_admin_role" {
project = var.project_id
role = "roles/compute.networkAdmin"
members = [
"serviceAccount:${google_service_account.service_account.email}",
]
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "google_project_iam_binding" "security_admin_role" {
resource "google_project_iam_member" "security_admin_role" {
project = var.project_id
role = "roles/compute.securityAdmin"
members = [
"serviceAccount:${google_service_account.service_account.email}",
]
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "google_project_iam_binding" "storage_admin_role" {
resource "google_project_iam_member" "storage_admin_role" {
project = var.project_id
role = "roles/compute.storageAdmin"
members = [
"serviceAccount:${google_service_account.service_account.email}",
]
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "google_project_iam_binding" "iam_service_account_user_role" {
resource "google_project_iam_member" "iam_service_account_user_role" {
project = var.project_id
role = "roles/iam.serviceAccountUser"
members = [
"serviceAccount:${google_service_account.service_account.email}",
]
member = "serviceAccount:${google_service_account.service_account.email}"
}
resource "google_service_account_key" "service_account_key" {