Skip to content

Fix iam_policy logic so roles can be added to service accounts without adding to the role to the policy #1

Open
Open
Fix iam_policy logic so roles can be added to service accounts without adding to the role to the policy#1
@lukwam

Description

@lukwam
lukwam
opened on Apr 9, 2023

In the example below, I needed to add roles/storage.admin to the iam_policy in order to get it to add for the terraform service account.

  iam_policy = {
    "roles/compute.serviceAgent" = [
      "serviceAccount:service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com"
    ],
    "roles/editor" = [
      "serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com",
      "serviceAccount:PROJECT_NUMBER@cloudservices.gserviceaccount.com",
    ],
    "roles/owner" = [
      "user:admin@example.com",
    ],
    "roles/storage.admin" = [],
  }

  service_accounts = {
    terraform = {
      display_name = "Terraform Service Account"
      roles = [
        "roles/owner",
        "roles/storage.admin",
      ]
    },
  }

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions