From 1498696b6b9b513d0791181adcb479a42e354d9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= <wiktorn@google.com>
Date: Tue, 31 Oct 2023 11:43:18 +0000
Subject: [PATCH] JIT service account for storage

---
 tests/examples_e2e/setup_module/main.tf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf
index e781d779..882a1606 100644
--- a/tests/examples_e2e/setup_module/main.tf
+++ b/tests/examples_e2e/setup_module/main.tf
@@ -14,6 +14,9 @@
 
 locals {
   prefix = "${var.prefix}-${var.timestamp}${var.suffix}"
+  jit_services = [
+    "storage.googleapis.com",  # no permissions granted by default
+  ]
   services = [
     # trimmed down list of services, to be extended as needed
     "apigee.googleapis.com",
@@ -93,6 +96,15 @@ resource "google_kms_crypto_key" "key" {
   rotation_period = "100000s"
 }
 
+resource "google_project_service_identity" "jit_si" {
+  for_each   = toset(local.jit_services)
+  provider   = google-beta
+  project    = google_project.project.project_id
+  service    = each.value
+  depends_on = [google_project_service.project_service]
+}
+
+
 resource "local_file" "terraform_tfvars" {
   filename = "e2e_tests.tfvars"
   content = templatefile("e2e_tests.tfvars.tftpl", {