JIT service account for storage
This commit is contained in:
parent
1fbd018f5f
commit
1498696b6b
|
@ -14,6 +14,9 @@
|
|||
|
||||
locals {
|
||||
prefix = "${var.prefix}-${var.timestamp}${var.suffix}"
|
||||
jit_services = [
|
||||
"storage.googleapis.com", # no permissions granted by default
|
||||
]
|
||||
services = [
|
||||
# trimmed down list of services, to be extended as needed
|
||||
"apigee.googleapis.com",
|
||||
|
@ -93,6 +96,15 @@ resource "google_kms_crypto_key" "key" {
|
|||
rotation_period = "100000s"
|
||||
}
|
||||
|
||||
resource "google_project_service_identity" "jit_si" {
|
||||
for_each = toset(local.jit_services)
|
||||
provider = google-beta
|
||||
project = google_project.project.project_id
|
||||
service = each.value
|
||||
depends_on = [google_project_service.project_service]
|
||||
}
|
||||
|
||||
|
||||
resource "local_file" "terraform_tfvars" {
|
||||
filename = "e2e_tests.tfvars"
|
||||
content = templatefile("e2e_tests.tfvars.tftpl", {
|
||||
|
|
Loading…
Reference in New Issue