From 1adfb9fb32c26402d7f00b969e26baf44fc17aa7 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Thu, 24 Aug 2023 19:13:42 +0200
Subject: [PATCH] Fix role name for delegated grants in FAST bootstrap

Fixes issue behind #1621
---
 fast/stages/0-bootstrap/organization.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fast/stages/0-bootstrap/organization.tf b/fast/stages/0-bootstrap/organization.tf
index 0c20a4a3..946e3d7b 100644
--- a/fast/stages/0-bootstrap/organization.tf
+++ b/fast/stages/0-bootstrap/organization.tf
@@ -88,9 +88,8 @@ module "organization" {
   )
   # delegated role grant for resource manager service account
   iam_bindings = {
-    sa_resman_delegated_iam = {
+    (module.organization.custom_role_id[var.custom_role_names.organization_iam_admin]) = {
       members = [module.automation-tf-resman-sa.iam_email]
-      role    = module.organization.custom_role_id[var.custom_role_names.organization_iam_admin]
       condition = {
         expression = format(
           "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",