Fix role name for delegated grants in FAST bootstrap
Fixes issue behind #1621
This commit is contained in:
parent
d36c53bbae
commit
1adfb9fb32
|
@ -88,9 +88,8 @@ module "organization" {
|
||||||
)
|
)
|
||||||
# delegated role grant for resource manager service account
|
# delegated role grant for resource manager service account
|
||||||
iam_bindings = {
|
iam_bindings = {
|
||||||
sa_resman_delegated_iam = {
|
(module.organization.custom_role_id[var.custom_role_names.organization_iam_admin]) = {
|
||||||
members = [module.automation-tf-resman-sa.iam_email]
|
members = [module.automation-tf-resman-sa.iam_email]
|
||||||
role = module.organization.custom_role_id[var.custom_role_names.organization_iam_admin]
|
|
||||||
condition = {
|
condition = {
|
||||||
expression = format(
|
expression = format(
|
||||||
"api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
|
"api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
|
||||||
|
|
Loading…
Reference in New Issue