Fix comment exaplaining serviceProjectAdmin permissions

2022-08-30 20:41:34 +02:00 · 2022-08-30 20:41:34 +02:00 · 2ddd68ee2a
parent b1d9b27ac3
commit 2ddd68ee2a
1 changed files with 5 additions and 4 deletions
--- a/fast/stages/00-bootstrap/organization.tf
+++ b/fast/stages/00-bootstrap/organization.tf
@ -170,10 +170,11 @@ module "organization" {
    ]
    (var.custom_role_names.service_project_network_admin) = [
      "compute.globalOperations.get",
-      # the following two permissions are used by automation service accounts
-      # who manage service projects where peering creation might be needed
-      # (e.g. GKE), if you remove them make sure your network administrators
-      # should create peerings for service projects
+      # compute.networks.updatePeering and compute.networks.get are
+      # used by automation service accounts who manage service
+      # projects where peering creation might be needed (e.g. GKE). If
+      # you remove them your network administrators should create
+      # peerings for service projects
      "compute.networks.updatePeering",
      "compute.networks.get",
      "compute.organizations.disableXpnResource",