Manage billing.creator role authoritatively in FAST bootstrap.
By default new orgs grant billing.creator and resourcemanager.projectCreator to the whole domain[1]. This PR makes FAST remove the former binding during the bootstrap (the latter is already managed by FAST). Fixes #1220 [1] https://cloud.google.com/resource-manager/docs/default-access-control
This commit is contained in:
parent
cd8f0890e9
commit
38808b37c0
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -20,6 +20,7 @@ locals {
|
|||
# organization authoritative IAM bindings, in an easy to edit format before
|
||||
# they are combined with var.iam a bit further in locals
|
||||
_iam = {
|
||||
"roles/billing.creator" = []
|
||||
"roles/browser" = [
|
||||
"domain:${var.organization.domain}"
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue