diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0283331f..eb976dff 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
- new `apigee-organization` and `apigee-x-instance`
- generate `email` and `iam_email` statically in the `iam-service-account` module
- new `billing-budget` module
+- fix `scheduled-asset-inventory-export-bq` module
## [5.1.0] - 2021-08-30
diff --git a/cloud-operations/scheduled-asset-inventory-export-bq/README.md b/cloud-operations/scheduled-asset-inventory-export-bq/README.md
index 44c6ecbb..1abecdd9 100644
--- a/cloud-operations/scheduled-asset-inventory-export-bq/README.md
+++ b/cloud-operations/scheduled-asset-inventory-export-bq/README.md
@@ -43,9 +43,9 @@ You can also create a dashboard connecting [Datalab](https://datastudio.google.c
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
-| billing_account | Billing account id used as default for new projects. | string
| ✓ | |
| cai_config | Cloud Asset inventory export config. | object({...})
| ✓ | |
| project_id | Project id that references existing project. | string
| ✓ | |
+| *billing_account* | Billing account id used as default for new projects. | string
| | null
|
| *bundle_path* | Path used to write the intermediate Cloud Function code bundle. | string
| | ./bundle.zip
|
| *location* | Appe Engine location used in the example. | string
| | europe-west
|
| *name* | Arbitrary string used to name created resources. | string
| | asset-inventory
|
diff --git a/cloud-operations/scheduled-asset-inventory-export-bq/main.tf b/cloud-operations/scheduled-asset-inventory-export-bq/main.tf
index c11b2c1b..005c0fe3 100644
--- a/cloud-operations/scheduled-asset-inventory-export-bq/main.tf
+++ b/cloud-operations/scheduled-asset-inventory-export-bq/main.tf
@@ -22,7 +22,7 @@ module "project" {
source = "../../modules/project"
name = var.project_id
parent = var.root_node
- billing_account = var.billing_account
+ billing_account = try(var.billing_account, null)
project_create = var.project_create
services = [
"bigquery.googleapis.com",
@@ -33,6 +33,11 @@ module "project" {
"cloudscheduler.googleapis.com",
"pubsub.googleapis.com"
]
+ iam = {
+ "roles/resourcemanager.projectIamAdmin" = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
+ "roles/bigquery.dataEditor" = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
+ "roles/bigquery.user" = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
+ }
}
module "service-account" {
@@ -40,7 +45,9 @@ module "service-account" {
project_id = module.project.project_id
name = "${var.name}-cf"
iam_project_roles = {
- (var.project_id) = ["roles/cloudasset.viewer"]
+ (var.project_id) = [
+ "roles/cloudasset.owner",
+ ]
}
}
diff --git a/cloud-operations/scheduled-asset-inventory-export-bq/variables.tf b/cloud-operations/scheduled-asset-inventory-export-bq/variables.tf
index ab89f77e..6f8217d3 100644
--- a/cloud-operations/scheduled-asset-inventory-export-bq/variables.tf
+++ b/cloud-operations/scheduled-asset-inventory-export-bq/variables.tf
@@ -17,6 +17,7 @@
variable "billing_account" {
description = "Billing account id used as default for new projects."
type = string
+ default = null
}
variable "bundle_path" {
diff --git a/tests/cloud_operations/scheduled_asset_inventory_export_bq/test_plan.py b/tests/cloud_operations/scheduled_asset_inventory_export_bq/test_plan.py
index a80a3ac8..de94c82d 100644
--- a/tests/cloud_operations/scheduled_asset_inventory_export_bq/test_plan.py
+++ b/tests/cloud_operations/scheduled_asset_inventory_export_bq/test_plan.py
@@ -24,4 +24,4 @@ def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner(FIXTURES_DIR)
assert len(modules) == 5
- assert len(resources) == 20
+ assert len(resources) == 23