From a82ef7550e811eaebadcd31c6c2fa5dfe42bb09f Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Thu, 25 Aug 2022 15:11:44 +0200
Subject: [PATCH] Allow gke stage to write to automation bucket

---
 fast/stages/01-resman/branch-gke.tf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fast/stages/01-resman/branch-gke.tf b/fast/stages/01-resman/branch-gke.tf
index 42d640e7..cbf05dba 100644
--- a/fast/stages/01-resman/branch-gke.tf
+++ b/fast/stages/01-resman/branch-gke.tf
@@ -98,6 +98,9 @@ module "branch-gke-dev-sa" {
   iam = {
     "roles/iam.serviceAccountTokenCreator" = ["group:${local.groups.gcp-devops}"]
   }
+  iam_storage_roles = {
+    (var.automation.outputs_bucket) = ["roles/storage.admin"]
+  }
 }
 
 moved {
@@ -115,6 +118,9 @@ module "branch-gke-prod-sa" {
   iam = {
     "roles/iam.serviceAccountTokenCreator" = ["group:${local.groups.gcp-devops}"]
   }
+  iam_storage_roles = {
+    (var.automation.outputs_bucket) = ["roles/storage.admin"]
+  }
 }
 
 moved {