FAST-00: Adds projectCreator to resman SA. Always create delegated role grants. (#496)
This commit is contained in:
parent
02e8a3927d
commit
a82f107f54
|
@ -37,6 +37,10 @@ locals {
|
||||||
"roles/resourcemanager.organizationViewer" = [
|
"roles/resourcemanager.organizationViewer" = [
|
||||||
"domain:${var.organization.domain}"
|
"domain:${var.organization.domain}"
|
||||||
]
|
]
|
||||||
|
"roles/resourcemanager.projectCreator" = concat(
|
||||||
|
[module.automation-tf-bootstrap-sa.iam_email],
|
||||||
|
local._iam_bootstrap_user
|
||||||
|
)
|
||||||
}
|
}
|
||||||
# organization additive IAM bindings, in an easy to edit format before
|
# organization additive IAM bindings, in an easy to edit format before
|
||||||
# they are combined with var.iam_additive a bit further in locals
|
# they are combined with var.iam_additive a bit further in locals
|
||||||
|
@ -177,7 +181,6 @@ module "organization" {
|
||||||
|
|
||||||
resource "google_organization_iam_binding" "org_admin_delegated" {
|
resource "google_organization_iam_binding" "org_admin_delegated" {
|
||||||
org_id = var.organization.id
|
org_id = var.organization.id
|
||||||
count = local.billing_org ? 1 : 0
|
|
||||||
role = module.organization.custom_role_id.organizationIamAdmin
|
role = module.organization.custom_role_id.organizationIamAdmin
|
||||||
members = [module.automation-tf-resman-sa.iam_email]
|
members = [module.automation-tf-resman-sa.iam_email]
|
||||||
condition {
|
condition {
|
||||||
|
|
Loading…
Reference in New Issue