From aaf0441e92af12d6df38b5d2010bbb8237dc5a84 Mon Sep 17 00:00:00 2001 From: Lorenzo Caggioni Date: Thu, 10 Feb 2022 14:25:38 +0100 Subject: [PATCH] Fix shared VPC roles --- .../data-platform-foundations/main.tf | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/examples/data-solutions/data-platform-foundations/main.tf b/examples/data-solutions/data-platform-foundations/main.tf index d51c7597..dcf0bf8a 100644 --- a/examples/data-solutions/data-platform-foundations/main.tf +++ b/examples/data-solutions/data-platform-foundations/main.tf @@ -23,21 +23,15 @@ locals { } service_encryption_keys = var.service_encryption_keys shared_vpc_project = try(var.network_config.host_project, null) - use_shared_vpc = var.network_config != null -} - -module "shared-vpc-project" { - source = "../../../modules/project" - count = local.use_shared_vpc ? 1 : 0 - name = var.network_config.host_project - project_create = false - iam_additive = { + shared_vpc_roles = { "roles/compute.networkUser" = [ # load Dataflow service agent and worker service account module.load-project.service_accounts.robots.dataflow, module.load-sa-df-0.iam_email, + module.transf-project.service_accounts.robots.dataflow, + module.transf-sa-df-0.iam_email, # orchestration Composer service agents - module.orch-project.service_accounts.robots.cloudservices, + module.orch-project.service_accounts.cloud_services, module.orch-project.service_accounts.robots.container-engine, module.orch-project.service_accounts.robots.dataflow, ], @@ -50,4 +44,12 @@ module "shared-vpc-project" { module.orch-project.service_accounts.robots.dataflow, ] } + use_shared_vpc = var.network_config != null +} + +resource "google_project_iam_binding" "shared_vpc_roles" { + for_each = local.use_shared_vpc ? null : local.shared_vpc_roles + project = try(var.network_config.host_project, null) + role = each.key + members = each.value }