Update docs about role automatically granted to dataform SA
This commit is contained in:
parent
4aa08f63d3
commit
ef19524b0b
|
@ -214,11 +214,12 @@ module "project" {
|
||||||
This table lists all affected services and roles that you need to grant to service identities
|
This table lists all affected services and roles that you need to grant to service identities
|
||||||
|
|
||||||
| service | service identity | role |
|
| service | service identity | role |
|
||||||
|---|---|---|
|
|------------------------------------|----------------------|----------------------------------------|
|
||||||
| apigee.googleapis.com | apigee | roles/apigee.serviceAgent |
|
| apigee.googleapis.com | apigee | roles/apigee.serviceAgent |
|
||||||
| artifactregistry.googleapis.com | artifactregistry | roles/artifactregistry.serviceAgent |
|
| artifactregistry.googleapis.com | artifactregistry | roles/artifactregistry.serviceAgent |
|
||||||
| cloudasset.googleapis.com | cloudasset | roles/cloudasset.serviceAgent |
|
| cloudasset.googleapis.com | cloudasset | roles/cloudasset.serviceAgent |
|
||||||
| cloudbuild.googleapis.com | cloudbuild | roles/cloudbuild.builds.builder |
|
| cloudbuild.googleapis.com | cloudbuild | roles/cloudbuild.builds.builder |
|
||||||
|
| dataform.googleapis.com | dataform | roles/dataform.serviceAgent |
|
||||||
| dataplex.googleapis.com | dataplex | roles/dataplex.serviceAgent |
|
| dataplex.googleapis.com | dataplex | roles/dataplex.serviceAgent |
|
||||||
| dlp.googleapis.com | dlp | roles/dlp.serviceAgent |
|
| dlp.googleapis.com | dlp | roles/dlp.serviceAgent |
|
||||||
| gkehub.googleapis.com | fleet | roles/gkehub.serviceAgent |
|
| gkehub.googleapis.com | fleet | roles/gkehub.serviceAgent |
|
||||||
|
|
|
@ -146,7 +146,7 @@
|
||||||
service_agent: "service-%s@dataflow-service-producer-prod.iam.gserviceaccount.com"
|
service_agent: "service-%s@dataflow-service-producer-prod.iam.gserviceaccount.com"
|
||||||
- name: "dataform"
|
- name: "dataform"
|
||||||
service_agent: "service-%s@gcp-sa-dataform.iam.gserviceaccount.com"
|
service_agent: "service-%s@gcp-sa-dataform.iam.gserviceaccount.com"
|
||||||
jit: true
|
jit: true # roles/dataform.serviceAgent
|
||||||
- name: "datafusion"
|
- name: "datafusion"
|
||||||
service_agent: "service-%s@gcp-sa-datafusion.iam.gserviceaccount.com"
|
service_agent: "service-%s@gcp-sa-datafusion.iam.gserviceaccount.com"
|
||||||
- name: "datalabeling"
|
- name: "datalabeling"
|
||||||
|
|
Loading…
Reference in New Issue