zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed permissions for security stage SA (#1376) 

it should be able to use automation project
as a quota project, hence it needs `serviceusage.serviceUsageConsumer`
role
This commit is contained in:
Alex Ostapenko 2023-05-15 12:20:33 +02:00 committed by GitHub
parent 78ed6a8af6
commit 7861ea74b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fast/stages/1-resman/branch-security.tf
View File

@ -59,6 +59,11 @@ module "branch-security-sa" {
try(module.branch-security-sa-cicd.0.iam_email, null)
])
}
iam_project_roles = {
(var.automation.project_id) = [
"roles/serviceusage.serviceUsageConsumer",
]
}
iam_storage_roles = {
(var.automation.outputs_bucket) = ["roles/storage.objectAdmin"]
}