fixed permissions for security stage SA (#1376)
it should be able to use automation project as a quota project, hence it needs `serviceusage.serviceUsageConsumer` role
This commit is contained in:
parent
78ed6a8af6
commit
7861ea74b8
|
@ -59,6 +59,11 @@ module "branch-security-sa" {
|
||||||
try(module.branch-security-sa-cicd.0.iam_email, null)
|
try(module.branch-security-sa-cicd.0.iam_email, null)
|
||||||
])
|
])
|
||||||
}
|
}
|
||||||
|
iam_project_roles = {
|
||||||
|
(var.automation.project_id) = [
|
||||||
|
"roles/serviceusage.serviceUsageConsumer",
|
||||||
|
]
|
||||||
|
}
|
||||||
iam_storage_roles = {
|
iam_storage_roles = {
|
||||||
(var.automation.outputs_bucket) = ["roles/storage.objectAdmin"]
|
(var.automation.outputs_bucket) = ["roles/storage.objectAdmin"]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue