kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reprovision IAM only on function replacement

Browse Source
This commit is contained in:
Wiktor Niesiobędzki
2026-03-30 13:52:02 +00:00
parent 0e9fd6bbc1
commit 17abe3e20b
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/cloud-function-v1/main.tf
View File

@@ -118,6 +118,6 @@ resource "google_cloudfunctions_function_iam_binding" "default" {
role = lookup(local.ctx.custom_roles, each.key, each.key) role = lookup(local.ctx.custom_roles, each.key, each.key)
members = [for member in each.value : lookup(local.ctx.iam_principals, member, member)] members = [for member in each.value : lookup(local.ctx.iam_principals, member, member)]
lifecycle { lifecycle {
replace_triggered_by = [google_cloudfunctions_function.function] replace_triggered_by = [google_cloudfunctions_function.function.id]
} }
} }

6
modules/cloud-function-v2/main.tf
View File

@@ -165,7 +165,7 @@ resource "google_cloudfunctions2_function_iam_binding" "binding" {
role = lookup(local.ctx.custom_roles, each.key, each.key) role = lookup(local.ctx.custom_roles, each.key, each.key)
members = [for member in each.value : lookup(local.ctx.iam_principals, member, member)] members = [for member in each.value : lookup(local.ctx.iam_principals, member, member)]
lifecycle { lifecycle {
replace_triggered_by = [google_cloudfunctions2_function.function] replace_triggered_by = [google_cloudfunctions2_function.function.id]
} }
} }
@@ -189,7 +189,7 @@ resource "google_cloud_run_service_iam_binding" "invoker" {
role = "roles/run.invoker" role = "roles/run.invoker"
members = [for member in local.run_invoker_members : lookup(local.ctx.iam_principals, member, member)] members = [for member in local.run_invoker_members : lookup(local.ctx.iam_principals, member, member)]
lifecycle { lifecycle {
replace_triggered_by = [google_cloudfunctions2_function.function] replace_triggered_by = [google_cloudfunctions2_function.function.id]
} }
} }
@@ -206,7 +206,7 @@ resource "google_cloud_run_service_iam_member" "invoker" {
role = "roles/run.invoker" role = "roles/run.invoker"
member = "serviceAccount:${local.trigger_sa_email}" member = "serviceAccount:${local.trigger_sa_email}"
lifecycle { lifecycle {
replace_triggered_by = [google_cloudfunctions2_function.function] replace_triggered_by = [google_cloudfunctions2_function.function.id]
} }
} }