Fix IAM drift in vertex-mlops

2024-11-05 10:04:51 +00:00
parent 4ab9c74e9f
commit 232a7cd853
2 changed files with 10 additions and 10 deletions
--- a/blueprints/data-solutions/vertex-mlops/main.tf
+++ b/blueprints/data-solutions/vertex-mlops/main.tf
@@ -234,11 +234,18 @@ module "project" {
      module.service-account-github.iam_email,
      module.project.service_agents.cloudbuild.iam_email
    ]
-    "roles/monitoring.metricWriter" = [module.service-account-mlops.iam_email]
-    "roles/run.invoker"             = [module.service-account-mlops.iam_email]
+    "roles/logging.logWriter" = [
+      module.service-account-notebook.iam_email,
+    ]
+    "roles/monitoring.metricWriter" = [
+      module.service-account-mlops.iam_email,
+      module.service-account-notebook.iam_email,
+    ]
+    "roles/run.invoker" = [module.service-account-mlops.iam_email]
    "roles/serviceusage.serviceUsageConsumer" = [
      module.service-account-mlops.iam_email,
-      module.service-account-github.iam_email
+      module.service-account-github.iam_email,
+      module.service-account-notebook.iam_email,
    ]
    "roles/storage.admin" = [
      module.service-account-mlops.iam_email,
--- a/blueprints/data-solutions/vertex-mlops/vertex.tf
+++ b/blueprints/data-solutions/vertex-mlops/vertex.tf
@@ -37,13 +37,6 @@ module "service-account-notebook" {
  source     = "../../../modules/iam-service-account"
  project_id = module.project.project_id
  name       = "notebook-sa"
-  iam_project_roles = {
-    (module.project.project_id) = [
-      "roles/logging.logWriter",
-      "roles/monitoring.metricWriter",
-      "roles/serviceusage.serviceUsageConsumer",
-    ]
-  }
 }

 resource "google_notebooks_runtime" "runtime" {