kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix comment exaplaining serviceProjectAdmin permissions

Browse Source
This commit is contained in:
Julio Castillo
2022-08-30 20:41:34 +02:00
parent b1d9b27ac3
commit 2ddd68ee2a
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
fast/stages/00-bootstrap/organization.tf
View File

@@ -170,10 +170,11 @@ module "organization" {
]
(var.custom_role_names.service_project_network_admin) = [
"compute.globalOperations.get",
# the following two permissions are used by automation service accounts
# who manage service projects where peering creation might be needed
# (e.g. GKE), if you remove them make sure your network administrators
# should create peerings for service projects
# compute.networks.updatePeering and compute.networks.get are
# used by automation service accounts who manage service
# projects where peering creation might be needed (e.g. GKE). If
# you remove them your network administrators should create
# peerings for service projects
"compute.networks.updatePeering",
"compute.networks.get",
"compute.organizations.disableXpnResource",