From 2ddd68ee2a123dc7ff650a03a79a29e9670755bc Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Tue, 30 Aug 2022 20:41:34 +0200
Subject: [PATCH] Fix comment exaplaining serviceProjectAdmin permissions

---
 fast/stages/00-bootstrap/organization.tf | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/fast/stages/00-bootstrap/organization.tf b/fast/stages/00-bootstrap/organization.tf
index 1129698ef..c0f5e798b 100644
--- a/fast/stages/00-bootstrap/organization.tf
+++ b/fast/stages/00-bootstrap/organization.tf
@@ -170,10 +170,11 @@ module "organization" {
     ]
     (var.custom_role_names.service_project_network_admin) = [
       "compute.globalOperations.get",
-      # the following two permissions are used by automation service accounts
-      # who manage service projects where peering creation might be needed
-      # (e.g. GKE), if you remove them make sure your network administrators
-      # should create peerings for service projects
+      # compute.networks.updatePeering and compute.networks.get are
+      # used by automation service accounts who manage service
+      # projects where peering creation might be needed (e.g. GKE). If
+      # you remove them your network administrators should create
+      # peerings for service projects
       "compute.networks.updatePeering",
       "compute.networks.get",
       "compute.organizations.disableXpnResource",