use custom role name for billing org too

2022-02-10 19:16:13 +01:00
parent 3246d1c08d
commit 677f3c8df1
1 changed files with 4 additions and 1 deletions
--- a/fast/stages/00-bootstrap/billing.tf
+++ b/fast/stages/00-bootstrap/billing.tf
@@ -73,7 +73,10 @@ resource "google_organization_iam_binding" "billing_org_ext_admin_delegated" {
  org_id = var.billing_account.organization_id
  # if the billing org does not have our custom role, user the predefined one
  # role = "roles/resourcemanager.organizationAdmin"
-  role    = "organizations/${var.billing_account.organization_id}/roles/organizationIamAdmin"
+  role = join("", [
+    "organizations/${var.billing_account.organization_id}/",
+    "roles/${var.custom_role_names.organization_iam_admin}"
+  ])
  members = [module.automation-tf-resman-sa.iam_email]
  condition {
    title       = "automation_sa_delegated_grants"