From 677f3c8df120905e8868e5ddf419b2d0b53ba87e Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Thu, 10 Feb 2022 19:16:13 +0100
Subject: [PATCH] use custom role name for billing org too

---
 fast/stages/00-bootstrap/billing.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fast/stages/00-bootstrap/billing.tf b/fast/stages/00-bootstrap/billing.tf
index e6abc31dc..e82270411 100644
--- a/fast/stages/00-bootstrap/billing.tf
+++ b/fast/stages/00-bootstrap/billing.tf
@@ -73,7 +73,10 @@ resource "google_organization_iam_binding" "billing_org_ext_admin_delegated" {
   org_id = var.billing_account.organization_id
   # if the billing org does not have our custom role, user the predefined one
   # role = "roles/resourcemanager.organizationAdmin"
-  role    = "organizations/${var.billing_account.organization_id}/roles/organizationIamAdmin"
+  role = join("", [
+    "organizations/${var.billing_account.organization_id}/",
+    "roles/${var.custom_role_names.organization_iam_admin}"
+  ])
   members = [module.automation-tf-resman-sa.iam_email]
   condition {
     title       = "automation_sa_delegated_grants"