From 769fc73e83e08e6744f07ac68eb6ad53a87258e9 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sun, 6 Feb 2022 09:47:40 +0100
Subject: [PATCH] remove unused roles on automation project

---
 fast/stages/00-bootstrap/IAM.md        | 2 +-
 fast/stages/00-bootstrap/automation.tf | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fast/stages/00-bootstrap/IAM.md b/fast/stages/00-bootstrap/IAM.md
index 7ca6cc917..1daaeee08 100644
--- a/fast/stages/00-bootstrap/IAM.md
+++ b/fast/stages/00-bootstrap/IAM.md
@@ -32,5 +32,5 @@ Legend: <code>+</code> additive, <code>•</code> conditional.
 |---|---|
 |<b>gcp-devops</b><br><small><i>group</i></small>|[roles/iam.serviceAccountAdmin](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountAdmin) <br>[roles/iam.serviceAccountTokenCreator](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountTokenCreator) |
 |<b>gcp-organization-admins</b><br><small><i>group</i></small>|[roles/iam.serviceAccountTokenCreator](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountTokenCreator) |
-|<b>prod-bootstrap-0</b><br><small><i>serviceAccount</i></small>|[roles/iam.serviceAccountAdmin](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountAdmin) <br>[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner) <br>[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) |
+|<b>prod-bootstrap-0</b><br><small><i>serviceAccount</i></small>|[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner) |
 |<b>prod-resman-0</b><br><small><i>serviceAccount</i></small>|[roles/iam.serviceAccountAdmin](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountAdmin) <br>[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) |
diff --git a/fast/stages/00-bootstrap/automation.tf b/fast/stages/00-bootstrap/automation.tf
index f55cfdc54..0c6951ee5 100644
--- a/fast/stages/00-bootstrap/automation.tf
+++ b/fast/stages/00-bootstrap/automation.tf
@@ -34,13 +34,13 @@ module "automation-project" {
   }
   # machine (service accounts) IAM bindings
   iam = {
-    "roles/owner" = [module.automation-tf-bootstrap-sa.iam_email]
+    "roles/owner" = [
+      module.automation-tf-bootstrap-sa.iam_email
+    ]
     "roles/iam.serviceAccountAdmin" = [
-      module.automation-tf-bootstrap-sa.iam_email,
       module.automation-tf-resman-sa.iam_email
     ]
     "roles/storage.admin" = [
-      module.automation-tf-bootstrap-sa.iam_email,
       module.automation-tf-resman-sa.iam_email
     ]
   }