Add wif permissions to bootstrap tf SA (#2290)

* add wif permissions to bootstrap tf SA
2024-05-20 18:15:23 +02:00
parent 98126f2ab8
commit 79af34b69e
3 changed files with 22 additions and 5 deletions
--- a/fast/stages/0-bootstrap/organization-iam.tf
+++ b/fast/stages/0-bootstrap/organization-iam.tf
@@ -108,6 +108,7 @@ locals {
      additive = concat(
        [
          "roles/iam.organizationRoleAdmin",
+          "roles/iam.workforcePoolAdmin",
          "roles/orgpolicy.policyAdmin"
        ],
        local.billing_mode != "org" ? [] : [
@@ -126,6 +127,7 @@ locals {
        [
          # the organizationAdminViewer custom role is granted via the SA module
          "roles/iam.organizationRoleViewer",
+          "roles/iam.workforcePoolViewer",
          "roles/orgpolicy.policyViewer"
        ],
        local.billing_mode != "org" ? [] : [