From 89d8911741e5fc1b8eb9b0192624064e8e03476d Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Wed, 20 Aug 2025 20:45:43 +0200
Subject: [PATCH] support different key names for service accounts in IAM
 interpolation (#3279)

Fixes #3278
---
 modules/project-factory/automation.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/project-factory/automation.tf b/modules/project-factory/automation.tf
index 856587cfe..e8d301999 100644
--- a/modules/project-factory/automation.tf
+++ b/modules/project-factory/automation.tf
@@ -61,6 +61,7 @@ module "automation-bucket" {
   iam = {
     for k, v in lookup(each.value, "iam", {}) : k => [
       for vv in v : try(
+        module.automation-service-accounts["${each.key}/automation/${vv}"].iam_email,
         module.automation-service-accounts["${each.key}/${vv}"].iam_email,
         var.factories_config.context.iam_principals[vv],
         vv
@@ -92,6 +93,7 @@ module "automation-bucket" {
   iam_bindings_additive = {
     for k, v in lookup(each.value, "iam_bindings_additive", {}) : k => merge(v, {
       member = try(
+        module.automation-service-accounts["${each.key}/automation/${v.member}"].iam_email,
         module.automation-service-accounts["${each.key}/${v.member}"].iam_email,
         var.factories_config.context.iam_principals[v.member],
         v.member