re-add org policy admin role

2022-02-18 14:39:33 +01:00
parent 2259f3f44c
commit b9804d895b
1 changed files with 5 additions and 1 deletions
--- a/fast/stages/01-resman/organization.tf
+++ b/fast/stages/01-resman/organization.tf
@@ -63,7 +63,11 @@ module "organization" {
      "roles/compute.xpnAdmin" = [
        module.branch-network-sa.iam_email
      ]
-      "roles/orgpolicy.policyAdmin" = local.branch_teams_pf_sa_iam_emails
+      # TODO: implement tag-based conditions on this org role
+      "roles/orgpolicy.policyAdmin" = concat(
+        local.branch_teams_pf_sa_iam_emails,
+        local.branch_dataplatform_sa_iam_emails,
+      )
    },
    local.billing_org ? {
      "roles/billing.costsManager" = local.branch_teams_pf_sa_iam_emails