From d03773df46fd385dbef4fc10a82713b69ce10d79 Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lorenzo.caggioni@gmail.com>
Date: Tue, 15 Jun 2021 00:54:59 +0200
Subject: [PATCH] Fix dependencies Fix role

---
 modules/project/main.tf             |  9 ++++++++-
 modules/project/service_accounts.tf | 21 ++++++++++++---------
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/modules/project/main.tf b/modules/project/main.tf
index 80b8b7c37..08bf0e001 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -370,6 +370,13 @@ resource "google_kms_crypto_key_iam_member" "crypto_key" {
     for service_key in local.service_encryption_key_ids : "${service_key.service}.${service_key.key}" => service_key
   }
   crypto_key_id = each.value.key
-  role          = "roles/cloudkms.cryptoKeyEncrypter"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member        = "serviceAccount:${local.service_accounts_robots[each.value.service]}"
+  depends_on = [
+    google_project.project,
+    google_project_service.project_services,
+    data.google_bigquery_default_service_account.bq_sa,
+    data.google_project.project,
+    data.google_storage_project_service_account.gcs_sa,
+  ]
 }
diff --git a/modules/project/service_accounts.tf b/modules/project/service_accounts.tf
index c7dc1d49b..628c1607d 100644
--- a/modules/project/service_accounts.tf
+++ b/modules/project/service_accounts.tf
@@ -41,19 +41,22 @@ locals {
   }
 }
 
-data "google_storage_project_service_account" "gcs_account" {
-  count   = contains(var.services, "storage.googleapis.com") ? 1 : 0
-  project = local.project.project_id
+data "google_storage_project_service_account" "gcs_sa" {
+  count      = contains(var.services, "storage.googleapis.com") ? 1 : 0
+  project    = local.project.project_id
+  depends_on = [google_project_service.project_services]
 }
 
 data "google_bigquery_default_service_account" "bq_sa" {
-  count   = contains(var.services, "bigquery.googleapis.com") ? 1 : 0
-  project = local.project.project_id
+  count      = contains(var.services, "bigquery.googleapis.com") ? 1 : 0
+  project    = local.project.project_id
+  depends_on = [google_project_service.project_services]
 }
 
 resource "google_project_service_identity" "sm_sa" {
-  provider = google-beta
-  count    = contains(var.services, "secretmanager.googleapis.com") ? 1 : 0
-  project  = local.project.project_id
-  service  = "secretmanager.googleapis.com"
+  provider   = google-beta
+  count      = contains(var.services, "secretmanager.googleapis.com") ? 1 : 0
+  project    = local.project.project_id
+  service    = "secretmanager.googleapis.com"
+  depends_on = [google_project_service.project_services]
 }