kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix dependencies

Browse Source 
Fix role
This commit is contained in:
Lorenzo Caggioni
2021-06-15 00:54:59 +02:00
parent 741de90eed
commit d03773df46
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/project/main.tf
View File

@@ -370,6 +370,13 @@ resource "google_kms_crypto_key_iam_member" "crypto_key" {
for service_key in local.service_encryption_key_ids : "${service_key.service}.${service_key.key}" => service_key
}
crypto_key_id = each.value.key
role = "roles/cloudkms.cryptoKeyEncrypter"
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:${local.service_accounts_robots[each.value.service]}"
depends_on = [
google_project.project,
google_project_service.project_services,
data.google_bigquery_default_service_account.bq_sa,
data.google_project.project,
data.google_storage_project_service_account.gcs_sa,
]
}

21
modules/project/service_accounts.tf
View File

@@ -41,19 +41,22 @@ locals {
}
}
data "google_storage_project_service_account" "gcs_account" {
count = contains(var.services, "storage.googleapis.com") ? 1 : 0
project = local.project.project_id
data "google_storage_project_service_account" "gcs_sa" {
count = contains(var.services, "storage.googleapis.com") ? 1 : 0
project = local.project.project_id
depends_on = [google_project_service.project_services]
}
data "google_bigquery_default_service_account" "bq_sa" {
count = contains(var.services, "bigquery.googleapis.com") ? 1 : 0
project = local.project.project_id
count = contains(var.services, "bigquery.googleapis.com") ? 1 : 0
project = local.project.project_id
depends_on = [google_project_service.project_services]
}
resource "google_project_service_identity" "sm_sa" {
provider = google-beta
count = contains(var.services, "secretmanager.googleapis.com") ? 1 : 0
project = local.project.project_id
service = "secretmanager.googleapis.com"
provider = google-beta
count = contains(var.services, "secretmanager.googleapis.com") ? 1 : 0
project = local.project.project_id
service = "secretmanager.googleapis.com"
depends_on = [google_project_service.project_services]
}