add automation project number to stage 0 outputs

2022-06-16 21:56:18 +02:00
parent 2ec4fcae89
commit f163bad220
2 changed files with 7 additions and 1 deletions
--- a/fast/stages/00-bootstrap/automation.tf
+++ b/fast/stages/00-bootstrap/automation.tf
@@ -36,7 +36,9 @@ module "automation-project" {
  # machine (service accounts) IAM bindings
  iam = {
    "roles/owner" = [
-      module.automation-tf-bootstrap-sa.iam_email,
+      module.automation-tf-bootstrap-sa.iam_email
+    ]
+    "roles/cloudbuild.builds.editor" = [
      module.automation-tf-resman-sa.iam_email
    ]
    "roles/iam.serviceAccountAdmin" = [
@@ -45,6 +47,9 @@ module "automation-project" {
    "roles/iam.workloadIdentityPoolAdmin" = [
      module.automation-tf-resman-sa.iam_email
    ]
+    "roles/source.admin" = [
+      module.automation-tf-resman-sa.iam_email
+    ]
    "roles/storage.admin" = [
      module.automation-tf-resman-sa.iam_email
    ]
--- a/fast/stages/00-bootstrap/outputs.tf
+++ b/fast/stages/00-bootstrap/outputs.tf
@@ -57,6 +57,7 @@ locals {
      federated_identity_providers = local.wif_providers
      outputs_bucket               = module.automation-tf-output-gcs.name
      project_id                   = module.automation-project.project_id
+      project_number               = module.automation-project.number
    }
    custom_roles = local.custom_roles
  }