# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. values: google_compute_shared_vpc_service_project.shared_vpc_service[0]: deletion_policy: null host_project: host-project service_project: alpha:my-project timeouts: null google_project_iam_member.service_agents["container-engine-robot"]: condition: [] member: serviceAccount:service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com project: alpha:my-project role: roles/container.serviceAgent google_project_iam_member.service_agents["gkenode"]: condition: [] member: serviceAccount:service-12345@gcp-sa-gkenode.alpha-system.iam.gserviceaccount.com project: alpha:my-project role: roles/container.defaultNodeServiceAgent google_project_iam_member.service_agents["serverless-robot-prod"]: condition: [] member: serviceAccount:service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com project: alpha:my-project role: roles/run.serviceAgent google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]: condition: [] member: serviceAccount:12345@cloudservices.alpha-system.iam.gserviceaccount.com project: host-project role: roles/compute.networkUser google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:container-engine"]: condition: [] member: serviceAccount:service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com project: host-project role: roles/compute.networkUser google_project_iam_member.shared_vpc_host_robots["roles/container.hostServiceAgentUser:container-engine"]: condition: [] member: serviceAccount:service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com project: host-project role: roles/container.hostServiceAgentUser google_project_iam_member.shared_vpc_host_robots["roles/vpcaccess.user:cloudrun"]: condition: [] member: serviceAccount:service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com project: host-project role: roles/vpcaccess.user google_project_service.project_services["container.googleapis.com"]: disable_dependent_services: false disable_on_destroy: false project: alpha:my-project service: container.googleapis.com timeouts: null google_project_service.project_services["run.googleapis.com"]: disable_dependent_services: false disable_on_destroy: false project: alpha:my-project service: run.googleapis.com timeouts: null google_project_service_identity.default["container.googleapis.com"]: project: alpha:my-project service: container.googleapis.com timeouts: null google_project_service_identity.default["run.googleapis.com"]: project: alpha:my-project service: run.googleapis.com timeouts: null outputs: default_service_accounts: compute: 12345-compute@developer.alpha-system.iam.gserviceaccount.com gae: my-project@appspot.alpha-system.iam.gserviceaccount.com id: alpha:my-project name: my-project number: 12345 project_id: alpha:my-project service_agents: cloudrun: api: run.googleapis.com display_name: Google Cloud Run Service Agent email: service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com is_primary: true name: serverless-robot-prod role: roles/run.serviceAgent cloudservices: api: null display_name: Google APIs Service Agent email: 12345@cloudservices.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:12345@cloudservices.alpha-system.iam.gserviceaccount.com is_primary: false name: cloudservices role: null cloudsvc: api: null display_name: Google APIs Service Agent email: 12345@cloudservices.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:12345@cloudservices.alpha-system.iam.gserviceaccount.com is_primary: false name: cloudservices role: null container: api: container.googleapis.com display_name: Kubernetes Engine Service Agent email: service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com is_primary: true name: container-engine-robot role: roles/container.serviceAgent container-engine: api: container.googleapis.com display_name: Kubernetes Engine Service Agent email: service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com is_primary: true name: container-engine-robot role: roles/container.serviceAgent container-engine-robot: api: container.googleapis.com display_name: Kubernetes Engine Service Agent email: service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:service-12345@container-engine-robot.alpha-system.iam.gserviceaccount.com is_primary: true name: container-engine-robot role: roles/container.serviceAgent gkenode: api: container.googleapis.com display_name: Kubernetes Engine Node Service Agent email: service-12345@gcp-sa-gkenode.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:service-12345@gcp-sa-gkenode.alpha-system.iam.gserviceaccount.com is_primary: false name: gkenode role: roles/container.defaultNodeServiceAgent run: api: run.googleapis.com display_name: Google Cloud Run Service Agent email: service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com is_primary: true name: serverless-robot-prod role: roles/run.serviceAgent serverless-robot-prod: api: run.googleapis.com display_name: Google Cloud Run Service Agent email: service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com iam_email: serviceAccount:service-12345@serverless-robot-prod.alpha-system.iam.gserviceaccount.com is_primary: true name: serverless-robot-prod role: roles/run.serviceAgent services: - container.googleapis.com - run.googleapis.com