-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiam_roles_services.tf
38 lines (30 loc) · 1.71 KB
/
iam_roles_services.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
resource "google_project_iam_member" "pubsub_service__bigquery__data_editor" {
project = var.google_cloud_project_id
role = "roles/bigquery.dataEditor"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com"
depends_on = [time_sleep.wait_for_google_apis_to_enable]
}
resource "google_project_iam_member" "cloud_build__service_agent" {
project = var.google_cloud_project_id
role = "roles/cloudbuild.serviceAgent"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
depends_on = [time_sleep.wait_for_google_apis_to_enable]
}
resource "google_project_iam_member" "cloud_build__service_usage_consumer" {
project = var.google_cloud_project_id
role = "roles/serviceusage.serviceUsageConsumer"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
depends_on = [time_sleep.wait_for_google_apis_to_enable]
}
resource "google_project_iam_member" "cloud_functions__service_agent" {
project = var.google_cloud_project_id
role = "roles/cloudfunctions.serviceAgent"
member = "serviceAccount:service-${data.google_project.project.number}@gcf-admin-robot.iam.gserviceaccount.com"
depends_on = [time_sleep.wait_for_google_apis_to_enable]
}
resource "google_project_iam_member" "cloud_functions__service_usage_consumer" {
project = var.google_cloud_project_id
role = "roles/serviceusage.serviceUsageConsumer"
member = "serviceAccount:service-${data.google_project.project.number}@gcf-admin-robot.iam.gserviceaccount.com"
depends_on = [time_sleep.wait_for_google_apis_to_enable]
}