-
Notifications
You must be signed in to change notification settings - Fork 2
/
iam.tf
34 lines (28 loc) · 1.02 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
data "google_project" "project" {
project_id = var.project_id
}
resource "google_service_account" "sa" {
project = var.project_id
account_id = var.account_id
display_name = "Service Account used by Cloud Run Job to run data release validation"
}
resource "google_project_iam_member" "sa_bigquery_editor" {
project = var.project_id
role = "roles/bigquery.dataEditor"
member = "serviceAccount:${google_service_account.sa.email}"
}
resource "google_project_iam_member" "sa_bigquery_viewer" {
project = var.project_id
role = "roles/bigquery.dataViewer"
member = "serviceAccount:${google_service_account.sa.email}"
}
resource "google_project_iam_member" "sa_bigquery_job_user" {
project = var.project_id
role = "roles/bigquery.jobUser"
member = "serviceAccount:${google_service_account.sa.email}"
}
resource "google_project_iam_member" "sa_secret_accessor" {
project = var.project_id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:${google_service_account.sa.email}"
}