Skip to content

Commit d4a0258

Browse files
bolyachevetsbolyachevets
committed
add service account to run PAM cloud functions
1 parent 6ce89b0 commit d4a0258

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

gcp/terraform/project_account_bindings.auto.tfvars

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@ projects = {
55
project_id = "mvnjri-prod"
66
env = "prod"
77
service_accounts = {
8+
sa-pam-enabler = {
9+
roles = ["projects/mvnjri-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
10+
description = "Service Account for running PAM entitlement grant cloud functions"
11+
},
812
sa-pubsub = {
913
roles = ["roles/iam.serviceAccountTokenCreator", "roles/pubsub.publisher", "roles/pubsub.subscriber"]
1014
description = "Service Account for running pubsub services"
@@ -65,6 +69,10 @@ projects = {
6569
project_id = "c4hnrd-prod"
6670
env = "prod"
6771
service_accounts = {
72+
sa-pam-enabler = {
73+
roles = ["projects/c4hnrd-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
74+
description = "Service Account for running PAM entitlement grant cloud functions"
75+
},
6876
sa-pubsub = {
6977
roles = ["projects/c4hnrd-prod/roles/rolequeue", "roles/iam.serviceAccountTokenCreator", "roles/pubsub.publisher", "roles/pubsub.subscriber", "roles/run.invoker"]
7078
description = "Service Account for running pubsub services"
@@ -118,6 +126,10 @@ projects = {
118126
project_id = "gtksf3-prod"
119127
env = "prod"
120128
service_accounts = {
129+
sa-pam-enabler = {
130+
roles = ["projects/gtksf3-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
131+
description = "Service Account for running PAM entitlement grant cloud functions"
132+
},
121133
sa-pubsub = {
122134
roles = ["roles/iam.serviceAccountTokenCreator", "roles/pubsub.publisher", "roles/pubsub.subscriber", "roles/run.invoker"]
123135
description = "Service Account for running pubsub services"
@@ -154,6 +166,10 @@ projects = {
154166
project_id = "yfjq17-prod"
155167
env = "prod"
156168
service_accounts = {
169+
sa-pam-enabler = {
170+
roles = ["projects/yfjq17-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
171+
description = "Service Account for running PAM entitlement grant cloud functions"
172+
},
157173
sa-pubsub = {
158174
roles = ["roles/iam.serviceAccountTokenCreator", "roles/pubsub.publisher", "roles/pubsub.subscriber"]
159175
description = "Service Account for running pubsub services"
@@ -176,6 +192,10 @@ projects = {
176192
project_id = "a083gt-prod"
177193
env = "prod"
178194
service_accounts = {
195+
sa-pam-enabler = {
196+
roles = ["projects/a083gt-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
197+
description = "Service Account for running PAM entitlement grant cloud functions"
198+
},
179199
sa-pubsub = {
180200
roles = ["roles/iam.serviceAccountTokenCreator", "roles/pubsub.publisher", "roles/pubsub.subscriber", "roles/run.invoker"]
181201
description = "Service Account for running pubsub services"
@@ -236,6 +256,10 @@ projects = {
236256
project_id = "keee67-prod"
237257
env = "prod"
238258
service_accounts = {
259+
sa-pam-enabler = {
260+
roles = ["projects/keee67-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
261+
description = "Service Account for running PAM entitlement grant cloud functions"
262+
},
239263
bn-tasks-run-invoker-prod = {
240264
roles = ["roles/editor", "roles/iam.serviceAccountUser"]
241265
description = ""
@@ -264,6 +288,10 @@ projects = {
264288
project_id = "eogruh-prod"
265289
env = "prod"
266290
service_accounts = {
291+
sa-pam-enabler = {
292+
roles = ["projects/eogruh-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
293+
description = "Service Account for running PAM entitlement grant cloud functions"
294+
},
267295
sa-pubsub = {
268296
roles = ["roles/iam.serviceAccountTokenCreator", "roles/pubsub.publisher", "roles/pubsub.subscriber"]
269297
description = "Service Account for running pubsub services"
@@ -331,6 +359,10 @@ projects = {
331359
project_id = "k973yf-prod"
332360
env = "prod"
333361
service_accounts = {
362+
sa-pam-enabler = {
363+
roles = ["projects/k973yf-prod/roles/rolecdcloudrun", "roles/cloudsql.admin", "roles/iam.serviceAccountAdmin", "roles/cloudfunctions.invoker", "roles/resourcemanager.projectIamAdmin", "roles/cloudbuild.builds.builder"]
364+
description = "Service Account for running PAM entitlement grant cloud functions"
365+
},
334366
sa-pubsub = {
335367
roles = ["roles/iam.serviceAccountTokenCreator", "roles/pubsub.publisher", "roles/pubsub.subscriber"]
336368
description = "Service Account for running pubsub services"

0 commit comments

Comments
 (0)