Skip to content

Commit

Permalink
feat: network user for dataflow service agent
Browse files Browse the repository at this point in the history
  • Loading branch information
ericyz committed Jul 27, 2023
1 parent 3f554ec commit 93b7b85
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion blueprints/factories/project-factory/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,9 @@ locals {
local.vpc_gke_service_agent ||
contains(var.services, "compute.googleapis.com")
)
vpc_dataflow_agent = (
contains(var.services, "dataflow.googleapis.com")
)
vpc_gke_security_admin = coalesce(
try(local.vpc.gke_setup.enable_security_admin, null), false
)
Expand Down Expand Up @@ -199,7 +202,8 @@ module "project" {
service_identity_iam = {
"roles/compute.networkUser" = compact([
local.vpc_gke_service_agent ? "container-engine" : null,
local.vpc_cloudservices ? "cloudservices" : null
local.vpc_cloudservices ? "cloudservices" : null,
local.vpc_dataflow_agent ? "dataflow" : null
])
"roles/compute.securityAdmin" = compact([
local.vpc_gke_security_admin ? "container-engine" : null,
Expand Down

0 comments on commit 93b7b85

Please sign in to comment.