From 7861ea74b863acf074833c10fb2c60b05db31539 Mon Sep 17 00:00:00 2001
From: Alex Ostapenko <alx13@users.noreply.github.com>
Date: Mon, 15 May 2023 12:20:33 +0200
Subject: [PATCH] fixed permissions for security stage SA (#1376)

it should be able to use automation project
as a quota project, hence it needs `serviceusage.serviceUsageConsumer`
role
---
 fast/stages/1-resman/branch-security.tf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fast/stages/1-resman/branch-security.tf b/fast/stages/1-resman/branch-security.tf
index 8e638a1a3b..31a833dc5e 100644
--- a/fast/stages/1-resman/branch-security.tf
+++ b/fast/stages/1-resman/branch-security.tf
@@ -59,6 +59,11 @@ module "branch-security-sa" {
       try(module.branch-security-sa-cicd.0.iam_email, null)
     ])
   }
+  iam_project_roles = {
+    (var.automation.project_id) = [
+      "roles/serviceusage.serviceUsageConsumer",
+    ]
+  }
   iam_storage_roles = {
     (var.automation.outputs_bucket) = ["roles/storage.objectAdmin"]
   }