From 93b7b850fcf222adc205c49bd2ab81ab7d34eb9c Mon Sep 17 00:00:00 2001 From: Eric Zhao Date: Thu, 27 Jul 2023 13:14:43 +1000 Subject: [PATCH] feat: network user for dataflow service agent --- blueprints/factories/project-factory/main.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/blueprints/factories/project-factory/main.tf b/blueprints/factories/project-factory/main.tf index f70684f9c0..bd4dd3e784 100644 --- a/blueprints/factories/project-factory/main.tf +++ b/blueprints/factories/project-factory/main.tf @@ -138,6 +138,9 @@ locals { local.vpc_gke_service_agent || contains(var.services, "compute.googleapis.com") ) + vpc_dataflow_agent = ( + contains(var.services, "dataflow.googleapis.com") + ) vpc_gke_security_admin = coalesce( try(local.vpc.gke_setup.enable_security_admin, null), false ) @@ -199,7 +202,8 @@ module "project" { service_identity_iam = { "roles/compute.networkUser" = compact([ local.vpc_gke_service_agent ? "container-engine" : null, - local.vpc_cloudservices ? "cloudservices" : null + local.vpc_cloudservices ? "cloudservices" : null, + local.vpc_dataflow_agent ? "dataflow" : null ]) "roles/compute.securityAdmin" = compact([ local.vpc_gke_security_admin ? "container-engine" : null,