feat: granted cloud service mesh agent the necessary permission on ne… (

#162)
GoogleCloudPlatform · Jun 6, 2024 · 73028ab · 73028ab
1 parent 9dd61d8
commit 73028ab
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/4-fleetscope/modules/env_baseline/asm.tf b/4-fleetscope/modules/env_baseline/asm.tf
@@ -52,12 +52,14 @@ resource "google_project_service_identity" "fleet_meshconfig_sa" {
 }
 
 data "google_project" "project" {
-  project_id = var.cluster_project_id
+  project_id = var.fleet_project_id
 }
 
-// Grant service mesh service identity permission to access the cluster project
+// Grant service mesh service identity permission to access the cluster and network project
 resource "google_project_iam_member" "cluster_service_agent_mesh" {
-  project = var.cluster_project_id
+  for_each = toset(distinct([var.cluster_project_id, var.network_project_id]))
+
+  project = each.key
   role    = "roles/anthosservicemesh.serviceAgent"
   member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-servicemesh.iam.gserviceaccount.com"
   depends_on = [