enable ondemand scanning role to kustomize SA

kubernetes · Nov 2, 2021 · 7c86ed1 · 7c86ed1
1 parent ed10a49
commit 7c86ed1
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/infra/gcp/bash/ensure-staging-storage.sh b/infra/gcp/bash/ensure-staging-storage.sh
@@ -417,6 +417,7 @@ function staging_special_case__k8s_staging_kustomize() {
     principal="group:${owners}"
     ensure_project_role_binding "${project}" "${principal}" "roles/cloudkms.admin"
     ensure_project_role_binding "${project}" "${principal}" "roles/cloudkms.cryptoKeyEncrypter"
+    ensure_project_role_binding "${project}" "${principal}" "roles/ondemandscanning.admin"
 
     # ensure cloud builds can access keyrings for decryption
     local cloudbuild_sa_email="[email protected]"