From 6194f6ca5f8e2f32c562e4dcb49c2801901e0f54 Mon Sep 17 00:00:00 2001
From: Gus Narea <gnarea@users.noreply.github.com>
Date: Mon, 4 Mar 2024 13:21:38 +0000
Subject: [PATCH] Grant SA listing to auditors

---
 environments/belgium/audit.tf | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/environments/belgium/audit.tf b/environments/belgium/audit.tf
index 967d8b6..54e2bab 100644
--- a/environments/belgium/audit.tf
+++ b/environments/belgium/audit.tf
@@ -67,3 +67,21 @@ resource "google_project_iam_member" "auditors_secret_manager" {
   role    = "roles/secretmanager.viewer"
   member  = each.value
 }
+
+resource "google_project_iam_custom_role" "auditor_additional_perms" {
+  project = var.gcp_project_id
+  role_id = "tmp_auditor"
+  title   = "Security auditor"
+  permissions = [
+    "iam.serviceAccounts.list",
+  ]
+}
+
+resource "google_project_iam_member" "auditor_additional_perms" {
+  // repeat for each auditor_uris
+  for_each = toset(var.temporary_auditor_iam_uris)
+
+  project = var.gcp_project_id
+  role    = google_project_iam_custom_role.auditor_additional_perms.name
+  member  = each.value
+}