From be297baf721d9dddd02a051044554a386a536518 Mon Sep 17 00:00:00 2001
From: Andrew Peabody <andrewpeabody@google.com>
Date: Tue, 20 Aug 2024 18:25:04 +0000
Subject: [PATCH] fix(fleet_app_operator_permissions): enable multi use per
 project

---
 .../fleet-app-operator-permissions/main.tf    | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/modules/fleet-app-operator-permissions/main.tf b/modules/fleet-app-operator-permissions/main.tf
index 81fc13a96c..b8e7b45ebb 100644
--- a/modules/fleet-app-operator-permissions/main.tf
+++ b/modules/fleet-app-operator-permissions/main.tf
@@ -39,10 +39,11 @@ locals {
   }
 }
 
-resource "google_project_iam_binding" "log_view_permissions" {
-  project = var.fleet_project_id
-  role    = "roles/logging.viewAccessor"
-  members = concat(local.user_principals, local.group_principals)
+resource "google_project_iam_member" "log_view_permissions" {
+  project  = var.fleet_project_id
+  for_each = toset(concat(local.user_principals, local.group_principals))
+  role     = "roles/logging.viewAccessor"
+  members  = each.value
   condition {
     title       = "conditional log view access"
     description = "log view access for scope ${var.scope_id}"
@@ -50,17 +51,18 @@ resource "google_project_iam_binding" "log_view_permissions" {
   }
 }
 
-resource "google_project_iam_binding" "project_level_scope_permissions" {
-  project = var.fleet_project_id
-  role    = local.project_level_scope_role[var.role]
-  members = concat(local.user_principals, local.group_principals)
+resource "google_project_iam_member" "project_level_scope_permissions" {
+  project  = var.fleet_project_id
+  for_each = toset(concat(local.user_principals, local.group_principals))
+  role     = local.project_level_scope_role[var.role]
+  member   = each.value
 }
 
 resource "google_gke_hub_scope_iam_binding" "resource_level_scope_permissions" {
   project  = var.fleet_project_id
   scope_id = var.scope_id
   role     = local.resource_level_scope_role[var.role]
-  members  = concat(local.user_principals, local.group_principals)
+  member   = concat(local.user_principals, local.group_principals)
 }
 
 resource "random_id" "user_rand_suffix" {