fix(fleet_app_operator_permissions): enable multi use per project

modules/fleet-app-operator-permissions/main.tf

@@ -39,21 +39,23 @@ locals {
   }
 }
 
-resource "google_project_iam_binding" "log_view_permissions" {
-  project = var.fleet_project_id
-  role    = "roles/logging.viewAccessor"
-  members = concat(local.user_principals, local.group_principals)
+resource "google_project_iam_member" "log_view_permissions" {
+  project  = var.fleet_project_id
+  for_each = toset(concat(local.user_principals, local.group_principals))
+  role     = "roles/logging.viewAccessor"
+  member   = each.value
   condition {
     title       = "conditional log view access"
     description = "log view access for scope ${var.scope_id}"
     expression  = "resource.name == \"projects/${var.fleet_project_id}/locations/global/buckets/fleet-o11y-scope-${var.scope_id}/views/fleet-o11y-scope-${var.scope_id}-k8s_container\" || resource.name == \"projects/${var.fleet_project_id}/locations/global/buckets/fleet-o11y-scope-${var.scope_id}/views/fleet-o11y-scope-${var.scope_id}-k8s_pod\""
   }
 }
 
-resource "google_project_iam_binding" "project_level_scope_permissions" {
-  project = var.fleet_project_id
-  role    = local.project_level_scope_role[var.role]
-  members = concat(local.user_principals, local.group_principals)
+resource "google_project_iam_member" "project_level_scope_permissions" {
+  project  = var.fleet_project_id
+  for_each = toset(concat(local.user_principals, local.group_principals))
+  role     = local.project_level_scope_role[var.role]
+  member   = each.value
 }
 
 resource "google_gke_hub_scope_iam_binding" "resource_level_scope_permissions" {