Skip to content

Commit

Permalink
Reworked SA roles for old-projects cleanup.
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulpalamarchuk
paulpalamarchuk committed Nov 8, 2019
1 parent 4c6c87c commit 2d0df00
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion modules/project_cleanup/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@

locals {
target_included_labels = var.target_tag_name != "" && var.target_tag_value != "" ? merge({ "${var.target_tag_name}" = "${var.target_tag_value}" }, var.target_included_labels) : var.target_included_labels
org_roles = [
"roles/resourcemanager.projectDeleter",
"roles/resourcemanager.folderViewer",
"roles/resourcemanager.lienModifier"
]
}

resource "google_service_account" "project_cleaner_function" {
Expand All @@ -25,8 +30,9 @@ resource "google_service_account" "project_cleaner_function" {
}

resource "google_organization_iam_member" "project_owner" {
count = length(local.org_roles)
org_id = var.organization_id
role = "roles/owner"
role = local.org_roles[count.index]
member = "serviceAccount:${google_service_account.project_cleaner_function.email}"
}

Expand Down

0 comments on commit 2d0df00

Please sign in to comment.