Skip to content

Commit

Permalink
Merge pull request #21 from paulpalamarchuk/rework_sa_roles_for_cleanup
Browse files Browse the repository at this point in the history
Reworked SA roles for old-projects cleanup.
  • Loading branch information
morgante authored Nov 8, 2019
2 parents 4c6c87c + 1bb18ba commit b908119
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions modules/project_cleanup/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,17 @@ resource "google_service_account" "project_cleaner_function" {
display_name = "Project Cleaner Function"
}

resource "google_organization_iam_member" "project_owner" {
org_id = var.organization_id
role = "roles/owner"
member = "serviceAccount:${google_service_account.project_cleaner_function.email}"
module "sa-organization-roles" {
source = "terraform-google-modules/iam/google//modules/organizations_iam"
version = "4.0.0"
organizations = [var.organization_id]
mode = "additive"

bindings = {
"roles/resourcemanager.projectDeleter" = ["serviceAccount:${google_service_account.project_cleaner_function.email}"]
"roles/resourcemanager.folderViewer" = ["serviceAccount:${google_service_account.project_cleaner_function.email}"]
"roles/resourcemanager.lienModifier" = ["serviceAccount:${google_service_account.project_cleaner_function.email}"]
}
}

module "scheduled_project_cleaner" {
Expand Down

0 comments on commit b908119

Please sign in to comment.