From a402e9986229378e9d009245533224cef9523597 Mon Sep 17 00:00:00 2001
From: Cesar Wong <cewong@redhat.com>
Date: Wed, 31 Jul 2019 17:28:42 -0400
Subject: [PATCH] [gcp] data/data: add service user role to masters

The service user role is required for masters to be able to attach a
disk to an instance running as a different role.
See https://cloud.google.com/compute/docs/disks/add-persistent-disk
---
 data/data/gcp/master/main.tf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/data/data/gcp/master/main.tf b/data/data/gcp/master/main.tf
index 8ecac698198..89b45aa15b8 100644
--- a/data/data/gcp/master/main.tf
+++ b/data/data/gcp/master/main.tf
@@ -28,6 +28,11 @@ resource "google_project_iam_member" "master-object-storage-admin" {
   member = "serviceAccount:${google_service_account.master-node-sa.email}"
 }
 
+resource "google_project_iam_member" "master-service-account-user" {
+  role   = "roles/iam.serviceAccountUser"
+  member = "serviceAccount:${google_service_account.master-node-sa.email}"
+}
+
 resource "google_compute_instance" "master" {
   count = var.instance_count