Skip to content

Commit

Permalink
fix: grant apply serviceAccountTokenCreator
Browse files Browse the repository at this point in the history
  • Loading branch information
@rcwbr
rcwbr committed Oct 8, 2024
1 parent 3d488d0 commit 3436a00
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,19 @@ data "google_storage_bucket" "state_bucket" {
data "google_iam_policy" "github_actions_plan_sa_bindings" {
// Allow the plan identity to act as the service account
binding {
role = "roles/iam.workloadIdentityUser"

role = "roles/iam.workloadIdentityUser"
members = [local.github_actions_plan_identity]
}
}

data "google_iam_policy" "github_actions_apply_sa_bindings" {
// Allow the apply identity to act as the service account
binding {
role = "roles/iam.workloadIdentityUser"

role = "roles/iam.workloadIdentityUser"
members = [local.github_actions_apply_identity]
}
binding {
role = "roles/iam.serviceAccountTokenCreator"
members = [local.github_actions_apply_identity]
}
}
Expand Down

0 comments on commit 3436a00

Please sign in to comment.