Merge pull request #18 from rcwbr/14-apply-step-fails-due-to-permissi…

…on-forbidden fix: grant apply admin over plan account
rcwbr · Oct 9, 2024 · 5107030 · 5107030
2 parents b43b4fc + 8a45512
commit 5107030
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/data.tf b/data.tf
@@ -8,6 +8,12 @@ data "google_iam_policy" "github_actions_plan_sa_bindings" {
     role    = "roles/iam.workloadIdentityUser"
     members = [local.github_actions_plan_identity]
   }
+
+  // Allow the apply account to administer the service account
+  binding {
+    role    = "roles/iam.serviceAccountAdmin"
+    members = [google_service_account.github_actions_apply.member]
+  }
 }
 
 data "google_iam_policy" "github_actions_apply_sa_bindings" {