fix: grant apply admin over plan account

rcwbr · Oct 9, 2024 · 8a45512 · 8a45512
1 parent b43b4fc
commit 8a45512
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/data.tf b/data.tf
@@ -8,6 +8,12 @@ data "google_iam_policy" "github_actions_plan_sa_bindings" {
     role    = "roles/iam.workloadIdentityUser"
     members = [local.github_actions_plan_identity]
   }
+
+  // Allow the apply account to administer the service account
+  binding {
+    role    = "roles/iam.serviceAccountAdmin"
+    members = [google_service_account.github_actions_apply.member]
+  }
 }
 
 data "google_iam_policy" "github_actions_apply_sa_bindings" {