-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
51 lines (48 loc) · 1.6 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
variable "org_id" {
type = string
description = "Organization ID meshStack resources are under"
}
variable "project_id" {
type = string
description = "Project ID meshStack resources are under"
}
# Organization-level permissions
resource "google_organization_iam_custom_role" "meshplatform_integrator" {
role_id = "meshplatform.integrator.org"
org_id = var.org_id
title = "meshPlatform Integrator Org"
description = "Organization-level role for integrating GCP as a meshPlatform"
permissions = [
"iam.roles.list",
"iam.roles.get",
"iam.roles.create",
"resourcemanager.folders.get",
"resourcemanager.folders.getIamPolicy",
"resourcemanager.folders.setIamPolicy",
"billing.accounts.getIamPolicy",
"billing.accounts.setIamPolicy",
]
}
# Project-level permissions
resource "google_project_iam_custom_role" "meshplatform_integrator" {
role_id = "meshplatform.integrator"
project = var.project_id
title = "meshPlatform Integrator"
description = "Project-level role for integrating GCP as a meshPlatform"
permissions = [
"iam.serviceAccountKeys.create",
"iam.serviceAccountKeys.get",
"iam.serviceAccountKeys.list",
"iam.serviceAccounts.get",
"iam.serviceAccounts.list",
"iam.serviceAccounts.create",
"iam.serviceAccounts.getIamPolicy",
"iam.serviceAccounts.setIamPolicy",
"serviceusage.services.list",
"serviceusage.services.use",
"serviceusage.services.get",
"resourcemanager.projects.get",
"resourcemanager.projects.getIamPolicy",
"resourcemanager.projects.setIamPolicy",
]
}