Commit 639dabb9 authored by Adam Robinson's avatar Adam Robinson
Browse files

add permission for customer shared vpc admin

parent 3270ed73
......@@ -49,6 +49,14 @@ data "google_iam_policy" "customer_folder_policy" {
]
}
dynamic "binding" {
for_each = var.customer_is_shared_vpc_admin ? ["roles/compute.xpnAdmin"] : []
role = binding
members = [
"group:${var.mcomm_group_email}",
]
}
binding {
role = "roles/resourcemanager.projectCreator"
members = [
......@@ -56,7 +64,7 @@ data "google_iam_policy" "customer_folder_policy" {
]
}
binding {
binding {
role = "roles/resourcemanager.folderEditor"
members = [
"serviceAccount:${var.provisioning_service_account_email}",
......
......@@ -69,3 +69,8 @@ variable "folder_display_name" {
}
}
variable "customer_is_shared_vpc_admin" {
type = bool
description = "Should the customer be given Shared VPC Admin permission to the customer folder. Defaults to false."
default = false
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment