Skip to content

Commit

Permalink
fix: adding roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@cka-y
cka-y committed Oct 7, 2023
1 parent 38d43d5 commit f1029b9
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/db-update-dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
push: # Update on merge on master if the changelog file has been updated
branches:
- main
- 'feat/19'
# - 'feat/19'
# TODO restore before merge
# paths:
# - 'liquibase/changelog.xml'
Expand Down
6 changes: 6 additions & 0 deletions infra/batch/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ data "google_service_account" "ci_impersonator_service_account" {
project = var.project_id
}

resource "google_project_iam_member" "ci_binding_cloudsql_admin" {
project = var.project_id
role = "roles/datastore.databases.owner"
member = "serviceAccount:${data.google_service_account.ci_impersonator_service_account.email}"
}

resource "google_project_service" "services" {
for_each = toset(local.services)
service = each.value
Expand Down
8 changes: 1 addition & 7 deletions infra/terraform-init/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,13 +160,7 @@ resource "google_project_iam_member" "ci_binding_cloudsql_admin" {

resource "google_project_iam_member" "ci_binding_cloudsql_admin" {
project = var.project_id
role = "roles/datastore.databases.create"
member = "serviceAccount:${google_service_account.ci_service_account.email}"
}

resource "google_project_iam_member" "ci_binding_cloudsql_admin" {
project = var.project_id
role = "roles/datastore.databases.list"
role = "roles/datastore.databases.owner"
member = "serviceAccount:${google_service_account.ci_service_account.email}"
}

Expand Down

0 comments on commit f1029b9

Please sign in to comment.