-
Notifications
You must be signed in to change notification settings - Fork 0
/
iam.tf
25 lines (24 loc) · 1.08 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
module "service_accounts" {
source = "terraform-google-modules/service-accounts/google"
version = "4.4.1"
project_id = var.project_id
names = [local.serviceaccount_name]
descriptions = ["Truefoundry serviceaccount for truefoundry control-plane components"]
display_name = "Terraform-managed truefoundry control-plane service account"
generate_keys = false
project_roles = local.serviceaccount_roles
}
# // binding the serviceaccount to k8s serviceaccount
module "service_account_iam_bindings" {
source = "terraform-google-modules/iam/google//modules/service_accounts_iam"
version = "8.0.0"
service_accounts = module.service_accounts.service_accounts[*].email
project = var.project_id
mode = "additive"
bindings = {
"roles/iam.workloadIdentityUser" = [
"serviceAccount:${var.project_id}.svc.id.goog[${var.svcfoundry_k8s_namespace}/${var.svcfoundry_k8s_service_account}]",
"serviceAccount:${var.project_id}.svc.id.goog[${var.mlfoundry_k8s_namespace}/${var.mlfoundry_k8s_service_account}]",
]
}
}