Add compute.xpnAdmin for GitHub service accounts on network folders

osinfra-io · Aug 13, 2023 · 76b18b0 · 76b18b0
1 parent 47f9223
commit 76b18b0
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,7 +12,7 @@ repos:
       - id: no-commit-to-branch
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.81.0
+    rev: v1.81.2
     hooks:
       - id: terraform_fmt
       - id: terraform_validate

diff --git a/global/infra/README.md b/global/infra/README.md
@@ -9,7 +9,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.68.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.77.0 |
 
 ## Modules
 

diff --git a/global/infra/tfvars/production.tfvars b/global/infra/tfvars/production.tfvars
@@ -122,7 +122,7 @@ folder_iam_policies = {
 
   13103602325 = {
     team        = "Platform - Landing Zone"
-    service     = "Services"
+    service     = "Networking"
     environment = "Sandbox"
     bindings = [
       {
@@ -131,6 +131,12 @@ folder_iam_policies = {
         ]
         role = "roles/resourcemanager.folderIamAdmin"
       },
+      {
+        members = [
+          "serviceAccount:plt-lz-networking-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com"
+        ]
+        role = "roles/compute.xpnAdmin"
+      },
       {
         members = [
           "serviceAccount:plt-lz-networking-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com"
@@ -142,7 +148,7 @@ folder_iam_policies = {
 
   345391277536 = {
     team        = "Platform - Landing Zone"
-    service     = "Services"
+    service     = "Networking"
     environment = "Non-Production"
     bindings = [
       {
@@ -151,6 +157,12 @@ folder_iam_policies = {
         ]
         role = "roles/resourcemanager.folderIamAdmin"
       },
+      {
+        members = [
+          "serviceAccount:plt-lz-networking-github@ptl-lz-terraform-tf05-nonprod.iam.gserviceaccount.com"
+        ]
+        role = "roles/compute.xpnAdmin"
+      },
       {
         members = [
           "serviceAccount:plt-lz-networking-github@ptl-lz-terraform-tf05-nonprod.iam.gserviceaccount.com"
@@ -162,7 +174,7 @@ folder_iam_policies = {
 
   1033174574192 = {
     team        = "Platform - Landing Zone"
-    service     = "Services"
+    service     = "Networking"
     environment = "Production"
     bindings = [
       {
@@ -171,6 +183,12 @@ folder_iam_policies = {
         ]
         role = "roles/resourcemanager.folderIamAdmin"
       },
+      {
+        members = [
+          "serviceAccount:plt-lz-networking-github@ptl-lz-terraform-tf62-prod.iam.gserviceaccount.com"
+        ]
+        role = "roles/compute.xpnAdmin"
+      },
       {
         members = [
           "serviceAccount:plt-lz-networking-github@ptl-lz-terraform-tf62-prod.iam.gserviceaccount.com"