Add IAM leveled secondary admin/read-only group permissions hierarchy to workloads projects for tiered CI/CD #271
Description
20230808: todo: add project level iam access to https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/environments/common/iam-groups.auto.tfvars#L18
In addition to #263 add alternate admin permissions to workload projects
Opinionated groups gexample
ProdOpsAdmin group
- administrator
ProdRead group
- view only
ProdTelcoAdmin group
- network admin
- or support user
- or view only
ProdSecAdmin group
- view only
ProdBilling group
- view only
Similar to the TEF or TOC default groups
or kcc groups https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/main/solutions/guardrails/configs/iam/group-iam.yaml