Merge pull request #7273 from ameukam/allow-gcb-sa-kubernetes-release-test

k8s-ci-robot · web-flow · commit 5a417fe27eae · 2024-09-09T20:49:28.000+01:00
gcp: Allow GCB service agent for kubernetes-release-test
diff --git a/infra/gcp/terraform/k8s-infra-releases-prod/main.tf b/infra/gcp/terraform/k8s-infra-releases-prod/main.tf
@@ -49,6 +49,14 @@ resource "google_storage_hmac_key" "fastly_reader_key" {
   service_account_email = google_service_account.fastly_reader.email
 }
 
+// TODO: remove this after https://github.com/kubernetes/release/issues/3425
+resource "google_storage_bucket_iam_member" "release_object_admin" {
+  bucket     = module.k8s_releases_prod.bucket_name
+  role       = "roles/storage.objectAdmin"
+  member     = "serviceAccount:648026197307@cloudbuild.gserviceaccount.com"
+  depends_on = [module.k8s_releases_prod]
+}
+
 resource "google_storage_bucket_iam_member" "fastly_reader" {
   bucket     = module.k8s_releases_prod.bucket_name
   role       = "roles/storage.objectViewer"
