Skip to content

Commit b290ebf

Browse files
camiekimglasntiennae
authored and
niharika-98
committed
docs: Update main.tf to support how-to guide in Eventarc docset (terraform-google-modules#783)
* docs: Update main.tf Per b/355941670 Associate workflow w/dedicated SA that can write logs * docs: Update main.tf Apply terraform fmt --------- Co-authored-by: Katie McLaughlin <[email protected]> Co-authored-by: Jennifer Davis <[email protected]>
1 parent 48524f3 commit b290ebf

File tree

1 file changed

+18
-10
lines changed

1 file changed

+18
-10
lines changed

eventarc/workflows/main.tf

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -16,18 +16,18 @@
1616

1717
# [START eventarc_workflows_parent_tag]
1818
# [START eventarc_terraform_workflows_enableapis]
19-
# Enable Eventarc API
20-
resource "google_project_service" "eventarc" {
21-
service = "eventarc.googleapis.com"
22-
disable_on_destroy = false
23-
}
24-
2519
# Enable Workflows API
2620
resource "google_project_service" "workflows" {
2721
service = "workflows.googleapis.com"
2822
disable_on_destroy = false
2923
}
3024

25+
# Enable Eventarc API
26+
resource "google_project_service" "eventarc" {
27+
service = "eventarc.googleapis.com"
28+
disable_on_destroy = false
29+
}
30+
3131
# Enable Pub/Sub API
3232
resource "google_project_service" "pubsub" {
3333
service = "pubsub.googleapis.com"
@@ -45,7 +45,7 @@ resource "google_service_account" "eventarc" {
4545
display_name = "Eventarc Workflows Service Account"
4646
}
4747

48-
# Grant permission to invoke workflows
48+
# Grant permission to invoke Workflows
4949
resource "google_project_iam_member" "workflowsinvoker" {
5050
project = data.google_project.project.id
5151
role = "roles/workflows.invoker"
@@ -58,6 +58,13 @@ resource "google_project_iam_member" "eventreceiver" {
5858
role = "roles/eventarc.eventReceiver"
5959
member = "serviceAccount:${google_service_account.eventarc.email}"
6060
}
61+
62+
# Grant permission to write logs
63+
resource "google_project_iam_member" "logwriter" {
64+
project = data.google_project.project.id
65+
role = "roles/logging.logWriter"
66+
member = "serviceAccount:${google_service_account.eventarc.email}"
67+
}
6168
# [END eventarc_workflows_create_serviceaccount]
6269

6370

@@ -89,9 +96,10 @@ resource "google_project_iam_member" "pubsubpublisher" {
8996
# [START eventarc_workflows_deploy]
9097
# Create a workflow
9198
resource "google_workflows_workflow" "default" {
92-
name = "storage-workflow-tf"
93-
region = "us-central1"
94-
description = "Workflow that returns information about storage events"
99+
name = "storage-workflow-tf"
100+
region = "us-central1"
101+
description = "Workflow that returns information about storage events"
102+
service_account = google_service_account.eventarc.email
95103

96104
deletion_protection = false # set to "true" in production
97105

0 commit comments

Comments
 (0)