(internal) Add token role (#12)

* Add serviceAccountTokenCreator for CSPM

* Add to org

* Add logging viewer role

* Whitespace

* Update org

* Change the resource name to cspm

Author: mdkulkarni15

modules/services/service-principal/main.tf

@@ -22,8 +22,8 @@ resource "google_project_iam_member" "browser" {
 #---------------------------------------------------------------------------------------------
 # role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Secure Posture Management)
 #---------------------------------------------------------------------------------------------
-resource "google_project_iam_member" "cloudasset_viewer" {
-  for_each = var.is_organizational ? [] : toset(["roles/cloudasset.viewer", "roles/iam.serviceAccountTokenCreator"])
+resource "google_project_iam_member" "cspm" {
+  for_each = var.is_organizational ? [] : toset(["roles/cloudasset.viewer", "roles/iam.serviceAccountTokenCreator", "roles/logging.viewer"])
 
   project = var.project_id
   role    = each.key

modules/services/service-principal/organizational.tf

@@ -25,8 +25,8 @@ resource "google_organization_iam_member" "browser" {
 #---------------------------------------------------------------------------------------------
 # role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Secure Posture Management)
 #---------------------------------------------------------------------------------------------
-resource "google_organization_iam_member" "cloudasset_viewer" {
-  for_each = var.is_organizational ? toset(["roles/cloudasset.viewer", "roles/iam.serviceAccountTokenCreator"]) : []
+resource "google_organization_iam_member" "cspm" {
+  for_each = var.is_organizational ? toset(["roles/cloudasset.viewer", "roles/iam.serviceAccountTokenCreator", "roles/logging.viewer"]) : []
 
   org_id = data.google_organization.org[0].org_id
   role   = each.key