Skip to content

Commit 7cfbba3

Browse files
ravinadhruve10ravinadhruve10
authored
Fix and cleanup trust-relationship from service-principal module (#5)
1 parent 3e29d86 commit 7cfbba3

File tree

2 files changed

+13
-13
lines changed

2 files changed

+13
-13
lines changed

modules/services/service-principal/main.tf

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,24 +5,24 @@
55
resource "google_service_account" "sa" {
66
project = var.project_id
77
account_id = var.service_account_name
8-
display_name = "Service account for trust-relationship"
8+
display_name = "Service account for secure posture management"
99
}
1010

1111
#---------------------------------
1212
# role permissions for onboarding
1313
#---------------------------------
14-
resource "google_project_iam_member" "onboarding_role" {
14+
resource "google_project_iam_member" "browser" {
1515
count = var.is_organizational ? 0 : 1
1616

1717
project = var.project_id
1818
role = "roles/browser"
1919
member = "serviceAccount:${google_service_account.sa.email}"
2020
}
2121

22-
#--------------------------------------------------------------------------------------
23-
# role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Trust Relationship)
24-
#--------------------------------------------------------------------------------------
25-
resource "google_project_iam_member" "trust_relationship_role" {
22+
#---------------------------------------------------------------------------------------------
23+
# role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Secure Posture Management)
24+
#---------------------------------------------------------------------------------------------
25+
resource "google_project_iam_member" "cloudasset_viewer" {
2626
for_each = var.is_organizational ? [] : toset(["roles/cloudasset.viewer"])
2727

2828
project = var.project_id
@@ -33,7 +33,7 @@ resource "google_project_iam_member" "trust_relationship_role" {
3333
#---------------------------------------------------------------------------------------
3434
# role permissions for CIEM (GCP Predefined Roles for Sysdig Cloud Identity Management)
3535
#---------------------------------------------------------------------------------------
36-
resource "google_project_iam_member" "identity_mgmt_role" {
36+
resource "google_project_iam_member" "identity_mgmt" {
3737
for_each = var.is_organizational ? [] : toset(["roles/recommender.viewer", "roles/iam.serviceAccountViewer", "roles/iam.roleViewer"])
3838

3939
project = var.project_id

modules/services/service-principal/organizational.tf

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,18 +14,18 @@ data "google_organization" "org" {
1414
#---------------------------------
1515
# role permissions for onboarding
1616
#---------------------------------
17-
resource "google_organization_iam_member" "onboarding_role" {
17+
resource "google_organization_iam_member" "browser" {
1818
count = var.is_organizational ? 1 : 0
1919

2020
org_id = data.google_organization.org[0].org_id
2121
role = "roles/browser"
2222
member = "serviceAccount:${google_service_account.sa.email}"
2323
}
2424

25-
#--------------------------------------------------------------------------------------
26-
# role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Trust Relationship)
27-
#--------------------------------------------------------------------------------------
28-
resource "google_organization_iam_member" "trust_relationship_role" {
25+
#---------------------------------------------------------------------------------------------
26+
# role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Secure Posture Management)
27+
#---------------------------------------------------------------------------------------------
28+
resource "google_organization_iam_member" "cloudasset_viewer" {
2929
for_each = var.is_organizational ? toset(["roles/cloudasset.viewer"]) : []
3030

3131
org_id = data.google_organization.org[0].org_id
@@ -36,7 +36,7 @@ resource "google_organization_iam_member" "trust_relationship_role" {
3636
#---------------------------------------------------------------------------------------
3737
# role permissions for CIEM (GCP Predefined Roles for Sysdig Cloud Identity Management)
3838
#---------------------------------------------------------------------------------------
39-
resource "google_organization_iam_member" "identity_mgmt_role" {
39+
resource "google_organization_iam_member" "identity_mgmt" {
4040
for_each = var.is_organizational ? toset(["roles/recommender.viewer", "roles/iam.serviceAccountViewer", "roles/iam.organizationRoleViewer"]) : []
4141

4242
org_id = data.google_organization.org[0].org_id

0 commit comments

Comments
 (0)