fix storage role for projects SA

renato-rudnicki · renato-rudnicki · commit 339b91dd46d5 · 2025-09-10T19:15:48.000-03:00
diff --git a/4-projects/business_unit_1/shared/example_infra_pipeline.tf b/4-projects/business_unit_1/shared/example_infra_pipeline.tf
@@ -71,6 +71,12 @@ resource "google_storage_bucket_iam_member" "cloudbuild_sa_storage_admin" {
   member = "serviceAccount:tf-cb-builder-sa@${local.cloudbuild_project_id}.iam.gserviceaccount.com"
 }
 
+resource "google_storage_bucket_iam_member" "projects_bucket_admin" {
+  bucket = "${local.cloudbuild_project_id}_cloudbuild"
+  role   = "roles/storage.admin"
+  member = "serviceAccount:${local.projects_terraform_sa}"
+}
+
 resource "google_storage_bucket_iam_member" "cloudbuild_bucket_admin" {
   bucket = "${local.cloudbuild_project_id}_cloudbuild"
   role   = "roles/storage.admin"
@@ -134,6 +140,7 @@ resource "time_sleep" "wait_iam_propagation" {
     google_project_iam_member.cloudbuild_logging,
     google_storage_bucket_iam_member.cloudbuild_sa_storage_admin,
     google_storage_bucket_iam_member.cloudbuild_bucket_admin,
+    google_storage_bucket_iam_member.projects_bucket_admin,
   ]
 }
 

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,12 @@ resource "google_storage_bucket_iam_member" "cloudbuild_sa_storage_admin" {`
`71`	`71`	`member = "serviceAccount:tf-cb-builder-sa@${local.cloudbuild_project_id}.iam.gserviceaccount.com"`
`72`	`72`	`}`
`73`	`73`
	`74`	`+resource "google_storage_bucket_iam_member" "projects_bucket_admin" {`
	`75`	`+ bucket = "${local.cloudbuild_project_id}_cloudbuild"`
	`76`	`+ role = "roles/storage.admin"`
	`77`	`+ member = "serviceAccount:${local.projects_terraform_sa}"`
	`78`	`+}`
	`79`	`+`
`74`	`80`	`resource "google_storage_bucket_iam_member" "cloudbuild_bucket_admin" {`
`75`	`81`	`bucket = "${local.cloudbuild_project_id}_cloudbuild"`
`76`	`82`	`role = "roles/storage.admin"`
`@@ -134,6 +140,7 @@ resource "time_sleep" "wait_iam_propagation" {`
`134`	`140`	`google_project_iam_member.cloudbuild_logging,`
`135`	`141`	`google_storage_bucket_iam_member.cloudbuild_sa_storage_admin,`
`136`	`142`	`google_storage_bucket_iam_member.cloudbuild_bucket_admin,`
	`143`	`+ google_storage_bucket_iam_member.projects_bucket_admin,`
`137`	`144`	`]`
`138`	`145`	`}`
`139`	`146`