feat: additional permissions

prabhu34 · prabhu34 · commit 3729b722c982 · 2025-02-04T17:16:27.000Z
diff --git a/test/setup/iam.tf b/test/setup/iam.tf
@@ -55,3 +55,15 @@ resource "google_project_iam_member" "int_test_service_project_iam" {
 resource "google_service_account_key" "int_test" {
   service_account_id = google_service_account.int_test.id
 }
+
+resource "google_project_iam_member" "service_composer_agent_service_account" {
+  project = module.service_project.project_id
+  role    = "roles/composer.ServiceAgentV2Ext"
+  member  = format("serviceAccount:service-%s@cloudcomposer-accounts.iam.gserviceaccount.com", module.service_project.project_number)
+}
+
+resource "google_project_iam_member" "host_composer_agent_service_account" {
+  project = module.project.project_id
+  role    = "roles/composer.sharedVpcAgent"
+  member  = format("serviceAccount:service-%s@cloudcomposer-accounts.iam.gserviceaccount.com", module.service_project.project_number)
+}
diff --git a/test/setup/main.tf b/test/setup/main.tf
@@ -67,6 +67,10 @@ module "service_project" {
     {
       api   = "container.googleapis.com"
       roles = ["roles/container.serviceAgent"]
+    },
+    {
+      api   = "container.googleapis.com"
+      roles = ["roles/composer.sharedVpcAgent"]
     }
   ]
   disable_dependent_services  = false

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,10 @@ module "service_project" {`
`67`	`67`	`{`
`68`	`68`	`api = "container.googleapis.com"`
`69`	`69`	`roles = ["roles/container.serviceAgent"]`
	`70`	`+ },`
	`71`	`+ {`
	`72`	`+ api = "container.googleapis.com"`
	`73`	`+ roles = ["roles/composer.sharedVpcAgent"]`
`70`	`74`	`}`
`71`	`75`	`]`
`72`	`76`	`disable_dependent_services = false`