-
Notifications
You must be signed in to change notification settings - Fork 0
/
iam.tf
32 lines (30 loc) · 970 Bytes
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
locals {
default_vertex_nb_sa_roles = [
"roles/aiplatform.user",
"roles/iam.serviceAccountUser",
"roles/bigquery.jobUser",
"roles/bigquery.user",
"roles/bigquery.dataEditor",
"roles/bigquery.dataOwner",
"roles/storage.admin",
"roles/storage.objectAdmin",
"roles/logging.admin",
"roles/artifactregistry.admin",
"roles/notebooks.admin"
]
vertex_nb_sa_roles = concat(local.default_vertex_nb_sa_roles, var.additional_vertex_nb_sa_roles)
}
resource "google_service_account" "vertex_service_account" {
project = var.project
account_id = "vertex-nb-sa"
display_name = "Vertex User Managed Service Account"
}
resource "google_project_iam_member" "vertex_nb_sa" {
for_each = toset(local.vertex_nb_sa_roles)
project = var.project
role = each.key
member = "serviceAccount:${google_service_account.vertex_service_account.email}"
depends_on = [
google_service_account.vertex_service_account
]
}