forked from t98s/minecraft-server
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathstarter_iam.tf
37 lines (31 loc) · 1.39 KB
/
starter_iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# #1 が解決されるまでの仮の措置として、インスタンスを開始できる人を指定できるようにする
locals {
minecraft_starter_gqp = "t98s-micraft-admins@googlegroups.com"
}
resource "google_project_iam_custom_role" "instanceStarter" {
title = "instanceStarter"
role_id = "instanceStarter"
permissions = ["compute.instances.start", "compute.instances.stop", "compute.instances.get"]
}
resource "google_project_iam_custom_role" "instanceLister" {
title = "instanceLister"
role_id = "instanceLister"
permissions = ["compute.instances.list"]
}
resource "google_compute_instance_iam_member" "instanceStarter" {
project = local.project
zone = local.zone
instance_name = google_compute_instance.minecraft.instance_id # インスタンス再生成事に無効化されてしまうのでこのようにインスタンスに依存させる必要がある
role = google_project_iam_custom_role.instanceStarter.id
member = "group:${local.minecraft_starter_gqp}"
}
resource "google_project_iam_member" "instanceLister" {
project = local.project
role = google_project_iam_custom_role.instanceLister.id
member = "group:${local.minecraft_starter_gqp}"
}
resource "google_project_iam_member" "projectBrowsers" {
project = local.project
role = "roles/viewer"
member = "group:${local.minecraft_starter_gqp}"
}