Skip to content

Commit

Permalink
Maybe this?
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomseago
tomseago committed Jan 31, 2024
1 parent a9a6aa8 commit 810a3aa
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions devops/prod/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ locals {

# Make all the buckets public
resource "google_storage_bucket_iam_binding" "buckets_public" {
depends_on = [google_project_iam_member.storage_iam]
for_each = toset(local.buckets)

bucket = "${each.key}.baaahs.org"
Expand All @@ -165,6 +166,7 @@ data "google_iam_policy" "static" {
}

resource "google_storage_bucket_iam_policy" "static" {
depends_on = [google_project_iam_member.storage_iam]
bucket = google_storage_bucket.static.name
policy_data = data.google_iam_policy.static.policy_data
}
Expand All @@ -178,7 +180,25 @@ resource "google_storage_bucket_iam_policy" "static" {
# ]
#}

data "google_client_openid_userinfo" "me" {}
data "google_client_config" "me" {}

#resource "google_storage_bucket_iam_binding" "buckets_service_account" {
# depends_on = [google_project_iam_member.storage_iam]
# for_each = toset(local.buckets)
#
# bucket = "${each.key}.baaahs.org"
# role = "roles/storage.objectAdmin"
# members = [
# "serviceAccount:${data.google_client_openid_userinfo.me.email}",
# ]
#}

resource "google_project_iam_member" "storage_iam" {
project = data.google_client_config.me.project
role = "roles/storage.admin"
member = "serviceAccount:${data.google_client_openid_userinfo.me.email}"
}

# ---------------------------------------------------------------------------
# To be accessible to the load balancer each bucket needs to be exposed
Expand Down

0 comments on commit 810a3aa

Please sign in to comment.