[router] Add browser role to service account

GoogleCloudPlatform / security-response-automation

Take automated actions against threats and vulnerabilities.

Apache License 2.0

208 stars 52 forks source link

[router] Add browser role to service account #152

Closed daniel-cit closed 4 years ago

daniel-cit commented 4 years ago

Add Browser role to the service account for validation of project ancestry in router CF

daniel-cit commented 4 years ago

a future PR should remove

# Required to retrieve ancestry for projects within this folder.
resource "google_folder_iam_member" "roles-viewer" {
  count = length(var.folder-ids)

  folder = "folders/${var.folder-ids[count.index]}"
  role   = "roles/viewer"
  member = "serviceAccount:${var.setup.automation-service-account}"
}

from each of the others CF's terraform configuration.