This change grants the automation service account permissions to make revisions to the cloud run services and also toset's on each of the service IAM configurations to avoid duplicate assignments.
I considered granting the developer role on the service account when rendering the template (see commit 042503b), because this would make it more explicit which IAM roles are assigned. But I decided against that idea, because the terraform module should provide everything that is required to run the service, even if that means the role assignment is hidden in the module itself.
This change grants the automation service account permissions to make revisions to the cloud run services and also
toset
's on each of the service IAM configurations to avoid duplicate assignments.I considered granting the developer role on the service account when rendering the template (see commit 042503b), because this would make it more explicit which IAM roles are assigned. But I decided against that idea, because the terraform module should provide everything that is required to run the service, even if that means the role assignment is hidden in the module itself.