Add Terraform Service Account impersonation config/code

[fmichaelobrien]

Thanks Chris Carty - retrofitting for TF SA impersonation - using the LZ as a reference https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/environments/bootstrap/bootstrap.sh#L178 via https://cloud.google.com/blog/topics/developers-practitioners/using-google-cloud-service-account-impersonation-your-terraform-code

[fmichaelobrien]

10

[fmichaelobrien]

Workaround is to add owner to the super admin account - if available

Plan: 6 to add, 0 to change, 0 to destroy.

Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.

Enter a value: yes

module.log_export_to_pubsub.google_logging_organization_sink.sink[0]: Creating... module.log_export_to_biqquery.google_logging_organization_sink.sink[0]: Creating... module.log_export_to_storage.google_logging_organization_sink.sink[0]: Creating... module.log_export_to_biqquery.google_logging_organization_sink.sink[0]: Creation complete after 1s [id=organizations/197381943134/sinks/log_sink-bq] module.bigquery_destination.google_project_iam_member.bigquery_sink_member: Creating... module.log_export_to_pubsub.google_logging_organization_sink.sink[0]: Creation complete after 1s [id=organizations/197381943134/sinks/sk-c-logging-pub] module.pubsub_destination.google_pubsub_topic_iam_member.pubsub_sink_member: Creating... module.log_export_to_storage.google_logging_organization_sink.sink[0]: Creation complete after 1s [id=organizations/197381943134/sinks/org_log_sink] module.storage_destination.google_storage_bucket_iam_member.storage_sink_member: Creating... module.pubsub_destination.google_pubsub_topic_iam_member.pubsub_sink_member: Creation complete after 4s [id=projects/guardrails-571e/topics/tp-org-logs-x633/roles/pubsub.publisher/serviceAccount:o197381943134-569230@gcp-sa-logging.iam.gserviceaccount.com] module.storage_destination.google_storage_bucket_iam_member.storage_sink_member: Creation complete after 4s [id=b/bkt-guardrails-571e-org-logs-x633/roles/storage.objectCreator/serviceAccount:o197381943134-611348@gcp-sa-logging.iam.gserviceaccount.com] module.bigquery_destination.google_project_iam_member.bigquery_sink_member: Creation complete after 7s [id=guardrails-571e/roles/bigquery.dataEditor/serviceAccount:o197381943134-076635@gcp-sa-logging.iam.gserviceaccount.com]

Apply complete! Resources: 6 added, 0 changed, 0 destroyed.

[fmichaelobrien]

see #24