Open umairidris opened 4 years ago
rjerrems
commented
4 years ago Yeah historically this module actually did this, but it introduced some flakiness at the time which would cause project creation to fail. I would be happy to accept a PR that sets this to something like the org_admins group if you are able to get it working consistently
umairidris
commented
4 years ago Do you have some insights into the type of flakiness? I have used project_iam_binding for this, as long as the user is in the new owners group they should continue to have access but I don't know if there are some issues with this approach.
rjerrems
commented
4 years ago Yeah its been quite a while since I last did this, so its possible that its a non-issue now. Given its a small change perhaps we try adding it and running through the test suite a few times?
morgante
commented
4 years ago iam_binding should work.
When creating a GCP project the creating user is granted owner access to the project. Given this module will likely be called by a human, a human will have owner access to the seed project.
Thus, we should consider adding an iam_binding to transfer roles/owner to a central group.