terraform-google-modules / terraform-google-project-factory

Creates an opinionated Google Cloud project by using Shared VPC, IAM, and Google Cloud APIs
https://registry.terraform.io/modules/terraform-google-modules/project-factory/google
Apache License 2.0
835 stars 538 forks source link

fix: shared_vpc_access - Grant workstations.googleapi.com SA the networkUser role #874

Closed derhally closed 10 months ago

derhally commented 10 months ago

Update the shared_vpc_access module to grant the workstations.googleapis.com SA the appropriate network roles. It needs roles/compute.networkUser on the subnets being shared.

derhally commented 10 months ago

This is actually not correct. We had multiple updates going on and it seems like the workstations SA needs networkUser role on the whole project, not just the subnet