Bugfix/policyadminrole (#110)

* fix variable name * Added missing role for VPCSC setup (accesscontextmanager.policyAdmin)
GoogleCloudPlatform · Apr 27, 2020 · 53a01a5 · 53a01a5
1 parent 8e53a83
commit 53a01a5
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/_helpers/setup_service_account.sh b/_helpers/setup_service_account.sh
@@ -56,7 +56,12 @@ gcloud projects add-iam-policy-binding "${TF_ADMIN_PROJECT}" \
   --member "serviceAccount:terraform@${TF_ADMIN_PROJECT}.iam.gserviceaccount.com" \
   --role roles/storage.admin
 
-# resourcemanager.organizationAdmin
+# Add accesscontextmanager.policyAdmin
+gcloud organizations add-iam-policy-binding "${TF_VAR_org_id}" \
+  --member "serviceAccount:terraform@${TF_ADMIN_PROJECT}.iam.gserviceaccount.com" \
+  --role="roles/accesscontextmanager.policyAdmin"
+
+# Add resourcemanager.organizationAdmin
 gcloud organizations add-iam-policy-binding "${TF_VAR_org_id}" \
   --member "serviceAccount:terraform@${TF_ADMIN_PROJECT}.iam.gserviceaccount.com" \
   --role="roles/resourcemanager.organizationAdmin"