chore: add service account to tf script and move script

bcgov · Jan 8, 2024 · 904f6e4 · 904f6e4
1 parent 1174481
commit 904f6e4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -32,3 +32,12 @@ resource "google_storage_bucket" "bucket" {
   name = "${var.openshift_namespace}-${each.value}"
   location = local.region
 }
+
+# Create GCP service accounts for each GCS bucket
+resource "google_service_account" "account" {
+  for_each     = { for v in var.apps : v => v }
+  account_id   = "sa-${var.openshift_namespace}-${each.value}"
+  display_name = "${var.openshift_namespace}-${each.value} Service Account"
+  depends_on   = [google_storage_bucket.bucket]
+}
+
diff --git a/terraform/tf-migration.sh b/terraform/tf-migration.sh
@@ -3,7 +3,7 @@ SOURCE_STATE_PATH="./temp-state/tfcloud.tfstate"
 TARGET_STATE_PATH="./temp-state/local.tfstate"
 
 NAMESPACE="c53ff1-dev"
-declare -a PATHS=("google_storage_bucket.bucket")
+declare -a PATHS=("google_storage_bucket.bucket" "google_service_account.account")
 declare -a APPS=("cif-documents" "cif-backups")
 
 for path in "${PATHS[@]}"; do