Support referencing Google-managed service accounts in memberFrom.serviceAccountRef fields #722
Closed
3 tasks done
Labels
enhancement
New feature or request
Checklist
Describe the feature or resource
Would be awesome to be able reference Google-managed service accounts in IAM resources.
for example, if i add a PubSubTopic and use a Customer Managed Encryption key on it, I would like to add a IAMMemberPolicy that just refrences the google managed account so I dont need to hardcode a project number in it.
serviceAccount:service-{PROJECT_NUMBER}@gcp-sa-pubsub.iam.gserviceaccount.com
How this could work:
And that would add
serviceAccount:service-{PROJECT_NUMBER}@gcp-sa-pubsub.iam.gserviceaccount.com
to it automatically without hardcoding the project numberAdditional information
https://cloud.google.com/iam/docs/service-agents
gcloud storage service-agent --project=PROJECT_IDENTIFIER
Importance
Will become a blocker as currently in TF i can use a data source to grab thee default service Accounts.
The text was updated successfully, but these errors were encountered: