terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

add kms permission for boot disk

Open sebaverac opened this issue 1 year ago • 1 comments

TL;DR

kms boot disk requires kms permissions

Terraform Resources

#sa.tf
resource "google_project_iam_member" "cluster_service_account-kms-operations" {
  for_each = var.create_service_account && var.grant_kms_access ? toset(local.registry_projects_list) : []
  project  = each.key
  role     = "roles/cloudkms.cryptoKeyDecrypter"
  member   = "serviceAccount:${google_service_account.cluster_service_account[0].email}"
}
#variables.tf
variable "grant_kms_access" {
  type        = bool
  description = "Grants created cluster-specific service account Cloud KMS resources for decrypt operations only."
  default     = false
}

Detailed design

No response

Additional information

No response

sebaverac avatar Jan 20 '24 12:01 sebaverac

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Mar 20 '24 23:03 github-actions[bot]