fix: adding roles/storage.objectViewer and enabling library scanning …

…by default (#7)
lacework · Mar 9, 2022 · 6ea75eb · 6ea75eb
1 parent 9b3c05c
commit 6ea75eb
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/main.tf b/main.tf
@@ -39,20 +39,27 @@ resource "google_project_service" "required_apis_for_gar_integration" {
 }
 
 // Role(s) for a GAR integration
-resource "google_project_iam_member" "for_gar_integration" {
+resource "google_project_iam_member" "gar_reader" {
   project = local.project_id
   role    = "roles/artifactregistry.reader"
   member  = "serviceAccount:${local.service_account_json_key.client_email}"
 }
 
+resource "google_project_iam_member" "storage_reader" {
+  project = local.project_id
+  role    = "roles/storage.objectViewer"
+  member  = "serviceAccount:${local.service_account_json_key.client_email}"
+}
+
 # wait for X seconds for things to settle down in the GCP side
 # before trying to create the Lacework external integration
 resource "time_sleep" "wait_time" {
   create_duration = var.wait_time
   depends_on = [
     module.lacework_gar_svc_account,
     google_project_service.required_apis_for_gar_integration,
-    google_project_iam_member.for_gar_integration
+    google_project_iam_member.gar_reader,
+    google_project_iam_member.storage_reader
   ]
 }