# Copyright 2018 Google Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. {% set domain = env['project'].split(':') %} {% if domain|length >1 %} {% set projectName = domain[1] + '.' + domain[0] %} {% else %} {% set projectName = domain[0] %} {% endif %} resources: #- type: iam.v1.serviceAccount - type: gcp-types/iam-v1:projects.serviceAccounts name: {{ env['name'] }} properties: accountId: tarrito-{{ properties['accountIdSuffix'] }} displayName: {{ properties['displayName'] }} accessControl: gcpIamPolicy: bindings: - role: roles/editor members: - "serviceAccount:tarrito-{{ properties['accountIdSuffix'] }}@{{ projectName }}.iam.gserviceaccount.com" #- type: iam.v1.serviceAccounts.key - type: gcp-types/iam-v1:projects.serviceAccounts.keys name: test-account-key properties: parent: $(ref.{{ env['name'] }}.name) privateKeyType: TYPE_GOOGLE_CREDENTIALS_FILE