From 3d39042a2aa0f62d45c892efeb652b9813051191 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Tue, 10 Oct 2023 07:57:13 -0400 Subject: [PATCH] add cloudProfiler role to rekor-sa (#779) Signed-off-by: Bob Callaway --- terraform/gcp/modules/rekor/service_accounts.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/terraform/gcp/modules/rekor/service_accounts.tf b/terraform/gcp/modules/rekor/service_accounts.tf index 1c5c6926a..cf02c4b79 100644 --- a/terraform/gcp/modules/rekor/service_accounts.tf +++ b/terraform/gcp/modules/rekor/service_accounts.tf @@ -41,3 +41,10 @@ resource "google_project_iam_member" "rekor_kms_member" { member = "serviceAccount:${google_service_account.rekor-sa.email}" depends_on = [google_service_account.rekor-sa] } + +resource "google_project_iam_member" "rekor_profiler_agent" { + project = var.project_id + role = "roles/cloudprofiler.agent" + member = "serviceAccount:${google_service_account.rekor-sa.email}" + depends_on = [google_service_account.rekor-sa] +}