From e249c37d0e734d0620ad1bea15f376d00f21d255 Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Fri, 16 Aug 2024 13:02:20 +0100
Subject: [PATCH] Spanner IAM

---
 deployment/modules/example-gcp/main.tf | 13 +++++++++----
 deployment/modules/gcp/main.tf         |  2 +-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/deployment/modules/example-gcp/main.tf b/deployment/modules/example-gcp/main.tf
index e1857e249..e498ea021 100644
--- a/deployment/modules/example-gcp/main.tf
+++ b/deployment/modules/example-gcp/main.tf
@@ -29,10 +29,15 @@ resource "google_project_iam_member" "iam_metrics_writer" {
   role    = "roles/monitoring.metricWriter"
   member  = "serviceAccount:${google_service_account.cloudrun_service_account.email}"
 }
-resource "google_project_iam_member" "iam_spanner_database_user" {
-  project = var.project_id
-  role    = "roles/spanner.databaseUser"
-  member  = "serviceAccount:${google_service_account.cloudrun_service_account.email}"
+resource "google_spanner_database_iam_binding" "iam_spanner_database_user" {
+  project  = var.project_id
+  instance = module.gcp.log_spanner.name
+  database = module.gcp.log_db.name
+  role     = "roles/spanner.databaseUser"
+
+  members = [
+    "serviceAccount:${google_service_account.cloudrun_service_account.email}"
+  ]
 }
 resource "google_project_iam_member" "iam_service_agent" {
   project = var.project_id
diff --git a/deployment/modules/gcp/main.tf b/deployment/modules/gcp/main.tf
index 53240c7fe..8b3042ade 100644
--- a/deployment/modules/gcp/main.tf
+++ b/deployment/modules/gcp/main.tf
@@ -48,7 +48,7 @@ resource "google_storage_bucket_iam_binding" "log_bucket_writer" {
 resource "google_spanner_instance" "log_spanner" {
   name             = var.base_name
   config           = "regional-${var.location}"
-  display_name     = "${var.base_name} Spanner Instance"
+  display_name     = var.base_name
   processing_units = 100
 }