fix: removes multiorg latchkey principals

GoogleCloudPlatform · Oct 27, 2023 · b3ee912 · b3ee912
1 parent a79720a
commit b3ee912
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 28 deletions.
diff --git a/infra/terraform/test-org/org-iam-policy/.terraform.lock.hcl b/infra/terraform/test-org/org-iam-policy/.terraform.lock.hcl
diff --git a/infra/terraform/test-org/org-iam-policy/iam.tf b/infra/terraform/test-org/org-iam-policy/iam.tf
@@ -35,10 +35,8 @@ locals {
     "roles/resourcemanager.lienModifier" : ["serviceAccount:${local.project_cleaner}"],
     "roles/resourcemanager.organizationAdmin" : [
       "group:${local.cft_ci_group}",
-      "group:${local.gcp_admins_group_test}",
-      "serviceAccount:${data.google_secret_manager_secret_version.org-admin-sa.secret_data}",
+      "group:${local.gcp_admins_group_test}",      
     ],
-    "roles/iam.organizationRoleAdmin" : ["serviceAccount:${data.google_secret_manager_secret_version.org-role-admin-sa.secret_data}", ],
     "roles/resourcemanager.organizationViewer" : ["group:${local.cft_ci_group}"],
     "roles/resourcemanager.projectDeleter" : ["serviceAccount:${local.project_cleaner}"],
     "roles/owner" : ["group:${local.gcp_admins_group_test}", "serviceAccount:${local.project_cleaner}"],
@@ -68,16 +66,6 @@ locals {
   }
 }
 
-data "google_secret_manager_secret_version" "org-admin-sa" {
-  project = "cloud-foundation-cicd"
-  secret  = "org-admin-sa"
-}
-
-data "google_secret_manager_secret_version" "org-role-admin-sa" {
-  project = "cloud-foundation-cicd"
-  secret  = "org-role-admin-sa"
-}
-
 data "google_secret_manager_secret_version" "ba-admin-1" {
   project = "cloud-foundation-cicd"
   secret  = "ba-admin-1"

diff --git a/infra/terraform/test-org/org-iam-policy/versions.tf b/infra/terraform/test-org/org-iam-policy/versions.tf
@@ -18,7 +18,7 @@ terraform {
   required_version = ">= 1.4.4"
   required_providers {
     google = {
-      version = ">= 3.39, < 5.0"
+      version = ">= 3.39, < 6"
     }
   }
 }