From fe095b98644a816415ff4831bee680281cca9f41 Mon Sep 17 00:00:00 2001
From: bendnorman <bdn29@cornell.edu>
Date: Wed, 11 Sep 2024 10:40:39 -0800
Subject: [PATCH] Give pudl usage metrics etl service account permission to
 read from archive bucket and list buckets, previous commit was missing a role

---
 terraform/main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/terraform/main.tf b/terraform/main.tf
index 4778108ce7..e5406b9821 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -426,8 +426,9 @@ resource "google_storage_bucket_iam_member" "usage_metrics_archiver_gcs_iam" {
 }
 
 resource "google_storage_bucket_iam_member" "usage_metrics_etl_gcs_iam" {
+  for_each = toset(["roles/storage.legacyBucketReader", "roles/storage.objectViewer"])
 
   bucket = google_storage_bucket.pudl_usage_metrics_archive_bucket.name
-  role = "roles/storage.legacyBucketReader"
+  role = each.key
   member = "serviceAccount:pudl-usage-metrics-etl@catalyst-cooperative-pudl.iam.gserviceaccount.com"
 }