feat: Add support for granting permissions to apache kafka service agent (#960)

derhally · web-flow · commit 38e55a46ccf5 · 2024-12-03T12:28:27.000-06:00
diff --git a/modules/shared_vpc_access/main.tf b/modules/shared_vpc_access/main.tf
@@ -58,6 +58,10 @@ locals {
       service_account = format("service-%s@gcp-sa-networkconnectivity.iam.gserviceaccount.com", local.service_project_number)
       role            = "roles/compute.networkUser"
     }
+    "managedkafka.googleapis.com" : {
+      service_account = format("service-%s@gcp-sa-managedkafka.iam.gserviceaccount.com", local.service_project_number)
+      role            = "roles/managedkafka.serviceAgent"
+    }
   }
   gke_shared_vpc_enabled        = contains(var.active_apis, "container.googleapis.com")
   composer_shared_vpc_enabled   = contains(var.active_apis, "composer.googleapis.com")

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,10 @@ locals {`
`58`	`58`	`service_account = format("service-%s@gcp-sa-networkconnectivity.iam.gserviceaccount.com", local.service_project_number)`
`59`	`59`	`role = "roles/compute.networkUser"`
`60`	`60`	`}`
	`61`	`+ "managedkafka.googleapis.com" : {`
	`62`	`+ service_account = format("service-%s@gcp-sa-managedkafka.iam.gserviceaccount.com", local.service_project_number)`
	`63`	`+ role = "roles/managedkafka.serviceAgent"`
	`64`	`+ }`
`61`	`65`	`}`
`62`	`66`	`gke_shared_vpc_enabled = contains(var.active_apis, "container.googleapis.com")`
`63`	`67`	`composer_shared_vpc_enabled = contains(var.active_apis, "composer.googleapis.com")`