Removes org browser role, adds compute viewe role

amandakarina · amandakarina · commit 121d53fffa3e · 2025-04-29T11:28:12.000-03:00
diff --git a/4-appfactory/modules/app-group-baseline/main.tf b/4-appfactory/modules/app-group-baseline/main.tf
@@ -27,7 +27,8 @@ locals {
         "roles/storage.admin", "roles/iam.serviceAccountAdmin",
         "roles/artifactregistry.admin", "roles/clouddeploy.admin",
         "roles/cloudbuild.builds.editor", "roles/resourcemanager.projectIamAdmin",
-        "roles/iam.serviceAccountUser", "roles/source.admin", "roles/cloudbuild.connectionAdmin"
+        "roles/iam.serviceAccountUser", "roles/source.admin", "roles/cloudbuild.connectionAdmin",
+        "roles/compute.viewer"
       ]
     } },
     {
@@ -253,13 +254,6 @@ resource "google_service_account_iam_member" "account_access" {
   member             = "serviceAccount:${reverse(split("/", module.tf_cloudbuild_workspace.cloudbuild_sa))[0]}"
 }
 
-resource "google_organization_iam_member" "builder_organization_browser" {
-  for_each = toset(local.org_ids)
-  member   = "serviceAccount:${reverse(split("/", module.tf_cloudbuild_workspace.cloudbuild_sa))[0]}"
-  org_id   = each.value
-  role     = "roles/browser"
-}
-
 // Create infra project
 module "app_infra_project" {
   source   = "terraform-google-modules/project-factory/google"
