From d2d3fddad00ee174a3a3caac483f21bfe746ba7c Mon Sep 17 00:00:00 2001
From: Alex <8507196+Fructokinase@users.noreply.github.com>
Date: Fri, 20 Jan 2023 17:54:34 -0800
Subject: [PATCH] [Custom DC] fix more permissions and file name errors (#180)

Co-authored-by: Alex Chen <alexyfchen@google.com>
---
 bigtable_automation/terraform/main.tf | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/bigtable_automation/terraform/main.tf b/bigtable_automation/terraform/main.tf
index 896155d7..065bde59 100644
--- a/bigtable_automation/terraform/main.tf
+++ b/bigtable_automation/terraform/main.tf
@@ -47,7 +47,7 @@ data "archive_file" "bt_automation_go_source" {
 # Upload zipped go source. Consumed by gcf.
 resource "google_storage_bucket_object" "bt_automation_archieve" {
     # Relative path in the resource bucket to upload the archieve.
-    name   = "cloud_functions/bt_automation_go_source_${data.archive_file.bt_automation_go_source.output_base64sha256}.zip"
+    name   = "cloud_functions/bt_automation_go_source_${data.archive_file.bt_automation_go_source.output_md5}.zip"
     source = "${path.module}/source/bt_automation_go_source.zip"
     bucket = var.dc_resource_bucket
 
@@ -123,3 +123,14 @@ resource "google_project_iam_member" "dataflow_worker_iam" {
   member  = "serviceAccount:${data.google_compute_default_service_account.default.email}"
   project = var.project_id
 }
+
+# Permissions needed to communicate with graph processor.
+resource "google_project_iam_member" "bt_automation_iam" {
+  for_each = toset([
+    "roles/pubsub.editor",
+    "roles/storage.admin"
+  ])
+  role    = each.key
+  member  = "serviceAccount:datcom@system.gserviceaccount.com"
+  project = var.project_id
+}