folder-iam
Config Connector compatible YAML files to grant a specific member a role (default to roles/resourcemanager.folderEditor) to an existing folder.
Download the package using kpt:
kpt pkg get https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit.git/config-connector/solutions/iam/kpt/folder-iam folder-iam
- A working Config Connector instance using the "cnrm-system" service
account with the following role in the desired folder:
roles/resourcemanager.folderIamAdmin
- Cloud Resource Manager API enabled in the project where Config Connector is installed
Replace the ${FOLDER_ID?} with a folder ID you want to add member to:
kpt cfg set . folder-id VALUE
Replace the ${IAM_MEMBER?} with a GCP identity to grant role to:
kpt cfg set . iam-member VALUE
Optionally, you can also change the role granted to the member. (you can find all of the folder related IAM roles here):
kpt cfg set . role roles/resourcemanager.folderViewer
Apply the YAMLs:
kubectl apply -f .
Apache 2.0 - See LICENSE for more information.