project-iam
Config Connector compatible YAML files to grant a role for a member in a project.
Download the package using kpt:
kpt pkg get https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit.git/config-connector/solutions/iam/kpt/project-iam project-iam
- A working Config Connector cluster using "cnrm-system" service account
that has the
roles/resourcemanager.projectIamAdminrole in your desired project (it doesn't need to be the project managed by Config Connector). - The project managed by Config Connector has Cloud Resource Manager API enabled.
| NAME | VALUE | SET BY | DESCRIPTION | COUNT |
|---|---|---|---|---|
| member | ${IAM_MEMBER?} | PLACEHOLDER | IAM member to grant role | 1 |
| project-id | ${PROJECT_ID?} | PLACEHOLDER | ID of project | 1 |
| role | roles/logging.viewer | package-default | IAM role to grant | 1 |
Setters marked as PLACEHOLDER are required. Set them using kpt:
kpt cfg set . member user:name@example.com
kpt cfg set . project-id your-project
Optionally set the role to grant in the same manner.
Once the configuration is satisfactory, apply the YAML:
kubectl apply -f .
Apache 2.0 - See LICENSE for more information.