Additional Permissions added to HC SA

ashwinsshetty · ashwinsshetty · commit 5a0c8fc4dffb · 2024-09-25T15:10:25.000Z
diff --git a/mmv1/templates/terraform/examples/healthcare_pipeline_job_mapping_recon_dest.tf.erb b/mmv1/templates/terraform/examples/healthcare_pipeline_job_mapping_recon_dest.tf.erb
@@ -1,3 +1,6 @@
+data "google_project" "project" {
+}
+
 resource "google_healthcare_pipeline_job" "recon" {
   name  = "<%= ctx[:vars]['recon_pipeline_name'] %>"
   location = "us-central1"
@@ -78,4 +81,10 @@ resource "google_storage_bucket_object" "merge_file" {
   name    = "merge.wstl"
   content = " "
   bucket  = google_storage_bucket.bucket.name
+}
+
+resource "google_storage_bucket_iam_member" "hsa" {
+    bucket = google_storage_bucket.bucket.name
+    role   = "roles/storage.objectUser"
+    member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
 }
diff --git a/mmv1/templates/terraform/examples/healthcare_pipeline_job_reconciliation.tf.erb b/mmv1/templates/terraform/examples/healthcare_pipeline_job_reconciliation.tf.erb
@@ -1,3 +1,6 @@
+data "google_project" "project" {
+}
+
 resource "google_healthcare_pipeline_job" "<%= ctx[:primary_resource_id] %>" {
   name  = "<%= ctx[:vars]['pipeline_name'] %>"
   location = "us-central1"
@@ -39,4 +42,10 @@ resource "google_storage_bucket_object" "merge_file" {
   name    = "merge.wstl"
   content = " "
   bucket  = google_storage_bucket.bucket.name
+}
+
+resource "google_storage_bucket_iam_member" "hsa" {
+    bucket = google_storage_bucket.bucket.name
+    role   = "roles/storage.objectUser"
+    member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
 }
diff --git a/mmv1/templates/terraform/examples/healthcare_pipeline_job_whistle_mapping.tf.erb b/mmv1/templates/terraform/examples/healthcare_pipeline_job_whistle_mapping.tf.erb
@@ -1,3 +1,6 @@
+data "google_project" "project" {
+}
+
 resource "google_healthcare_pipeline_job" "<%= ctx[:primary_resource_id] %>" {
   name  = "<%= ctx[:vars]['pipeline_name'] %>"
   location = "us-central1"
@@ -53,4 +56,10 @@ resource "google_storage_bucket_object" "mapping_file" {
   name    = "mapping.wstl"
   content = " "
   bucket  = google_storage_bucket.bucket.name
+}
+
+resource "google_storage_bucket_iam_member" "hsa" {
+    bucket = google_storage_bucket.bucket.name
+    role   = "roles/storage.objectUser"
+    member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
 }
