Created
June 19, 2018 17:16
-
-
Save christianklotz/9a0ee3b20a8fe3d4cc3bfe7aacddeddd to your computer and use it in GitHub Desktop.
Google Cloud Deployment Manager template creating bucket with custom service account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resources: | |
# Bucket to hold all asset | |
- name: {{ properties['bucket-prefix'] }}-assets | |
type: storage.v1.bucket | |
accessControl: | |
gcpIamPolicy: | |
bindings: | |
- role: roles/storage.objectAdmin | |
members: | |
- serviceAccount:$(ref.service-account.email) | |
- name: service-account | |
type: iam.v1.serviceAccount | |
properties: | |
accountId: {{ properties['service-account-name'] }} | |
displayName: {{ properties['service-account-display-name'] }} | |
- name: service-account-key | |
type: iam.v1.serviceAccounts.key | |
properties: | |
# By using a reference to the service account resource, this key becomes | |
# dependent on the resource and Deployment Manager won't create it until | |
# after the service account is created. | |
parent: $(ref.service-account.name) | |
privateKeyType: TYPE_GOOGLE_CREDENTIALS_FILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment