Add role storage.objectUser to loki-stack (allowing deletion) (#3159)

particuleio · Jan 6, 2025 · 976fd6f · 976fd6f
1 parent 206a497
commit 976fd6f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/modules/google/README.md b/modules/google/README.md
@@ -88,7 +88,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | [google_storage_bucket_iam_member.kube_prometheus_stack_thanos_bucket_objectAdmin_iam_permission](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.kube_prometheus_stack_thanos_bucket_objectViewer_iam_permission](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.loki-stack_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
-| [google_storage_bucket_iam_member.loki-stack_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.loki-stack_gcs_iam_objectUser_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos-receive-receive_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos-receive_compactor_gcs_iam_legacyBucketWriter_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos-receive_compactor_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |

diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
@@ -188,20 +188,20 @@ module "loki-stack_bucket" {
   }
 }
 
-resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectViewer_permissions" {
+resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectCreator_permissions" {
   count  = local.loki-stack["enabled"] ? 1 : 0
   bucket = local.loki-stack["bucket"]
-  role   = "roles/storage.objectViewer"
+  role   = "roles/storage.objectCreator"
   member = "serviceAccount:${module.iam_assumable_sa_loki-stack[0].gcp_service_account_email}"
   depends_on = [
     module.loki-stack_bucket
   ]
 }
 
-resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectCreator_permissions" {
+resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectUser_permissions" {
   count  = local.loki-stack["enabled"] ? 1 : 0
   bucket = local.loki-stack["bucket"]
-  role   = "roles/storage.objectCreator"
+  role   = "roles/storage.objectUser"
   member = "serviceAccount:${module.iam_assumable_sa_loki-stack[0].gcp_service_account_email}"
   depends_on = [
     module.loki-stack_bucket