Skip to content

Commit 8ec3421

Browse files
jimrightjimright
authored
Rearrange teardown tasks for GCP (#93)
Signed-off-by: Jim Enright <[email protected]>
1 parent 5c3b33b commit 8ec3421

File tree

2 files changed

+16
-16
lines changed

2 files changed

+16
-16
lines changed

roles/platform/tasks/teardown_gcp_authz.yml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -51,20 +51,6 @@
5151
project: "{{ plat__gcp_project }}"
5252
state: absent
5353

54-
- name: Tear down Operational GCP Service Accounts
55-
when: plat__teardown_deletes_roles
56-
loop_control:
57-
loop_var: __gcp_identity_item
58-
loop:
59-
- "{{ plat__gcp_log_identity_name }}"
60-
- "{{ plat__gcp_datalakeadmin_identity_name }}"
61-
- "{{ plat__gcp_ranger_audit_identity_name }}"
62-
- "{{ plat__gcp_idbroker_identity_name }}"
63-
google.cloud.gcp_iam_service_account:
64-
name: "{{ __gcp_identity_item }}@{{ plat__gcp_project }}.iam.gserviceaccount.com"
65-
project: "{{ plat__gcp_project }}"
66-
state: absent
67-
6854
- name: Tear down Operational GCP Service Accounts Policies
6955
when: plat__teardown_deletes_policies
7056
register: __gcp_service_account_teardown
@@ -118,4 +104,18 @@
118104
command: >
119105
gsutil iam
120106
ch -d {{ __gcp_pol_item.account |quote }}
121-
gs://{{ __gcp_pol_item.bucket |quote }}
107+
gs://{{ __gcp_pol_item.bucket |quote }}
108+
109+
- name: Tear down Operational GCP Service Accounts
110+
when: plat__teardown_deletes_roles
111+
loop_control:
112+
loop_var: __gcp_identity_item
113+
loop:
114+
- "{{ plat__gcp_log_identity_name }}"
115+
- "{{ plat__gcp_datalakeadmin_identity_name }}"
116+
- "{{ plat__gcp_ranger_audit_identity_name }}"
117+
- "{{ plat__gcp_idbroker_identity_name }}"
118+
google.cloud.gcp_iam_service_account:
119+
name: "{{ __gcp_identity_item }}@{{ plat__gcp_project }}.iam.gserviceaccount.com"
120+
project: "{{ plat__gcp_project }}"
121+
state: absent

roles/platform/vars/main.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ plat__gcp_roles:
2626
storage_admin: roles/storage.admin
2727
storage_object_admin: roles/storage.objectAdmin
2828
iam_workload_identity_user: roles/iam.workloadIdentityUser
29-
iam_service_account_user: roles/iam.workloadIdentityUser
29+
iam_service_account_user: roles/iam.serviceAccountUser
3030
iam_service_account_token_creator: roles/iam.serviceAccountTokenCreator
3131

3232
plat__cdp_iam_identities:

0 commit comments

Comments
 (0)