Indepth Google Cloud Platform
Each cloud provider is slightly different in its needs so in order to facilitate the requirements, it will be documented here as well.
An (service) account that has owner to the project you are trying to update. Google Cloud Platform requires this due to the fact that no other role can modify other IAM roles of another account (including your own).
There is no side affects if all account control is managed by terraform. Adding additional roles to a user may cause them to still exist in the project when the project plan says they have been removed.
The only way to solve this is to switch the underlying approach to manage roles but that causes a lot more issues than it solves for now.
Within the CI, you will need either an account to be logged in using gcloud or have a service account private key stored locally with:export GOOGLE_CLOUD_KEYFILE_JSON="path/to/service/account.json" set.
Then you'll need to download and upload the state files if you're not storing them as part of your forked project.
