Fix terraform config for metrics writing IAM roles

nielm · Dec 5, 2023 · ce5ce4b · ce5ce4b
1 parent ec239da
commit ce5ce4b
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 16 deletions.
diff --git a/terraform/modules/autoscaler-base/main.tf b/terraform/modules/autoscaler-base/main.tf
@@ -50,15 +50,3 @@ resource "google_pubsub_schema" "scaler_downstream_pubsub_schema" {
   type = "PROTOCOL_BUFFER"
   definition = "${file("${path.module}/../../../src/scaler/scaler-core/downstream.schema.proto")}"
 }
-
-resource "google_project_iam_member" "scaler_metrics_publisher_iam" {
-  project = var.project_id
-  role    = "roles/monitoring.metricWriter"
-  member  = "serviceAccount:${var.scaler_sa.email}"
-}
-
-resource "google_project_iam_member" "scaler_metrics_publisher_iam" {
-  project = var.project_id
-  role    = "roles/monitoring.metricWriter"
-  member  = "serviceAccount:${var.poller_sa.email}"
-}
diff --git a/terraform/modules/autoscaler-cluster/main.tf b/terraform/modules/autoscaler-cluster/main.tf
@@ -31,11 +31,16 @@ resource "google_project_iam_member" "cluster_iam_logginglogwriter" {
   role    = "roles/logging.logWriter"
   member  = "serviceAccount:${google_service_account.service_account.email}"
 }
+resource "google_project_iam_member" "metrics_publisher_iam_poller" {
+  project = var.project_id
+  role    = "roles/monitoring.metricWriter"
+  member  = "serviceAccount:${var.poller_sa_email}"
+}
 
-resource "google_project_iam_member" "cluster_iam_monitoringmetricwriter" {
+resource "google_project_iam_member" "metrics_publisher_iam_scaler" {
   project = var.project_id
   role    = "roles/monitoring.metricWriter"
-  member  = "serviceAccount:${google_service_account.service_account.email}"
+  member  = "serviceAccount:${var.scaler_sa_email}"
 }
 
 resource "google_project_iam_member" "cluster_iam_monitoringviewer" {

diff --git a/terraform/modules/autoscaler-functions/main.tf b/terraform/modules/autoscaler-functions/main.tf
@@ -60,10 +60,16 @@ resource "google_pubsub_topic_iam_member" "scaler_pubsub_sub_iam" {
   member  = "serviceAccount:${var.scaler_sa_email}"
 }
 
-resource "google_project_iam_member" "scaler_metrics_publisher_iam" {
+resource "google_project_iam_member" "metrics_publisher_iam_poller" {
   project = var.project_id
   role    = "roles/monitoring.metricWriter"
-  member  = "serviceAccount:${google_service_account.scaler_sa.email}"
+  member  = "serviceAccount:${var.poller_sa_email}"
+}
+
+resource "google_project_iam_member" "metrics_publisher_iam_scaler" {
+  project = var.project_id
+  role    = "roles/monitoring.metricWriter"
+  member  = "serviceAccount:${var.scaler_sa_email}"
 }
 
 // Cloud Functions