From 40f10963bcc47653353a976a77971fe4bb5e6743 Mon Sep 17 00:00:00 2001
From: Aurora <aurora.delrioperez@nandos.co.uk>
Date: Thu, 14 Sep 2023 15:34:37 +0200
Subject: [PATCH] feat(api): eventarc SAs

---
 gcp/cloud-run-v2/main.tf | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/gcp/cloud-run-v2/main.tf b/gcp/cloud-run-v2/main.tf
index 10a0c12..d89f59c 100644
--- a/gcp/cloud-run-v2/main.tf
+++ b/gcp/cloud-run-v2/main.tf
@@ -200,7 +200,6 @@ module "lb-http" {
   }
 }
 
-
 resource "google_eventarc_trigger" "default" {
   for_each = { for i, trigger in var.eventarc_triggers : i => trigger }
 
@@ -225,6 +224,26 @@ resource "google_eventarc_trigger" "default" {
   }
 }
 
+resource "google_project_iam_binding" "eventarc_cloud_run" {
+  count   = length(var.eventarc_triggers) > 0 && var.cloud_run_service_account != null && var.cloud_run_service_account != "" ? 1 : 0
+  project = var.project_id
+  role    = "roles/eventarc.eventReceiver"
+
+  members = [
+    "serviceAccount:${var.cloud_run_service_account}",
+  ]
+}
+
+resource "google_project_iam_binding" "eventarc_pubsub" {
+  count   = length(var.eventarc_triggers) > 0 ? 1 : 0
+  project = var.project_id
+  role    = "roles/iam.serviceAccountTokenCreator"
+
+  members = [
+    "serviceAccount:service-${var.project_id}@gcp-sa-pubsub.iam.gserviceaccount.com"
+  ]
+}
+
 # Cloud Build trigger configuration
 module "trigger_provision" {
   count           = var.create_trigger == true ? 1 : 0