Merge branch 'main' into release

modules/google/README.md

@@ -88,7 +88,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | [google_storage_bucket_iam_member.kube_prometheus_stack_thanos_bucket_objectAdmin_iam_permission](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.kube_prometheus_stack_thanos_bucket_objectViewer_iam_permission](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.loki-stack_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
-| [google_storage_bucket_iam_member.loki-stack_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.loki-stack_gcs_iam_objectUser_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos-receive-receive_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos-receive_compactor_gcs_iam_legacyBucketWriter_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos-receive_compactor_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |

modules/google/loki-stack.tf

@@ -188,20 +188,20 @@ module "loki-stack_bucket" {
   }
 }
 
-resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectViewer_permissions" {
+resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectCreator_permissions" {
   count  = local.loki-stack["enabled"] ? 1 : 0
   bucket = local.loki-stack["bucket"]
-  role   = "roles/storage.objectViewer"
+  role   = "roles/storage.objectCreator"
   member = "serviceAccount:${module.iam_assumable_sa_loki-stack[0].gcp_service_account_email}"
   depends_on = [
     module.loki-stack_bucket
   ]
 }
 
-resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectCreator_permissions" {
+resource "google_storage_bucket_iam_member" "loki-stack_gcs_iam_objectUser_permissions" {
   count  = local.loki-stack["enabled"] ? 1 : 0
   bucket = local.loki-stack["bucket"]
-  role   = "roles/storage.objectCreator"
+  role   = "roles/storage.objectUser"
   member = "serviceAccount:${module.iam_assumable_sa_loki-stack[0].gcp_service_account_email}"
   depends_on = [
     module.loki-stack_bucket

modules/google/velero.tf

@@ -64,7 +64,7 @@ VALUES
 }
 
 resource "google_project_iam_custom_role" "velero" {
-  count       = (local.velero["enabled"] && local.velero["create_iam_account"]) ? 1 : 0
+  count       = (local.velero["enabled"] && local.velero["create_iam_resources"]) ? 1 : 0
   role_id     = replace(local.velero["service_account_name"], "-", "_")
   title       = "${var.cluster-name} - velero"
   description = "IAM role used by velero on ${var.cluster-name} to perform backup operations"
@@ -89,7 +89,7 @@ resource "google_project_iam_custom_role" "velero" {
 }
 
 resource "google_project_iam_member" "velero" {
-  count   = (local.velero["enabled"] && local.velero["create_iam_account"]) ? 1 : 0
+  count   = (local.velero["enabled"] && local.velero["create_iam_resources"]) ? 1 : 0
   project = data.google_project.current.project_id
   role    = google_project_iam_custom_role.velero[0].id
   member  = "serviceAccount:${module.iam_assumable_sa_velero[0].gcp_service_account_email}"