From d8a30520432f4bc364ad33e9b64ebf89953642f0 Mon Sep 17 00:00:00 2001
From: XPA <xpadev@gmail.com>
Date: Mon, 29 Apr 2024 12:38:16 +0900
Subject: [PATCH 1/3] fix: add permission to update pod status

---
 terraform/iam/iam.tf  | 7 +++++++
 terraform/iam/role.tf | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/terraform/iam/iam.tf b/terraform/iam/iam.tf
index 192b90f..d47b12d 100644
--- a/terraform/iam/iam.tf
+++ b/terraform/iam/iam.tf
@@ -122,3 +122,10 @@ resource "google_project_iam_binding" "secret-manager" {
     "serviceAccount:${google_service_account.wi-secret-mattermost-primary.email}",
   ]
 }
+
+resource "google_project_iam_binding" "pod_status_updater_binding" {
+  role = google_project_iam_custom_role.pod_status_updater.id
+  members = [
+    "serviceAccount:${google_service_account.wi-mattermost-primary.email}",
+  ]
+}
diff --git a/terraform/iam/role.tf b/terraform/iam/role.tf
index 405e143..86a6ab3 100644
--- a/terraform/iam/role.tf
+++ b/terraform/iam/role.tf
@@ -28,3 +28,10 @@ resource "google_project_iam_custom_role" "tfplanner" {
     "dns.responsePolicyRules.list",
   ]
 }
+
+resource "google_project_iam_custom_role" "pod_status_updater" {
+  role_id     = "podStatusUpdater"
+  title       = "Pod Status Updater"
+  description = "Allows updating pod status"
+  permissions = ["container.pods.updateStatus"]
+}

From e700debc07c29a9d6751a21d87e83d65fe7eabe8 Mon Sep 17 00:00:00 2001
From: XPA <xpadev@gmail.com>
Date: Mon, 29 Apr 2024 12:40:55 +0900
Subject: [PATCH 2/3] fix: add missing property

---
 terraform/iam/iam.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/terraform/iam/iam.tf b/terraform/iam/iam.tf
index d47b12d..ce07d5c 100644
--- a/terraform/iam/iam.tf
+++ b/terraform/iam/iam.tf
@@ -124,6 +124,7 @@ resource "google_project_iam_binding" "secret-manager" {
 }
 
 resource "google_project_iam_binding" "pod_status_updater_binding" {
+  project = "mitou-jr"
   role = google_project_iam_custom_role.pod_status_updater.id
   members = [
     "serviceAccount:${google_service_account.wi-mattermost-primary.email}",

From 5cc50c0f7dc5417e4655c950f96f71f527e92674 Mon Sep 17 00:00:00 2001
From: XPA <xpadev@gmail.com>
Date: Mon, 29 Apr 2024 12:43:10 +0900
Subject: [PATCH 3/3] fix: format

---
 terraform/iam/iam.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/iam/iam.tf b/terraform/iam/iam.tf
index ce07d5c..d0768c8 100644
--- a/terraform/iam/iam.tf
+++ b/terraform/iam/iam.tf
@@ -125,7 +125,7 @@ resource "google_project_iam_binding" "secret-manager" {
 
 resource "google_project_iam_binding" "pod_status_updater_binding" {
   project = "mitou-jr"
-  role = google_project_iam_custom_role.pod_status_updater.id
+  role    = google_project_iam_custom_role.pod_status_updater.id
   members = [
     "serviceAccount:${google_service_account.wi-mattermost-primary.email}",
   ]