google-cloud-platform terraform-provider-gcp

finding out what HCL literals GCP roles map to

I have the following code:

resource "google_project_iam_binding" "px_kubernetes_engine_cluster_viewer" {
    project = var.project_id
    role    = "roles/kubernetesEngineCluster.viewer"
    members = [
        "serviceAccount:${google_service_account.px.email}",
    ]
}

My aim is to assign the Kubernetes Engine Cluster viewer role to a service account, however, whatever string literal represents this and I have tried: "roles/kubernetesEngineCluster.viewer" and "roles/kubernetesEngineClusterViewer" without success, the GCP provider does not like this.

How can I find out what Kubernetes Engine Cluster viewer maps to in HCL ?

Solution

The role is roles/container.clusterViewer.

The HCL supports the same definitions that Google Cloud IAM uses. For Kubernetes they are here:

Predefined GKE Roles

The CLI can list all predefined roles:

gcloud iam roles list

Bash Indirect expansion doesn't seem to work in cloud build bash scripts?
How do I list all the top-level folders in given GCS bucket?
Trigger Google Cloud Build with Google Cloud Scheduler periodically
Google Cloud Functions - ImportError: cannot import name 'InvalidKeyError' from 'jwt.exceptions'
GCP - User ... does not have permission to access projects instance
Google Cloud Compute Engine refusing connections despite firewall rule
How to I return JSON from a Google Cloud Function
Making Exact Copy of Server Google Cloud
How to drop multiple tables in Big query using Wildcards TABLE_DATE_RANGE()?
firebase, linkWithCredential to add new auth provider to an Account
.NET Core Blazor Server cannot access to Cloud SQL in Cloud Run
Google Compute Engine and ADC Application Default Credentials
Is there a way to connect cloud firestore to realtime database using Cloud functions?
Pyspark on GCP Dataproc - Partial reading of data for gzip encoded Cloud Storage files
How to use GitHub immutable values (IDs) in Attribute Conditions?
Cannot find the id using Firebase Firestore Database - Android kotlin
_CHANGE_TYPE not working when streaming Google Big Query rows from Pub/Sub
Realtime database `onValueWritten` event does not trigger in emulator
Error 400: invalid_scope with Postman and Google OAuth2
Firebase Firestore REST Request - Query and Filter
`IAM_PERMISSION_DENIED` on a deployed service on GCP, but no errors on localhost
Error 400 invalid JSON Payload Unknown name generationConfig on an AI API Curl command
Restricting usage for an Android key for a Google API
Google Cloud Function The request was aborted because there was no available instance
How to properly create URL Masking for Cloud Functions to create a NEG?
Deploying an Angular app on Google Cloud with minimal costs
Cloud Run For Anthos With Terraform
How to delete a key:value pair from Firebase map?
Flagging a row in new column based on conditions on previous and current rows
Cant access Firebase Admin SDK via Node.js on my VPS, but I can on my local machine