I have the following code:
resource "google_project_iam_binding" "px_kubernetes_engine_cluster_viewer" {
project = var.project_id
role = "roles/kubernetesEngineCluster.viewer"
members = [
"serviceAccount:${google_service_account.px.email}",
]
}
My aim is to assign the Kubernetes Engine Cluster viewer role to a service account, however, whatever string literal represents this and I have tried: "roles/kubernetesEngineCluster.viewer" and "roles/kubernetesEngineClusterViewer" without success, the GCP provider does not like this.
How can I find out what Kubernetes Engine Cluster viewer maps to in HCL ?
The role is roles/container.clusterViewer.
The HCL supports the same definitions that Google Cloud IAM uses. For Kubernetes they are here:
The CLI can list all predefined roles: