adding invoker for all users

Author: damienjburks

terraform/main.tf

@@ -47,6 +47,7 @@ module "gcp_python_fastapi_pipeline" {
   region     = var.region
 
   cloudbuild_trigger_name = "gcp-python-fastapi"
+  service_name            = "gcp-python-fastapi-service"
   description             = "Cloud Build Trigger for GCP Python FastAPI"
   github_repo_name        = "gcp-python-fastapi"
   secret_id               = google_secret_manager_secret.snyk_token.secret_id

terraform/modules/pipelines/main.tf

@@ -21,6 +21,15 @@ resource "google_project_iam_member" "cloud_build_roles" {
   member  = "serviceAccount:${google_service_account.cloudbuild_service_account.email}"
 }
 
+resource "google_cloud_run_service_iam_member" "all_users_invoker" {
+  project  = var.project_id
+  location = var.region
+  service  = var.service_name
+
+  role   = "roles/run.invoker"
+  member = "allUsers"
+}
+
 resource "google_secret_manager_secret_iam_binding" "secret_manager_binding" {
   for_each = toset([
     "roles/secretmanager.secretAccessor",

terraform/modules/pipelines/variable.tf

@@ -3,6 +3,11 @@ variable "cloudbuild_trigger_name" {
   type        = string
 }
 
+variable "service_name" {
+  description = "Name of the Cloud Run service"
+  type        = string
+}
+
 variable "description" {
   description = "Description of the Cloud Build trigger"
   type        = string