From 3c926afddda8efeb67ebc6613488573aa7723ac0 Mon Sep 17 00:00:00 2001
From: Justin Brooks <jsbroks@gmail.com>
Date: Tue, 17 Sep 2024 23:05:20 -0400
Subject: [PATCH] fix: not applying the correct perms to cluster roles

---
 modules/helm_release/main.tf     | 8 ++++----
 modules/service_accounts/main.tf | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/helm_release/main.tf b/modules/helm_release/main.tf
index 69f779f..4aaa5cf 100644
--- a/modules/helm_release/main.tf
+++ b/modules/helm_release/main.tf
@@ -5,10 +5,10 @@ locals {
   }
 
   image_tags = {
-    "migrations.image.tag"         = "6e2185a",
-    "webservice.image.tag"         = "6e2185a",
-    "event-worker.image.tag"       = "6e2185a",
-    "job-policy-checker.image.tag" = "6e2185a",
+    "migrations.image.tag"         = "8cce786",
+    "webservice.image.tag"         = "8adc7da",
+    "event-worker.image.tag"       = "8cce786",
+    "job-policy-checker.image.tag" = "8cce786",
   }
 
   postgres_settings = {
diff --git a/modules/service_accounts/main.tf b/modules/service_accounts/main.tf
index e9d1626..0bf300b 100644
--- a/modules/service_accounts/main.tf
+++ b/modules/service_accounts/main.tf
@@ -22,7 +22,7 @@ locals {
 }
 
 resource "google_service_account_iam_member" "gke_workload_identity" {
-  for_each = toset(local.members)
+  for_each = { for idx, member in local.members : idx => member }
 
   service_account_id = google_service_account.gke.id
   role               = "roles/iam.workloadIdentityUser"
@@ -30,7 +30,7 @@ resource "google_service_account_iam_member" "gke_workload_identity" {
 }
 
 resource "google_project_iam_member" "gke_workload_sa_admin" {
-  for_each = toset(local.members)
+  for_each = { for idx, member in local.members : idx => member }
 
   project = local.project_id
   role    = "roles/iam.serviceAccountAdmin"
@@ -38,7 +38,7 @@ resource "google_project_iam_member" "gke_workload_sa_admin" {
 }
 
 resource "google_project_iam_member" "gke_workload_sa_user" {
-  for_each = toset(local.members)
+  for_each = { for idx, member in local.members : idx => member }
 
   project = local.project_id
   role    = "roles/iam.serviceAccountUser"
@@ -46,7 +46,7 @@ resource "google_project_iam_member" "gke_workload_sa_user" {
 }
 
 resource "google_project_iam_member" "gke_workload_sa_token_creator" {
-  for_each = toset(local.members)
+  for_each = { for idx, member in local.members : idx => member }
 
   project = local.project_id
   role    = "roles/iam.serviceAccountTokenCreator"