Reduced IAM Policy Role scope to minimal storageAdmin role

davidz627 · davidz627 · commit 8e7a639e57bb · 2018-06-21T10:26:36.000-07:00
diff --git a/deploy/setup-project.sh b/deploy/setup-project.sh
@@ -13,5 +13,4 @@ gcloud iam service-accounts delete "${IAM_NAME}" --quiet
 # Create new Service Account and Keys
 gcloud iam service-accounts create "${GCEPD_SA_NAME}"
 gcloud iam service-accounts keys create "${SA_FILE}" --iam-account "${IAM_NAME}"
-# TODO: Reduce scope of role to only what it necessary when cloud IAM fixes bugs.
-gcloud projects add-iam-policy-binding "${PROJECT}" --member serviceAccount:"${IAM_NAME}" --role roles/owner
+gcloud projects add-iam-policy-binding "${PROJECT}" --member serviceAccount:"${IAM_NAME}" --role roles/compute.storageAdmin
