From 38e55a46ccf5323b30a961230cd5eaeef8fc178d Mon Sep 17 00:00:00 2001
From: Zeid Derhally <derhally@gmail.com>
Date: Tue, 3 Dec 2024 13:28:27 -0500
Subject: [PATCH] feat: Add support for granting permissions to apache kafka
 service agent (#960)

---
 modules/shared_vpc_access/main.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/shared_vpc_access/main.tf b/modules/shared_vpc_access/main.tf
index 345d10e8..564664c0 100644
--- a/modules/shared_vpc_access/main.tf
+++ b/modules/shared_vpc_access/main.tf
@@ -58,6 +58,10 @@ locals {
       service_account = format("service-%s@gcp-sa-networkconnectivity.iam.gserviceaccount.com", local.service_project_number)
       role            = "roles/compute.networkUser"
     }
+    "managedkafka.googleapis.com" : {
+      service_account = format("service-%s@gcp-sa-managedkafka.iam.gserviceaccount.com", local.service_project_number)
+      role            = "roles/managedkafka.serviceAgent"
+    }
   }
   gke_shared_vpc_enabled        = contains(var.active_apis, "container.googleapis.com")
   composer_shared_vpc_enabled   = contains(var.active_apis, "composer.googleapis.com")