From 4c5809c8a5c05b84bc08e9f8581305be17d4131b Mon Sep 17 00:00:00 2001
From: Jeremy Wall <jeremy@marzhillstudios.com>
Date: Mon, 30 Nov 2020 15:56:38 -0500
Subject: [PATCH] give publish access to the service account

---
 src/gcloud/buckets.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/gcloud/buckets.yaml b/src/gcloud/buckets.yaml
index ce4c3186..9b6c9ce3 100644
--- a/src/gcloud/buckets.yaml
+++ b/src/gcloud/buckets.yaml
@@ -38,6 +38,12 @@ resources:
       defaultObjectAcl:
         - entity: allUsers
           role: READER
+      accessControl:
+        gcpIamPolicy:
+          bindings:
+            - role: roles/dynamicbible_publish
+              members:
+                - "serviceAccount:$(ref.gitlab-service-account.email)"
   - name: gitlab-service-account
     type: iam.v1.serviceAccount
     properties: