From 2acb411a1aca6c52e04002fa0dc1a4d773c71978 Mon Sep 17 00:00:00 2001
From: lmcnatt <85642387+lucymcnatt@users.noreply.github.com>
Date: Thu, 7 Nov 2024 09:02:48 -0500
Subject: [PATCH] [AN-181] Give default compute SA the secretAccessor role

---
 .../buffer/service/resource/flight/CreateGkeDefaultSAStep.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/bio/terra/buffer/service/resource/flight/CreateGkeDefaultSAStep.java b/src/main/java/bio/terra/buffer/service/resource/flight/CreateGkeDefaultSAStep.java
index 07276a28..65c1a92d 100644
--- a/src/main/java/bio/terra/buffer/service/resource/flight/CreateGkeDefaultSAStep.java
+++ b/src/main/java/bio/terra/buffer/service/resource/flight/CreateGkeDefaultSAStep.java
@@ -39,7 +39,8 @@ public class CreateGkeDefaultSAStep implements Step {
           "roles/logging.logWriter",
           "roles/monitoring.metricWriter",
           "roles/monitoring.viewer",
-          "roles/stackdriver.resourceMetadata.writer");
+          "roles/stackdriver.resourceMetadata.writer",
+          "roles/secretmanager.secretAccessor");
 
   private final Logger logger = LoggerFactory.getLogger(CreateGkeDefaultSAStep.class);
   private final IamCow iamCow;