resource "google_service_account" "account" {
  account_id    = "sa-${var.env_name}-${var.component_name}"
  display_name  = "Cloud Run Job Service Account for ${var.env_name} in ${var.component_name} environment"
  description   = "Cloud Run Job Service Account for ${var.env_name} in ${var.component_name} environment"
  project       = var.project_id
}

# Cloud FunctionのIAM設定
resource "google_cloudfunctions2_function_iam_member" "invoker" {
  project        = google_cloudfunctions2_function.function.project
  location       = google_cloudfunctions2_function.function.location
  cloud_function = google_cloudfunctions2_function.function.name
  role           = "roles/cloudfunctions.invoker"
  member         = "serviceAccount:${google_service_account.account.email}"
}

# Cloud Run ServiceのIAM設定
resource "google_cloud_run_service_iam_member" "cloud_run_invoker" {
  project  = google_cloudfunctions2_function.function.project
  location = google_cloudfunctions2_function.function.location
  service  = google_cloudfunctions2_function.function.name
  role     = "roles/run.invoker"
  member   = "serviceAccount:${google_service_account.account.email}"
}