From 7ae4c68d595612e72d333da2d92fd4e2c3c910f3 Mon Sep 17 00:00:00 2001
From: Etiene Dalcol <dalcol@etiene.net>
Date: Fri, 30 Aug 2019 09:50:35 +0100
Subject: [PATCH] Remove objectViewer from list of default service account
 roles

---
 modules/gke-service-account/main.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/gke-service-account/main.tf b/modules/gke-service-account/main.tf
index d8e8fc4..c8b1ac8 100644
--- a/modules/gke-service-account/main.tf
+++ b/modules/gke-service-account/main.tf
@@ -26,8 +26,7 @@ locals {
     "roles/logging.logWriter",
     "roles/monitoring.metricWriter",
     "roles/monitoring.viewer",
-    "roles/stackdriver.resourceMetadata.writer",
-    "roles/storage.objectViewer"
+    "roles/stackdriver.resourceMetadata.writer"
   ])
 }