From 854c3ac7d22a2c29da161b8ccb2f1e722c49fe96 Mon Sep 17 00:00:00 2001
From: Morgante Pell <morgantep@google.com>
Date: Wed, 15 Dec 2021 17:07:12 -0500
Subject: [PATCH] fix: grant roles/billing.viewer to the seed service account
 in helper.

---
 helpers/setup-sa.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/helpers/setup-sa.sh b/helpers/setup-sa.sh
index 4a6de17e..610c7fae 100755
--- a/helpers/setup-sa.sh
+++ b/helpers/setup-sa.sh
@@ -182,6 +182,14 @@ gcloud organizations add-iam-policy-binding \
   --role="roles/billing.user" \
   --user-output-enabled false
 
+# Grant roles/billing.viewer to the service account on the organization
+echo "Adding role roles/billing.viewer..."
+gcloud organizations add-iam-policy-binding \
+  "${ORG_ID}" \
+  --member="serviceAccount:${SA_ID}" \
+  --role="roles/billing.viewer" \
+  --user-output-enabled false
+
 # Grant roles/compute.xpnAdmin to the service account on the organization
 echo "Adding role roles/compute.xpnAdmin..."
 gcloud organizations add-iam-policy-binding \