From 4d3d40605255e5415b60f158e0245f8b81053c14 Mon Sep 17 00:00:00 2001
From: Andrew_C_Lee <105200856+andrew-c-lee@users.noreply.github.com>
Date: Tue, 9 Jan 2024 10:50:30 +0800
Subject: [PATCH] fix: gcp promote quarantine failed to add tag in scanning
 bucket

---
 post-scan-actions/gcp-python-promote-or-quarantine/main.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/post-scan-actions/gcp-python-promote-or-quarantine/main.tf b/post-scan-actions/gcp-python-promote-or-quarantine/main.tf
index af29affb..c66add72 100644
--- a/post-scan-actions/gcp-python-promote-or-quarantine/main.tf
+++ b/post-scan-actions/gcp-python-promote-or-quarantine/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     google = {
       source = "hashicorp/google"
-      version = "~> 4.0.0"
+      version = "~> 5.11.0"
     }
   }
 }
@@ -49,8 +49,10 @@ resource "google_project_iam_custom_role" "scanning_bucket_access_role" {
   permissions = var.promote_mode == "move" || var.quarantine_mode == "move" ? [
     "storage.objects.delete",
     "storage.objects.get",
+    "storage.objects.update"
   ] : [
     "storage.objects.get",
+    "storage.objects.update"
   ]
 }