From dd9e2311ae72a3874b5f5869992c95e6f40813f2 Mon Sep 17 00:00:00 2001
From: Rostislav_Dublin <Rostislav_Dublin@epam.com>
Date: Mon, 6 Dec 2021 19:48:20 +0300
Subject: [PATCH] README supplemented with SA IAM roles requirements

---
 provider/notification-gcp/README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/provider/notification-gcp/README.md b/provider/notification-gcp/README.md
index 9b8c66c14..1e8305f0b 100644
--- a/provider/notification-gcp/README.md
+++ b/provider/notification-gcp/README.md
@@ -88,6 +88,16 @@ Most of them are common to all hosting environments, but there are properties th
 | `APP_PROJECT` | ex `opendes` | Google Cloud Project Id | no | output of infrastructure deployment |
 | `APP_AUDIENCES` | ex `*****.apps.googleusercontent.com` | Client ID for getting access to cloud resources | yes | https://console.cloud.google.com/apis/credentials |
 
+##### service account IAM roles
+Also, the following IAM roles should be assigned to the service's Google service account (SA)
+
+| IAM role | The purpose                                                                   |
+|----------|-------------------------------------------------------------------------------|
+| Service Account Token Creator | To write yourself JWT for requesting neighbor microservices                   |
+| Pub/Sub Editor | To fetch available PubSub topics and subscriptions and be able to create them |
+
+
+
 **System Environment required to run service**
 
 | name | value | description | sensitive? | source |
-- 
GitLab