## Problem In https://gitlab.com/gitlab-com/gl-infra/production/-/issues/5740#note_707235844 we faced an issue where no one could access the Prometheus server behind IAP. This resulted into us having to manually add users in [`pre-prometheus`](https://console.cloud.google.com/security/iap?project=gitlab-pre), which worked. We also tried adding `gitlab.com` to that specific resource, however, we still get access defined, so we can only add specific users and not domains. Looking at the `gitlab-staging` `gitlab-produciton` and `gitlab-org-ci` they seem to have added this IAM policy on a project level rather than a resource level.  ## Proposal - [x] Manually add `gitlab.com` domain to project-level settings in `pre` to see if this fixes the problem. :point_right: https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/14434#note_707308992 - [x] Update https://ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/project to always add `roles/iap.httpsResourceAccessor` to the `gitlab.com` domain, similar to what is done in https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt/-/merge_requests/2498 - https://ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/project/-/merge_requests/57 - https://ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/project/-/merge_requests/58 - [x] Roll it out to existing projects - [x] `pre` :point_right: https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt/-/merge_requests/3130 - [x] `org-ci` :point_right: https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt/-/merge_requests/3131 - [x] `ops` and `gstg` :point_right: https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt/-/merge_requests/3132 - [x] `gprd` :point_right: https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt/-/merge_requests/3133