[GCP Provider] Missing List of Permission Requirements
Bug #1897841 reported by
Syed Mohammad Adnan Karim
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical Juju |
Triaged
|
Low
|
Unassigned | ||
Bug Description
[Problem]
The Juju docs states the roles of ‘Compute Instance Admin (v1)’ and ‘Compute Security Admin’ are sufficient for service accounts on GCP to bootstrap controllers and create instances. The problem is that enterprises have various security concerns and may not be able to provide all the permissions offered to Compute Instance Admin (v1) and Compute Security Admin. It would be beneficial to maintain a list of minimum permissions required by juju service accounts to be able to bootstrap controllers and create instances on GCP. This would enable enterprises to maintain finer grained control of juju on GCP.
I have narrowed down the list of permissions but it can probably be even shorter:
https:/
Revision history for this message
| Pen Gale (pengale) wrote | #1 |
| Changed in juju: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| tags: | added: gce-provider |
Revision history for this message
| Canonical Juju QA Bot (juju-qa-bot) wrote | #2 |
| Changed in juju: | |
| importance: | Wishlist → Low |
| tags: | added: expirebugs-bot |
To post a comment you must log in.
Marked wishlist and added to gce-provider tag.
Agree that this is important work to do. It should be prioritized and batched up w/ other GCE work.