Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup gcp identities used by oci-image-builder ado pipeline #11966

Open
1 task
dekiel opened this issue Sep 24, 2024 · 0 comments
Open
1 task

Cleanup gcp identities used by oci-image-builder ado pipeline #11966

dekiel opened this issue Sep 24, 2024 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@dekiel
Copy link
Contributor

dekiel commented Sep 24, 2024

Description
At present we have two service accounts representing oci-image-builder ado pipeline. One is defined in sap-kyma-prow project and second one is in kyma-project project. The oci-image-builder must use one and only one identity in our Google Cloud projects.

Reason
Two identities for the same workload may cause inappropriate permissions. It's easy to overlook second identity and do not adjust the permissions on both identities.

Having more than one identity makes oci-image-builder infrastructure more complex and error prone.

AC

  • oci-image-builder uses only one identity defined in sap-kyma-prow project.
@dekiel dekiel added the kind/bug Categorizes issue or PR as related to a bug. label Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dekiel