Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GCP permissions needed not listed #36

Open
anEXPer opened this issue Apr 27, 2021 · 4 comments
Open

GCP permissions needed not listed #36

anEXPer opened this issue Apr 27, 2021 · 4 comments

Comments

@anEXPer
Copy link
Contributor

anEXPer commented Apr 27, 2021

Describe the bug
An unintuitive permission is necessary for the GCP upgrade process:

compute.images.delete.

This is included in "Compute Instance Admin (v1)" - compute.instanceAdmin - which the Ops Manager docs list as required. This is likely the only required permission for the Ops Manager VM and image management parts of Platform Automation; others may be necessary depending on blob store selection.

Currently, the Platform Automation docs don't list necessary permission prerequisites on GCP at all. They should! Not sure exactly where, yet.

The Paving repo docs list permissions necessary for setup of environments, which includes instanceAdmin:

https://github.com/pivotal/paving/tree/master/gcp

Those permissions are broader than what PA requires, but cover the additional permissions necessary to setup the envs Paving operates in, so may also be of interest.

@cf-gitbot
Copy link
Collaborator

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

@jaristiz
Copy link
Contributor

jaristiz commented Sep 8, 2021

Hey @anEXPer,

Have you gotten feedback from customers about this issue, and what would be the consequence of setting this as a low priority work?

@jaristiz
Copy link
Contributor

Hi @cf-gitbot ,

I've checked the permissions listed at https://github.com/pivotal/paving/tree/master/gcp, and am planning of adding those permissions to the README.md, and add the mentioned missing permission.

Do you consider we should add/remove anything else?

Regards.

@anEXPer
Copy link
Contributor Author

anEXPer commented Jan 4, 2022

I think that's fine. Sorry I missed your earlier question about this! We did get feedback from customers, just that they had a problem and wouldn't have hit it if they'd known in advance what the permissions needed to be. Well. One customer. Anyway, this is fine, and having it relatively low priority was appropriate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants