-
Epic
-
Resolution: Done
-
Critical
-
None
-
GCP role enhancement
-
BU Product Work
-
False
-
False
-
Green
-
To Do
-
OCPSTRAT-243 - Custom roles for GCP Workload Identity
-
Impediment
-
OCPSTRAT-243Custom roles for GCP Workload Identity
-
0% To Do, 0% In Progress, 100% Done
-
XL
This Epic has been broken into two phases, CCO-285 completing the effort in 4.13
Epic Goal
- Request to build list of specific permissions to run openshift on GCP - Components grant roles, but we need more granularity - Custom roles now allow ability to do this compared to when permissions capabilities were originally written for GCP
Why is this important?
- Some of the service accounts that CCO creates, e.g. service account with role roles/iam.serviceAccountUser provides elevated permissions that are not required/used by the requesting OpenShift components. This is because we use predefined roles for GCP that come with bunch of additional permissions. The goal is to create custom roles with only the required permissions.
Scenarios
- ...
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- ...
Dependencies (internal and external)
- ...
Previous Work (Optional):
- …
Open questions::
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- blocks
-
CCO-285 GCP openshift role granularity enhancement - phase 2
- Closed
- is related to
-
CFE-691 [DUP of CORS-1871] - Determine and Document the explicit list of required credential permissions for GCP
- Release Pending
-
CORS-1871 Determine and Document the explicit list of required credential permissions for GCP
- Release Pending
- relates to
-
CCO-282 Azure OpenShift role granularity for Azure managed identity
- Release Pending
- links to
1.
|
Docs Tracker | Closed | Jeana Routh | ||
2.
|
PX Tracker | Closed | Dave Mulford | ||
3.
|
QE Tracker | Closed | Jianping Shu | ||
4.
|
TE Tracker | Closed | Dave Mulford |