Uploaded image for project: 'OpenShift Cloud Credential Operator'
  1. OpenShift Cloud Credential Operator
  2. CCO-285

GCP openshift role granularity enhancement - phase 2

    XMLWordPrintable

Details

    • GCP role enhancement - ph 2
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-243 - Custom roles for GCP Workload Identity
    • OCPSTRAT-243Custom roles for GCP Workload Identity
    • 100
    • 100% 100%
    • Approved

    Description

      These are phase 2 items from CCO-188

      Moving items from other teams that need to be committed to for 4.13 this work to complete

      Epic Goal

      • Request to build list of specific permissions to run openshift on GCP - Components grant roles, but we need more granularity - Custom roles now allow ability to do this compared to when permissions capabilities were originally written for GCP

      Why is this important?

      • Some of the service accounts that CCO creates, e.g. service account with role¬† roles/iam.serviceAccountUser provides elevated permissions that are not required/used by the requesting OpenShift components. This is because we use predefined roles for GCP that come with bunch of additional permissions. The goal is to create custom roles with only the required permissions.¬†

      Attachments

        Issue Links

          Activity

            People

              jstuever@redhat.com Jeremiah Stuever
              mworthin@redhat.com Mike Worthington
              Mingxia Huang Mingxia Huang
              Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: