1. Proposed title of this feature request

GCP - Set gcp bucket uniform_bucket_level_access to to "True" during install

2. What is the nature and description of the request?

3.  Why does the customer need this? (List the business requirements here)

The customer uses GCP Organization Policy Constraints.  The policy "constraints/storage.uniformBucketLevelAccess" is enabled.

More info can be found here:

https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints

and more about Unifor Bucket Level Access here:

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#uniform_bucket_level_access

A quick summary, from what I read:  There are two ways to access buckets in GCP; 1) IAM users 2) ACL's.  When a resource is requested from the bucket, it can be granted access by EITHER the IAM or ACL.

By enabling uniform bucket-level access it disables the ACL, and only IAM users can access resources in the bucket.

4. List any affected packages or components.

This is an issue surfaced by a customer. The customer uses GCP Organization Policy Constraints.  The policy "constraints/storage.uniformBucketLevelAccess" is enabled.

I believe (I may be wrong) that Openshift only uses the IAM aspect of GCP buckets, so disabling the ACL's shouldn't be a problem.

However, in terraform, the uniform bucket level access is false by default.

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#uniform_bucket_level_access

The outcome of this card would be:

• verify that uniform bucket level access can be enabled
• enable it when creating buckets for GCP