Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:

Blocked:
False
Blocked Reason:
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Impact Score:

Having the `iam.serviceAccounts.actAs` permission is a requirement right now for the Installer and the required scope is at the GCP Project level.

There is an escalation from a OSD customer flagging that this requirement is a security risk and is going against Google Cloud's security best practicies.

We need to spike how we could remove or limit that requirement to be complaint with Google Cloud's security best practices and unblock this customer for adopting OSD

is incorporated by

CORS-3445 Support for pre-creation of Service Accounts used in GCP deployments

To Do

OCPSTRAT-1294 Pre-creation Service Accounts used in GCP deployments

Refinement

is related to

CCO-524 Removing or limiting the iam.serviceAccounts.actAs requirement on GCP

Closed

Assignee:: Patrick Dillon

Reporter:: Marcos Entenza Garcia

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/02/14 10:41 AM

Updated:: 2024/05/06 11:55 PM

Resolved:: 2024/03/15 1:34 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates