Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-3267

Spike on removing or limiting the iam.serviceAccounts.actAs requirement on GCP

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • None
    • False
    • None
    • False

      Having the `iam.serviceAccounts.actAs` permission is a requirement right now for the Installer and the required scope is at the GCP Project level.

      There is an escalation from a OSD customer flagging that this requirement is a security risk and is going against Google Cloud's security best practicies.

      We need to spike how we could remove or limit that requirement to be complaint with Google Cloud's security best practices and unblock this customer for adopting OSD

            padillon Patrick Dillon
            mak.redhat.com Marcos Entenza Garcia
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: