-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.13.z, 4.14.z, 4.15.z, 4.16
The docs for[ permissions for GCP Shared VPC installs|https://docs.openshift.com/container-platform/4.13/installing/installing_gcp/installing-gcp-account.html#minimum-required-permissions-ipi-gcp-xpn] need to be revised. Originally we thought it was impossible to have "fine-grained" permissions, but we were mistaken.
Note that custom roles, and therefore fine-grained permissions, cannot be used in shared VPC installations because GCP does not support adding the required permission compute.organizations.administerXpn to custom roles.
This is wrong and simply should be deleted.
Most of it is true, but it is irrelevant to installs. The administerXPN permission is only needed when setting up the shared VPC, which should happen before and independent of the install. We may follow this by including the required fine-grained permissions, but let's do that in a separate bug.
- is blocked by
-
OCPBUGS-18770 GCP cluster failed to install with cco mode Passthrough and minimum required GCP permissions
- Closed
- links to