Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17814

Revise Permissions for GCP Shared VPC Installs

XMLWordPrintable

    • Moderate
    • No
    • 2
    • OSDOCS Sprint 241, OSDOCS Sprint 242, OSDOCS Sprint 243, OSDOCS Sprint 244, OSDOCS Sprint 245, OSDOCS Sprint 246, OSDOCS Sprint 247, OSDOCS Sprint 248, OSDOCS Sprint 249, OSDOCS Sprint 250, OSDOCS Sprint 251
    • 11
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required

      The docs for[ permissions for GCP Shared VPC installs|https://docs.openshift.com/container-platform/4.13/installing/installing_gcp/installing-gcp-account.html#minimum-required-permissions-ipi-gcp-xpn] need to be revised. Originally we thought it was impossible to have "fine-grained" permissions, but we were mistaken.

       

      Note that custom roles, and therefore fine-grained permissions, cannot be used in shared VPC installations because GCP does not support adding the required permission compute.organizations.administerXpn to custom roles.

      This is wrong and simply should be deleted.

      Most of it is true, but it is irrelevant to installs. The administerXPN permission is only needed when setting up the shared VPC, which should happen before and independent of the install. We may follow this by including the required fine-grained permissions, but let's do that in a separate bug.

       

       

       

       

            dfitzmau@redhat.com Darragh Fitzmaurice
            padillon Patrick Dillon
            Jianli Wei Jianli Wei
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: