Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-243

Custom roles for GCP Workload Identity

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-10Install and update OpenShift on Infrastructure Providers
    • 100
    • 100% 100%
    • 0
    • 0
    • Program Call

    Description

      BU Priority Overview

      Create custom roles for GCP with minimal set of required permissions.

      Goals

      Enable customers to better scope credential permissions and create custom roles on GCP that only include the minimum subset of what is needed for OpenShift.

      State of the Business

      Some of the service accounts that CCO creates, e.g. service account with role  roles/iam.serviceAccountUser provides elevated permissions that are not required/used by the requesting OpenShift components. This is because we use predefined roles for GCP that come with bunch of additional permissions. The goal is to create custom roles with only the required permissions. 

      Execution Plans

      TBD

       

      Attachments

        Issue Links

          Activity

            People

              julim Ju Lim
              julim Ju Lim
              Bill Dettelback, Daniel Messer, Daniel Odvarka (Inactive), Deepthi Dharwar, Flavian Missi, Gregory Charot, Jeremiah Stuever, Joel Speed, Ju Lim, Marc Curry, Miciah Masters, Patrick Dillon, Patryk Diak, Roman Bednar, Scott Dodson, Tomas Smetana
              Jeremiah Stuever Jeremiah Stuever
              Yu Li (李宇) Yu Li (李宇)
              Jeana Routh Jeana Routh
              Scott Dodson Scott Dodson
              Ju Lim Ju Lim
              Eric Rich Eric Rich
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: