Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1516

GCP - Set gcp bucket uniform_bucket_level_access to to "True" during install

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • False
    • Undefined

      1. Proposed title of this feature request

      GCP - Set gcp bucket uniform_bucket_level_access to to "True" during install

       

      2. What is the nature and description of the request?

       

       

      3.  Why does the customer need this? (List the business requirements here)

       

      The customer uses GCP Organization Policy Constraints.  The policy "constraints/storage.uniformBucketLevelAccess" is enabled.

       

      More info can be found here:

      https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints

       

      and more about Unifor Bucket Level Access here:

      https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#uniform_bucket_level_access

       


      A quick summary, from what I read:  There are two ways to access buckets in GCP; 1) IAM users 2) ACL's.  When a resource is requested from the bucket, it can be granted access by EITHER the IAM or ACL.

       

      By enabling uniform bucket-level access it disables the ACL, and only IAM users can access resources in the bucket.


       

      4. List any affected packages or components.

       


      This is an issue surfaced by a customer. The customer uses GCP Organization Policy Constraints.  The policy "constraints/storage.uniformBucketLevelAccess" is enabled.

       

      I believe (I may be wrong) that Openshift only uses the IAM aspect of GCP buckets, so disabling the ACL's shouldn't be a problem.

       

      However, in terraform, the uniform bucket level access is false by default.

       

      https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#uniform_bucket_level_access

       

      The outcome of this card would be:

      • verify that uniform bucket level access can be enabled
      • enable it when creating buckets for GCP

              mstaeble Matthew Staebler (Inactive)
              mwoodson.openshift Matt Woodson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: