Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐞 [Bug Report] - Django IAM permissions too high #4

Closed
glasnt opened this issue Sep 30, 2022 · 1 comment
Closed

🐞 [Bug Report] - Django IAM permissions too high #4

glasnt opened this issue Sep 30, 2022 · 1 comment
Assignees
@glasnt
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@glasnt
Copy link
Collaborator

glasnt commented Sep 30, 2022

Describe the bug

The Django service account has viewer permissions on all Cloud Run services, not just itself

To Reproduce
https://github.com/GoogleCloudPlatform/avocano/blob/main/provisioning/terraform/iam.tf#L39

Expected behavior

https://cloud.google.com/iam/docs/using-iam-securely#least_privilege
@glasnt glasnt added the bug label Sep 30, 2022
@glasnt glasnt self-assigned this Apr 18, 2023
@glasnt glasnt added the priority: p2 Moderately-important priority. Fix may not be included in next release. label Apr 18, 2023
@grayside grayside added the type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. label Apr 19, 2023
@muncus muncus added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Jul 27, 2023
@glasnt
Copy link
Collaborator Author

glasnt commented Oct 10, 2023

This would extend to other instances, such as Cloud SQL, but I believe this is a bit out of scope for the benefit of the change. Closing.

@glasnt glasnt closed this as completed Oct 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@glasnt glasnt

Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@muncus @grayside @glasnt