Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAMPolicy and IAMPolicyMember do not accept projectViewer #234

Closed
fsommar opened this issue Jul 7, 2020 · 2 comments
Closed

IAMPolicy and IAMPolicyMember do not accept projectViewer #234

fsommar opened this issue Jul 7, 2020 · 2 comments
Labels
bug Something isn't working

Comments

@fsommar
Copy link

fsommar commented Jul 7, 2020

Describe the bug

The IAMPolicy and IAMPolicyMember resources don't accept projectViewer as a member reference.

This is an addendum to a previously closed issue here: #208. The 1.13.0 update fixed projectOwner and projectEditor member references, but not projectViewer.

ConfigConnector Version
1.13.1

To Reproduce

Create a bucket IAM policy using projectViewer to delegate bucket permissions. See original ticket, #208, for more information.

YAML snippets:

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
  name: test-bucket-iampolicy
spec:
  bindings:
  - members:
    - projectViewer:project-name
    role: roles/storage.legacyBucketReader
  resourceRef:
    apiVersion: storage.cnrm.cloud.google.com/v1beta1
    kind: StorageBucket
    name: test-bucket

This above YAML should be legal based on the special-casing for member references in bucket permissions. Instead, the CRD regex rejects this since it doesn't explicitly accept the projectViewer special reference kind.
@fsommar fsommar added the bug Something isn't working label Jul 7, 2020
@maqiuyujoyce
Copy link
Collaborator

Hi @fsommar , thank you for reporting it! We'll fix it soon.

@jcanseco
Copy link
Member

Hi @fsommar, we just released v1.15.0 which adds support for the projectViewer prefix for members in IAMPolicy and IAMPolicyMember. I'll be closing this issue now, though please feel free to re-open it if you have any further issues!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fsommar @jcanseco @maqiuyujoyce