Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minimal Permissions for user credentials #23

Open
rfranzke opened this issue Feb 4, 2020 · 1 comment
Open

Minimal Permissions for user credentials #23

rfranzke opened this issue Feb 4, 2020 · 1 comment
Labels
kind/enhancement Enhancement, improvement, extension lifecycle/rotten Nobody worked on this for 12 months (final aging stage)

Comments

@rfranzke
Copy link
Member

rfranzke commented Feb 4, 2020

From gardener-attic/gardener-extensions#133

We have narrowed down the access permissions for AWS shoot clusters (potential remainder tracked in #178), but not yet for Azure, GCP and OpenStack, which this ticket is now about. We expect less success on these infrastructures as AWSes permision/policy options are very detailed. This may break the "shared account" idea on these infrastructures (Azure and GCP - OpenStack can be mitigated by programmatically creating tenants on the fly).
@rfranzke rfranzke added the kind/enhancement Enhancement, improvement, extension label Feb 4, 2020
@rfranzke
Copy link
Member Author

rfranzke commented Feb 4, 2020

Disclaimer: It is unclear whether the current required permissions can be narrowed down even more (whether the cloud provider allows this fine-granular tuning) - if you think it is not possible/not recommended please close the issue with a proper explanation.

@ghost ghost added the lifecycle/stale Nobody worked on this for 6 months (will further age) label Apr 5, 2020
@gardener-robot gardener-robot added lifecycle/rotten Nobody worked on this for 12 months (final aging stage) and removed lifecycle/stale Nobody worked on this for 6 months (will further age) labels Jun 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Enhancement, improvement, extension lifecycle/rotten Nobody worked on this for 12 months (final aging stage)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rfranzke @gardener-robot