Merge pull request #87 from odvarkadaniel/gcp-capi-cred-req-manifest-…

…to-use-permissions-field OCPCLOUD-1726: GCP Credential Req. manifest for CAPI to use new API field
openshift · Jan 5, 2024 · bf4db4b · bf4db4b
2 parents be94864 + c076b3a
commit bf4db4b
Showing 1 changed file with 51 additions and 4 deletions.
diff --git a/manifests/0000_30_cluster-api_00_credentials-request.yaml b/manifests/0000_30_cluster-api_00_credentials-request.yaml
@@ -165,10 +165,57 @@ spec:
     apiVersion: cloudcredential.openshift.io/v1
     kind: GCPProviderSpec
     skipServiceCheck: true
-    predefinedRoles:
-    - "roles/compute.instanceAdmin.v1"
-    - "roles/iam.serviceAccountUser"
-    - "roles/compute.loadBalancerAdmin"
+    permissions:
+    - "compute.addresses.create"
+    - "compute.addresses.delete"
+    - "compute.addresses.get"
+    - "compute.addresses.useInternal"
+    - "compute.backendServices.create"
+    - "compute.backendServices.delete"
+    - "compute.backendServices.get"
+    - "compute.backendServices.update"
+    - "compute.disks.create"
+    - "compute.disks.setLabels"
+    - "compute.firewalls.create"
+    - "compute.firewalls.delete"
+    - "compute.firewalls.get"
+    - "compute.firewalls.update"
+    - "compute.forwardingRules.create"
+    - "compute.forwardingRules.delete"
+    - "compute.forwardingRules.get"
+    - "compute.healthChecks.create"
+    - "compute.healthChecks.delete"
+    - "compute.healthChecks.get"
+    - "compute.instanceGroups.create"
+    - "compute.instanceGroups.delete"
+    - "compute.instanceGroups.get"
+    - "compute.instanceGroups.list"
+    - "compute.instances.create"
+    - "compute.instances.delete"
+    - "compute.instances.get"
+    - "compute.instances.setLabels"
+    - "compute.instances.setMetadata"
+    - "compute.instances.setServiceAccount"
+    - "compute.instances.setTags"
+    - "compute.networks.create"
+    - "compute.networks.delete"
+    - "compute.networks.get"
+    - "compute.routers.create"
+    - "compute.routers.delete"
+    - "compute.routers.get"
+    - "compute.subnetworks.create"
+    - "compute.subnetworks.delete"
+    - "compute.subnetworks.get"
+    - "compute.subnetworks.use"
+    - "compute.targetTcpProxies.create"
+    - "compute.targetTcpProxies.delete"
+    - "compute.targetTcpProxies.get"
+    - "compute.zones.get"
+    - "compute.zones.list"
+    - "iam.serviceAccounts.actAs"
+    - "iam.serviceAccounts.get"
+    - "iam.serviceAccounts.list"
+
 # includes compute.targetPools.* currently used to add masters to LB in DR scenarios.
 # https://cloud.google.com/compute/docs/access/iam#compute.loadBalancerAdmin
 ---