Skip to content

Commit 8d8b7e5

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #1178 from openshift/revert-1097-revert-custom-role
OCPCLOUD-1725: Add GCP custom roles
2 parents b1efdac + c638e72 commit 8d8b7e5

File tree

1 file changed

+46
-3
lines changed

1 file changed

+46
-3
lines changed

install/0000_30_machine-api-operator_00_credentials-request.yaml

Lines changed: 46 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -158,9 +158,52 @@ spec:
158158
providerSpec:
159159
apiVersion: cloudcredential.openshift.io/v1
160160
kind: GCPProviderSpec
161-
predefinedRoles:
162-
- "roles/compute.admin"
163-
- "roles/iam.serviceAccountUser"
161+
permissions:
162+
- "iam.serviceAccounts.actAs"
163+
- "iam.serviceAccounts.get"
164+
- "iam.serviceAccounts.list"
165+
- "compute.acceleratorTypes.get"
166+
- "compute.acceleratorTypes.list"
167+
- "compute.disks.create"
168+
- "compute.disks.setLabels"
169+
- "compute.globalOperations.get"
170+
- "compute.globalOperations.list"
171+
- "compute.healthChecks.useReadOnly"
172+
- "compute.instanceGroups.create"
173+
- "compute.instanceGroups.delete"
174+
- "compute.instanceGroups.get"
175+
- "compute.instanceGroups.list"
176+
- "compute.instanceGroups.update"
177+
- "compute.instances.create"
178+
- "compute.instances.delete"
179+
- "compute.instances.get"
180+
- "compute.instances.list"
181+
- "compute.instances.use"
182+
- "compute.instances.setLabels"
183+
- "compute.instances.setMetadata"
184+
- "compute.instances.setTags"
185+
- "compute.instances.setServiceAccount"
186+
- "compute.instances.update"
187+
- "compute.machineTypes.get"
188+
- "compute.machineTypes.list"
189+
- "compute.projects.get"
190+
- "compute.regionBackendServices.get"
191+
- "compute.regionBackendServices.create"
192+
- "compute.regionBackendServices.update"
193+
- "compute.regions.get"
194+
- "compute.regions.list"
195+
- "compute.subnetworks.use"
196+
- "compute.targetPools.addInstance"
197+
- "compute.targetPools.delete"
198+
- "compute.targetPools.get"
199+
- "compute.targetPools.removeInstance"
200+
- "compute.zoneOperations.get"
201+
- "compute.zoneOperations.list"
202+
- "compute.zones.get"
203+
- "compute.zones.list"
204+
- "serviceusage.quotas.get"
205+
- "serviceusage.services.get"
206+
- "serviceusage.services.list"
164207

165208
---
166209
apiVersion: cloudcredential.openshift.io/v1

0 commit comments

Comments
 (0)