Skip to content

Provide reference roles and permissions for every cloud vendor #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
4 tasks done
DavidGOrtega opened this issue Mar 5, 2021 · 7 comments · Fixed by #443
Closed
4 tasks done

Provide reference roles and permissions for every cloud vendor #75

DavidGOrtega opened this issue Mar 5, 2021 · 7 comments · Fixed by #443
Assignees
@0x2b3bfa0
Labels
cloud-common Applies to every cloud vendor documentation Markdown files p1-important High priority security Sensitive flaws

Comments

@DavidGOrtega
Copy link
Contributor

DavidGOrtega commented Mar 5, 2021
edited by 0x2b3bfa0
Loading

  • aws
  • az
  • gcp
  • k8s

Original issue

what are the AWS permissions required by the terraform provider for cml?
@DavidGOrtega DavidGOrtega mentioned this issue Mar 5, 2021
Closed
@DavidGOrtega DavidGOrtega added the p0-critical Max priority (ASAP) label Mar 16, 2021
@0x2b3bfa0 0x2b3bfa0 added documentation Markdown files p1-important High priority and removed p0-critical Max priority (ASAP) labels Jul 4, 2021
@0x2b3bfa0 0x2b3bfa0 changed the title Easy way to list Azure and AWS needed permissions Provide reference roles and permissions for every cloud vendor Jul 8, 2021
@0x2b3bfa0 0x2b3bfa0 added cloud-common Applies to every cloud vendor security Sensitive flaws labels Jul 8, 2021
@0x2b3bfa0
Copy link
Member

0x2b3bfa0 commented Jul 8, 2021
edited
Loading

See also iterative/cml#429 (comment)

@0x2b3bfa0 0x2b3bfa0 mentioned this issue Jul 12, 2021
Closed
7 tasks
@casperdcl
Copy link
Contributor

also vis. iterative/cml#814 (comment)

This was referenced Feb 9, 2022
Open
Closed
@0x2b3bfa0 0x2b3bfa0 added cloud-aws Amazon Web Services cloud-az Microsoft Azure cloud-gcp Google Cloud cloud-k8s Kubernetes labels Mar 2, 2022
@0x2b3bfa0

This comment was marked as outdated.

Sign in to view
@dacbd
Copy link
Contributor

dacbd commented Mar 2, 2022
edited
Loading

for GCP iam.serviceAccounts.actAs is required for machine/runner's instance_permission_set. I Would argue that a similar feature for task would be beneficial, I haven't been able to dig into it/use task much yet ⏳

@0x2b3bfa0

This comment was marked as off-topic.

Sign in to view
@dacbd

This comment was marked as off-topic.

Sign in to view
@0x2b3bfa0
Copy link
Member

0x2b3bfa0 commented Mar 2, 2022
edited
Loading

Exporting credentials (one–liner)

eval "$(terraform output --json | jq --raw-output 'to_entries[]|"export \(.key|ascii_upcase)=\(.value.value|@sh)"')"

Note: added eval to support multi–line variables like gcp service account credentials.

@casperdcl casperdcl removed cloud-aws Amazon Web Services cloud-az Microsoft Azure cloud-gcp Google Cloud cloud-k8s Kubernetes labels Mar 8, 2022
@0x2b3bfa0 0x2b3bfa0 linked a pull request Mar 14, 2022 that will close this issue
docs: permissions & reference roles #443
Merged
3 tasks
@0x2b3bfa0 0x2b3bfa0 mentioned this issue Mar 14, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0x2b3bfa0 0x2b3bfa0

Labels
cloud-common Applies to every cloud vendor documentation Markdown files p1-important High priority security Sensitive flaws
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: permissions & reference roles iterative/terraform-provider-iterative
4 participants
@DavidGOrtega @dacbd @casperdcl @0x2b3bfa0