Skip to content

Commit

Permalink
Merge pull request kubernetes-sigs#18 from davidz627/fix/GCPRole
Browse files Browse the repository at this point in the history 
Reduced IAM Policy Role scope to minimal storageAdmin role
  • Loading branch information
@davidz627
davidz627 authored Jun 21, 2018
2 parents 50b58c6 + 8e7a639 commit fb1c44b
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions deploy/setup-project.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,4 @@ gcloud iam service-accounts delete "${IAM_NAME}" --quiet
# Create new Service Account and Keys
gcloud iam service-accounts create "${GCEPD_SA_NAME}"
gcloud iam service-accounts keys create "${SA_FILE}" --iam-account "${IAM_NAME}"
# TODO: Reduce scope of role to only what it necessary when cloud IAM fixes bugs.
gcloud projects add-iam-policy-binding "${PROJECT}" --member serviceAccount:"${IAM_NAME}" --role roles/owner
gcloud projects add-iam-policy-binding "${PROJECT}" --member serviceAccount:"${IAM_NAME}" --role roles/compute.storageAdmin

0 comments on commit fb1c44b

Please sign in to comment.