Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish GCP images with allUsers visibility #148

Open
MrBatschner opened this issue Jan 15, 2025 · 1 comment
Open

Publish GCP images with allUsers visibility #148

MrBatschner opened this issue Jan 15, 2025 · 1 comment
Labels
kind/enhancement Enhancement, improvement, extension

Comments

@MrBatschner
Copy link
Member

What would you like to be added:

Garden Linux images on GCP are published with allAuthenticatedUsers permissions. This has to be changed to allUsers (also retroactively applied to all existing images) so that it is possible to list and consume the images for users authenticated through a federated IdP.

See the clear documentation at https://cloud.google.com/iam/docs/overview#all-authenticated-users.

Why is this needed:

Gardener will use IdP access to cloud platforms for future clusters which should still be able to consume Garden Linux image.
@MrBatschner MrBatschner added the kind/enhancement Enhancement, improvement, extension label Jan 15, 2025
@MrBatschner
Copy link
Member Author

Relevant code that needs to be adapted is here:

glci/glci/gcp.py

Lines 150 to 158 in 2442377

iam_policies = images.getIamPolicy(
project=gcp_project_name, resource=image_name
).execute()
if not 'bindings' in iam_policies:
iam_policies = []
iam_policies.append({
'members': ['allAuthenticatedUsers'],
'role': 'roles/compute.imageUser',
})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Enhancement, improvement, extension
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MrBatschner