-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to run terraform due to lack of permissions on custom roles #6673
Comments
The IAM roles magic is somewhat impenetrable and causing other issues like #4981 Unfortunately I don't think anyone is terribly familiar with this OR has the bandwidth to replace it (versus continuing to migrate everything to community accounts so we can all sort this out together later ...) |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/lifecycle frozen |
We recently spoke about the IAM management in the SIG meeting, @upodroid suggested we ditch the script entirely, but I don't think we got as far as writing out a plan yet. |
FWIW we're moving towards automated deployment with https://www.runatlantis.io/ |
As a member of [email protected], according to https://github.com/kubernetes/k8s.io/blob/main/infra/gcp/terraform/README.md I should be able to run terraform against the
k8s-infra-prow-build-trusted
project.However, when I attempt to do so I get the following error:
It looks like because this custom role is associated with resources, but I don't have permissions to
iam.roles.get
it at the org level, I can't run terraform. Adding myself to org admin (#6671) allowed me to do the action. It sounds like we need to either A) discontinue use of this custom role, or B) allow permissions for folks that will be running terraform toiam.roles.get
details of that roleThe text was updated successfully, but these errors were encountered: