Grant permissions to generated Gcp service account (!78712) · Merge requests · GitLab.org / GitLab

Sri Rang requested to merge incubation-5mp-service-account-policy into master Jan 20, 2022

What does this MR do and why?

In previous MRs, the capability of generating GCP Service Accounts within the GitLab UI was merged.

This MR extends that by granting specific permissions to the GitLab generated GCP service account.

This is part of multiple MRs that are being extracted from this --large-- feature branch: !77524 (closed)

Screenshots or screen recordings

None, purely back-end change.

See https://www.youtube.com/watch?v=xRll4xzGkOc for a proof-of-concepts.

How to set up and validate locally

Configure your GitLab instance for Google OAuth2
Enable the incubation_5mp_google_cloud feature flag
Navigate to Infrastructure :: Google Cloud menu item in a Project
Generate a service account
Verify in your Google Cloud console that the right permissions have been granted

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jan 27, 2022 by Peter Leitzen

Grant permissions to generated Gcp service account

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports