Grant permissions to generated Gcp service account
What does this MR do and why?
In previous MRs, the capability of generating GCP Service Accounts within the GitLab UI was merged.
This MR extends that by granting specific permissions to the GitLab generated GCP service account.
This is part of multiple MRs that are being extracted from this --large-- feature branch: !77524 (closed)
Screenshots or screen recordings
None, purely back-end change.
See https://www.youtube.com/watch?v=xRll4xzGkOc for a proof-of-concepts.
How to set up and validate locally
- Configure your GitLab instance for Google OAuth2
- Enable the
incubation_5mp_google_cloud
feature flag - Navigate to
Infrastructure :: Google Cloud
menu item in aProject
- Generate a service account
- Verify in your Google Cloud console that the right permissions have been granted
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Peter Leitzen