Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grant network user on shared VPC to service project's cloud run serviceaccount. #926

Open
Sonins opened this issue Jul 29, 2024 · 0 comments
Open

Grant network user on shared VPC to service project's cloud run serviceaccount. #926

Sonins opened this issue Jul 29, 2024 · 0 comments
Labels
enhancement New feature or request good first issue Good for newcomers triaged Scoped and ready for work

Comments

@Sonins
Copy link

Sonins commented Jul 29, 2024
edited
Loading

TL;DR

For using direct VPC egress feature of cloud run, cloud run serviceaccount (service-PROJECT_NUMBER@serverless-robot-prod.iam.gserviceaccount.com) needs roles/compute.networkUser on host project. For now, this module does not support iam permission configuration for cloud run serviceaccount.

Terraform Resources

google_project_iam_member
google_compute_subnetwork_iam_member

Detailed design

Adding "run.googleapis.com": format("service-%[email protected]", local.service_project_number), to locals.api in modules/shared_vpc_access/main.tf will implement this feature.

Additional information

No response
@Sonins Sonins added the enhancement New feature or request label Jul 29, 2024
@bharathkkb bharathkkb added good first issue Good for newcomers triaged Scoped and ready for work labels Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers triaged Scoped and ready for work
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bharathkkb @Sonins