docs: add GCP policies. (#42492)

airbytehq · Jul 25, 2024 · 6de1cf1 · 6de1cf1
1 parent 9b6cd03
commit 6de1cf1
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 4 deletions.
diff --git a/docs/deploying-airbyte/infrastructure/gcp.md b/docs/deploying-airbyte/infrastructure/gcp.md
@@ -2,4 +2,24 @@
 products: oss-community, oss-enterprise
 ---
 
-# Google Cloud Platform (GCP)
+# Google Cloud Platform (GCP)
+
+Installing Airbyte on GCP requires a service account. The service account must have the correct permissions to access 
+Google Cloud Storage and Google Secrets Manager, if you those integrations are to be used in your installation. The
+documentation for creating a GCP Service Account can be found [here](https://cloud.google.com/iam/docs/service-accounts-create)
+
+## Google Cloud Storage Roles
+
+```text
+roles/storage.objectCreator
+roles/storage.admin
+```
+
+## Google Secret Manager Roles
+
+```text
+roles/secretmanager.secretAccessor
+roles/secretmanager.secretVersionAdder
+roles/secretmanager.secretVersionManager
+roles/secretmanager.viewer
+```
diff --git a/docs/deploying-airbyte/integrations/secrets.md b/docs/deploying-airbyte/integrations/secrets.md
@@ -37,7 +37,18 @@ metadata:
   name: airbyte-config-secrets
 type: Opaque
 stringData:
-  gcp.json: ## {CREDENTIALS_JSON_BLOB}
+  gcp.json: ## {
+  "type": "service_account",
+  "project_id": "cloud-proj",
+  "private_key_id": "2f3b9c8e7d5a1b4f23e697c0d84af6e1",
+  "private_key": "-----BEGIN PRIVATE KEY-----<REDACTED>\n-----END PRIVATE KEY-----\n",
+  "client_email": "cloud-proj.iam.gserviceaccount.com",
+  "client_id": "9876543210987654321",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cloud-proj.iam.gserviceaccount.com"
+}
 ```
 </TabItem>
 

diff --git a/docs/deploying-airbyte/integrations/storage.md b/docs/deploying-airbyte/integrations/storage.md
@@ -40,7 +40,18 @@ metadata:
   name: airbyte-config-secrets
 type: Opaque
 stringData:
-  gcp.json: ## {CREDENTIALS_JSON_BLOB}
+  gcp.json: ## {
+  "type": "service_account",
+  "project_id": "cloud-proj",
+  "private_key_id": "2f3b9c8e7d5a1b4f23e697c0d84af6e1",
+  "private_key": "-----BEGIN PRIVATE KEY-----<REDACTED>\n-----END PRIVATE KEY-----\n",
+  "client_email": "cloud-proj.iam.gserviceaccount.com",
+  "client_id": "9876543210987654321",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cloud-proj.iam.gserviceaccount.com"
+}
 ```
 
 </TabItem>

diff --git a/docusaurus/sidebars.js b/docusaurus/sidebars.js
@@ -400,7 +400,7 @@ const deployAirbyte = {
       label: "Infrastructure",
       items: [
         "deploying-airbyte/infrastructure/aws",
-        // "deploying-airbyte/infrastructure/gcp",
+        "deploying-airbyte/infrastructure/gcp",
         // "deploying-airbyte/infrastructure/azure",
       ],
     },