Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8s-infra-prow-oncall unable to navigate to k8s-infra-prow-build via GCP console UI #1678

Closed
spiffxp opened this issue Feb 18, 2021 · 4 comments · Fixed by #1679
Closed

k8s-infra-prow-oncall unable to navigate to k8s-infra-prow-build via GCP console UI #1678

spiffxp opened this issue Feb 18, 2021 · 4 comments · Fixed by #1679
Assignees
@spiffxp
Labels
area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Milestone
v1.21

Comments

@spiffxp
Copy link
Member

spiffxp commented Feb 18, 2021

The "kubernetes.io" org does not appear in the "Select from" box, it should

I'm guessing this is either org view, folder view, or some other resourcemanager permission

/kind bug
/area prow
/area access
/sig testing
/priority important-soon
/assign
/milestone v1.21
@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters labels Feb 18, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Feb 18, 2021
@k8s-ci-robot k8s-ci-robot added area/access Define who has access to what via IAM bindings, role bindings, policy, etc. sig/testing Categorizes an issue or PR as relevant to SIG Testing. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Feb 18, 2021
@ameukam
Copy link
Member

ameukam commented Feb 18, 2021

@spiffxp Forgive me if I misunderstand this issue but I don't have this issue (as member of k8s-infra-prow-oncall and k8s-infra-prow-viewers):

image

@spiffxp
Copy link
Member Author

spiffxp commented Feb 18, 2021

@ameukam that would be because you're a member of gke-security-groups@

$ gcloud organizations get-iam-policy 758905017065
# ...
- members:
  - group:gke-security-groups@kubernetes.io
  role: roles/browser
# ...
$ gcloud iam roles describe roles/browser
description: Access to browse GCP resources.
etag: AA==
includedPermissions:
- resourcemanager.folders.get
- resourcemanager.folders.list
- resourcemanager.organizations.get
- resourcemanager.projects.get
- resourcemanager.projects.getIamPolicy
- resourcemanager.projects.list
name: roles/browser
stage: GA
title: Browser

That seems a little too broad for a group that's supposed to be about access to aaa in kubernetes-public, but I'm not going to change for now

I think that role does make sense for k8s-infra-prow-oncall though, since prow interacts with many projects, and viewing iam policies would help troubleshooting.

@spiffxp spiffxp mentioned this issue Feb 18, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Feb 18, 2021

#1679 should fix

@spiffxp
Copy link
Member Author

spiffxp commented Mar 4, 2021

ref: #1743

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spiffxp spiffxp

Labels
area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Projects
None yet
Milestone
v1.21
Development

Successfully merging a pull request may close this issue.

Add ensure-organization.sh, give prow-oncall org browse access spiffxp/k8s.io
3 participants
@spiffxp @ameukam @k8s-ci-robot