Verify GR12 marketplace org policy override at the parent folder level is required to use CSR

[fmichaelobrien]

Keep GR 12 off (marketplace restrictions) - at the folder level above any workload that requires CSR CaC had an issue with CSR - jogged my memory about the 2 marketplace policies partially working but also breaking parts of GCP - over a year ago. This needs to be fully documented going forward with compliance

Issue is sometimes we don't know where a policy will affect a new service - we discovered this with GKE cluster up/down ops for the LZ and placed folder overrides above the CC cluster project - you also need this for CSR. Of note: a clean system installs CB/CSR for both PBMM and TEF LZs - proper coding will put in an org policy override at a subfolder above unclass projects

https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/69 quote:" https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/69#issuecomment-1153204979

obriensystems commented on Jun 12, 2022 • edited

https://github.com/canada-ca/cloud-guardrails/blob/master/EN/00_Applicable-Scope.md https://github.com/canada-ca/cloud-guardrails/blob/master/EN/12_Cloud-Marketplace-Config.md Issue is though that we seem to need marketplace for certain essential native GCP services like CSR for example - creating a new repo - contains /marketplace in the url https://console.cloud.google.com/marketplace/product/google-cloud-platform/cloud-source-repositories?q=search&referrer=search&project=magellan-01 gets us to the source.cloud page https://source.cloud.google.com/ we need to verifying turning off marketplace will not affect GCP operation