Bastion’s service account doesn't have access to view SQL instances.

[vfigueiredo-cit]

Expected Behavior

Bastion’s service account should have access to view information about SQL instances to update the files ${HOME}/bank-of-anthos-repos/root-config-repo/namespaces/boa/accounts/mesh-external-svc.yaml and ${HOME}/bank-of-anthos-repos/root-config-repo/namespaces/boa/frontend/mesh-external-svc.yaml in step 6-anthos-install more specifically https://github.com/GoogleCloudPlatform/terraform-example-foundation-app/tree/main/6-anthos-install#root-config-repo.

Actual Behavior

Bastion’s service account doesn't have access to view information about SQL instances. On the files ${HOME}/bank-of-anthos-repos/root-config-repo/namespaces/boa/accounts/mesh-external-svc.yaml and ${HOME}/bank-of-anthos-repos/root-config-repo/namespaces/boa/frontend/mesh-external-svc.yaml in step 6-anthos-install is recommended to use the following command to see information about SQL instances and update the files:

gcloud sql instances list --project ${SQL_PROJECT_ID}

But, we get the error:

ERROR: (gcloud.sql.instances.list) User [boa-gce-bastion-d-sa@prj-bu1-d-boa-gke-8db3.iam.gserviceaccount.com] does not have permission to access projects instance [prj-bu1-d-boa-sql-761c] (or it may not exist): The client is not authorized to make this request.

Steps to Reproduce the Problem

1. Deploy foundation-app up to step 6-anthos-install, "root config repo"
2. Run the command to get SQL intances information:

   gcloud sql instances list --project ${SQL_PROJECT_ID}

Specifications

• Version: ce45993
• Platform: Ubuntu 20.04.2 LTS

[rutalreja-deloitte]

Additional roles can be specified here https://github.com/GoogleCloudPlatform/terraform-example-foundation-app/blob/main/5-infrastructure/modules/bastion/main.tf#L42

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days