search

gardener / gardener-extension-provider-openstack

Gardener extension controller for the OpenStack cloud provider (https://openstack.org).
https://gardener.cloud
Apache License 2.0
25 stars 81 forks source link

Minimal Permissions for user credentials #23

Open rfranzke opened 4 years ago

rfranzke commented 4 years ago

From https://github.com/gardener/gardener-extensions/issues/133

We have narrowed down the access permissions for AWS shoot clusters (potential remainder tracked in #178), but not yet for Azure, GCP and OpenStack, which this ticket is now about. We expect less success on these infrastructures as AWSes permision/policy options are very detailed. This may break the "shared account" idea on these infrastructures (Azure and GCP - OpenStack can be mitigated by programmatically creating tenants on the fly).

rfranzke commented 4 years ago

Disclaimer: It is unclear whether the current required permissions can be narrowed down even more (whether the cloud provider allows this fine-granular tuning) - if you think it is not possible/not recommended please close the issue with a proper explanation.