Closed philpennock closed 6 months ago
Hello,
Your PR comes from a GitHub Organization, it's a problem to edit your PR and for automation that modifies or updates PR.
Can you re-create your PR from a personal fork?
Your PR comes from a GitHub Organization, it's a problem to edit your PR and for automation that modifies or updates PR.
Can you re-create your PR from a personal fork?
Done, this has been re-forked and a new PR submitted, #2081.
The GCloud IAM permission system permits a zone to grant access to an actor, without the project granting any access. This can be used with Service Accounts to let an SA edit DNS in one particular zone, and nothing more.
Remove the need for the caller to have project-level role access granting the
dns.managedZones.list
permission, in exchange for the caller telling us the explicit zone ID to use, via theGCE_ZONE_ID
environment variable.PR comment: sorry, I'm going to need help figuring out the test rig and how to set it up to fail the managedzones list call but succeed on zone edits, to add a test for this logic.