Open duxbuse opened 1 year ago
I don't think the permissions required for an endpoint are documented by GCP proper, much less accessible in an automated system as would be required to scale this up across the entire surface. Also note that the permissions required for a call are sometimes dynamic (i.e. when accessing a crypto key)
from triage: We are scoping this ticket to just adding the ability to link API Permissions and roles documentation.
Adding the links will be a separate effort.
For the note:
Hashicorp added a feature in the terraform framework, to be able to test iam privilege during tf plan
, it would very practical to add this feature in the Google terraform provider.
related with:
The issue for Terraform: https://github.com/hashicorp/terraform/issues/16625#issuecomment-343644197
AWS equivalent : https://github.com/hashicorp/terraform-provider-aws/issues/2286#issuecomment-344360165
Community Note
Description
When trying to create a new resource, with an account with no privileges its often hard to understand what IAM roles are needed to create and destroy the resource. Many times the error message is simply 403 permission denied which doesn't help narrow the issue.
It would be really great if the terraform docs had a small section outlining for each resource what perms are needed to interact with it.