Docs Update GCP Roles to Compute Admin to allow for network configuration (!250) · Merge requests · GitLab.org / GitLab Environment Toolkit

Alexander Strachan requested to merge astrachan-master-patch-62729 into master Jul 21, 2021

Using GET on GCP for the first time (thank you for this project!) I found that Terraform provisioning failed with

Error: Error creating Address: googleapi: Error 403: Required 'compute.addresses.create' permission for '...gitlab-nfs-ip-1', forbidden

  on ../../modules/gitlab_gcp_instance/main.tf line 1, in resource "google_compute_address" "gitlab":
   1: resource "google_compute_address" "gitlab" {


Error: Error creating Firewall: googleapi: Error 403: Required 'compute.firewalls.create' permission for '...-firewall-rule-http-https'
More details:
Reason: forbidden, Message: Required 'compute.firewalls.create' permission for '...-firewall-rule-http-https'
Reason: forbidden, Message: Required 'compute.networks.updatePolicy' permission for '.../global/networks/default'

Using Compute Admin as the Role instead of Compute Instance Admin v1 gave the necessary privileges.

Used iam#compute.admin to review permissions.

Docs Update GCP Roles to Compute Admin to allow for network configuration

Merge request reports