storage-bucket-iam
Config Connector compatible yaml to enable permissions for a storage bucket.
Download the package using kpt.
kpt pkg get https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit.git/config-connector/solutions/iam/kpt/storage-bucket-iam storage-bucket-iam
-
A working Config Connector instance.
-
A storage bucket managed by IAM.
-
The "cnrm-system" service account with
roles/storage.adminin either the storage bucket or the project which owns the storage bucket.Note: Using uniform bucket-level access control is recommended for this package.
| NAME | VALUE | SET BY | DESCRIPTION | COUNT |
|---|---|---|---|---|
| bucket-name | ${BUCKET_NAME?} | PLACEHOLDER | name of storage bucket | 1 |
| iam-member | ${IAM_MEMBER?} | PLACEHOLDER | member to grant role | 1 |
| role | roles/storage.objectViewer | package-default | IAM role to grant | 1 |
Set the name of the bucket you want to configure permissions for.
kpt cfg set . bucket-name your-bucket
Set the IAM member to grant a role to.
kpt cfg set . iam-member user:name@example.com
Optionally, set the storage
role (defaults to
roles/storage.objectViewer) that you want to apply and the IAM member the role will apply to.
kpt cfg set . role roles/storage.admin
Once the configuration is satisfactory, apply:
kubectl apply -f .
Apache 2.0 - See LICENSE for more information.