Skip to content

[DOC] Fix missing GCP IAM permissions for workspace creation (#5114) #5123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[DOC] Fix missing GCP IAM permissions for workspace creation (#5114) #5123

wants to merge 2 commits into from
+21 −4

Conversation

@alexott
Copy link
Contributor

@alexott alexott commented Oct 21, 2025
edited
Loading

Changes

Add PSC/CMK-related permissions to GCP workspace creation guides.

This fixes workspace creation failures caused by missing permissions:

  • Added compute.forwardingRules.get and .list (for Private Service Connect)
  • Added cloudkms.cryptoKeys permissions as commented examples (for CMK)
  • Reorganized permissions with descriptive comments
  • Added clarifying note to PSC guide

Tests

  • make test run locally
  • relevant change in docs/ folder
  • covered with integration tests in internal/acceptance
  • using Go SDK
  • using TF Plugin Framework
  • has entry in NEXT_CHANGELOG.md file

@alexott alexott requested a review from a team as a code owner October 21, 2025 06:41
@alexott alexott requested a review from a team as a code owner October 21, 2025 06:41
@alexott alexott requested review from mgyucht and removed request for a team October 21, 2025 06:41
@alexott alexott temporarily deployed to test-trigger-is October 21, 2025 06:41 — with GitHub Actions Inactive
@alexott alexott temporarily deployed to test-trigger-is October 21, 2025 06:42 — with GitHub Actions Inactive
@jlhawn jlhawn mentioned this pull request Oct 21, 2025
Open
2 tasks
@alexott
Copy link
Contributor Author

alexott commented Oct 24, 2025
edited
Loading

I'm still checking with the GCP compute team because it's not confirmed by them that we should have iam.serviceAccounts.list - the rest of permissions should be ok

@alexott
docs: Fix missing GCP IAM permissions for workspace creation (#5114)
928d942 
Add critical iam.serviceAccounts.list permission and PSC/CMK-related
permissions to GCP workspace creation guides.

This fixes workspace creation failures caused by missing permissions:
- Added iam.serviceAccounts.list (critical for workspace creation)
- Added compute.forwardingRules.get and .list (for Private Service Connect)
- Added cloudkms.cryptoKeys permissions as commented examples (for CMK)
- Reorganized permissions with descriptive comments
- Added clarifying note to PSC guide

Resolves #5114
@alexott alexott temporarily deployed to test-trigger-is October 25, 2025 10:22 — with GitHub Actions Inactive
@alexott alexott enabled auto-merge October 25, 2025 10:22
@github-actions
Copy link

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/terraform

Inputs:

  • PR number: 5123
  • Commit SHA: 95efb65873adb9d9e2cf57ac6e49ba13d93c02cb

Checks will be approved automatically on success.

@alexott alexott deployed to test-trigger-is October 25, 2025 10:23 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgyucht mgyucht mgyucht approved these changes

Assignees

No one assigned

Labels

ai-assisted

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexott @mgyucht