Hao Wu
Reputation: 11
GCP IAM condition
I granted a user as K8S cluster admin with condition that the resource.name.endsWith("non-prod"), however, the condition does not work, the user still cannot maintain the non-prod clusters
Condition on "Kubernetes Engine Admin" role { "expression": "resource.name.endsWith("non-prod")", "title": "Admin access for non-prod cluster", "description": "Admin access for non-prod cluster." }
Expected result: users with this IAM role binding can maintain the non-prod clusters. Actual result: users with this IAM role binding condition cannot manage any non-prod cluster.
Upvotes: 1
Views: 25
Answers (0)
Related Questions
- How to change the project in GCP using CLI commands
- GCP IAM Permissions/Conditionals for ssh into a a single compute box for a single IAM user
- Terraform google_project_iam_binding deletes GCP compute engine default service account from IAM principals
- GCP IAM Role condition based on part of resource name
- add-iam-poilcy-binding vs set-iam-policy
- Google Cloud IAM User doesn't Inherit Role from Organization
- Cannot create cluster role in GKE even though I am owner and admin
- Give object-based premissions in GCP IAM
- IAM Role to SSH to VM without Admin Priveleges