You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, when I attempt to do so I get the following error:
│ Error: Error when reading or editing Error reading IAM Role organizations/758905017065/roles/iam.serviceAccountLister: googleapi: Error 403: You don't have permission to get the role at organizations/758905017065/roles/iam.serviceAccountLister.
It looks like because this custom role is associated with resources, but I don't have permissions to iam.roles.get it at the org level, I can't run terraform. Adding myself to org admin (#6671) allowed me to do the action. It sounds like we need to either A) discontinue use of this custom role, or B) allow permissions for folks that will be running terraform to iam.roles.get details of that role
The text was updated successfully, but these errors were encountered:
The IAM roles magic is somewhat impenetrable and causing other issues like #4981
Unfortunately I don't think anyone is terribly familiar with this OR has the bandwidth to replace it (versus continuing to migrate everything to community accounts so we can all sort this out together later ...)
As a member of k8s-infra-prow-oncall@kubernetes.io, according to https://github.com/kubernetes/k8s.io/blob/main/infra/gcp/terraform/README.md I should be able to run terraform against the
k8s-infra-prow-build-trusted
project.However, when I attempt to do so I get the following error:
It looks like because this custom role is associated with resources, but I don't have permissions to
iam.roles.get
it at the org level, I can't run terraform. Adding myself to org admin (#6671) allowed me to do the action. It sounds like we need to either A) discontinue use of this custom role, or B) allow permissions for folks that will be running terraform toiam.roles.get
details of that roleThe text was updated successfully, but these errors were encountered: