Skip to content

Fix Packer documentation for minimum necessary IAM roles#3960

Merged
tpdownes merged 2 commits into
GoogleCloudPlatform:developfrom
tpdownes:fix_packer_readme
Apr 17, 2025
Merged

Fix Packer documentation for minimum necessary IAM roles#3960
tpdownes merged 2 commits into
GoogleCloudPlatform:developfrom
tpdownes:fix_packer_readme

Conversation

@tpdownes

@tpdownes tpdownes commented Apr 17, 2025

Copy link
Copy Markdown
Contributor
  • Fix a bug in Packer module documentation; the role iam.serviceAccountUser is necessary for temporary build VMs to modify their own instance metadata
  • Minor change to properly escape an underscore within a Markdown link

Reference: https://cloud.google.com/iam/docs/understanding-roles#compute.instanceAdmin.v1

Submission Checklist

NOTE: Community submissions can take up to 2 weeks to be reviewed.

Please take the following actions before submitting this pull request.

  • Fork your PR branch from the Toolkit "develop" branch (not main)
  • Test all changes with pre-commit in a local branch #
  • Confirm that "make tests" passes all tests
  • Add or modify unit tests to cover code changes
  • Ensure that unit test coverage remains above 80%
  • Update all applicable documentation
  • Follow Cluster Toolkit Contribution guidelines #

tpdownes added 2 commits April 17, 2025 14:18
@tpdownes
Update Packer module README
1c2613c 
- Alter heading of prior section to clarify which IAM permissions
  recommendations apply to the user running the `packer` binary and
  which apply to the temporary VM created by Packer
- add roles/iam.serviceAccountUser to the list of minimum recommended
  IAM permissions for the temporary VM service account. This ensures
  that the VM can modify its own metadata when startup-script execution
  completes.

Ref: https://cloud.google.com/iam/docs/understanding-roles#compute.instanceAdmin.v1
@tpdownes
Escape underscore in markdown file
b31e055
@tpdownes tpdownes added the release-module-improvements Added to release notes under the "Module Improvements" heading. label Apr 17, 2025
@tpdownes tpdownes requested a review from alyssa-sm April 17, 2025 14:27
@tpdownes tpdownes requested review from a team and samskillman as code owners April 17, 2025 14:27
@tpdownes tpdownes enabled auto-merge April 17, 2025 16:21
@tpdownes tpdownes merged commit 21d558c into GoogleCloudPlatform:develop Apr 17, 2025
@tpdownes tpdownes deleted the fix_packer_readme branch April 17, 2025 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alyssa-sm alyssa-sm alyssa-sm approved these changes

@samskillman samskillman Awaiting requested review from samskillman

Assignees

@alyssa-sm alyssa-sm

Labels

release-module-improvements Added to release notes under the "Module Improvements" heading.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tpdownes @alyssa-sm