GCP permissions needed not listed

[anEXPer]

Describe the bug
An unintuitive permission is necessary for the GCP upgrade process:

compute.images.delete.

This is included in "Compute Instance Admin (v1)" - compute.instanceAdmin - which the Ops Manager docs list as required. This is likely the only required permission for the Ops Manager VM and image management parts of Platform Automation; others may be necessary depending on blob store selection.

Currently, the Platform Automation docs don't list necessary permission prerequisites on GCP at all. They should! Not sure exactly where, yet.

The Paving repo docs list permissions necessary for setup of environments, which includes instanceAdmin:

https://github.com/pivotal/paving/tree/master/gcp

Those permissions are broader than what PA requires, but cover the additional permissions necessary to setup the envs Paving operates in, so may also be of interest.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

[jaristiz]

Hey @anEXPer,

Have you gotten feedback from customers about this issue, and what would be the consequence of setting this as a low priority work?

[jaristiz]

Hi @cf-gitbot ,

I've checked the permissions listed at https://github.com/pivotal/paving/tree/master/gcp, and am planning of adding those permissions to the README.md, and add the mentioned missing permission.

Do you consider we should add/remove anything else?

Regards.

[anEXPer]

I think that's fine. Sorry I missed your earlier question about this! We did get feedback from customers, just that they had a problem and wouldn't have hit it if they'd known in advance what the permissions needed to be. Well. One customer. Anyway, this is fine, and having it relatively low priority was appropriate.