Merge pull request #205 from odvarkadaniel/gcp-mapi-cred-req-update-permissions

OCPCLOUD-1724: GCP Credentials req. manifest of CCMO to use new API field

Author: openshift-merge-bot[bot]

manifests/0000_26_cloud-controller-manager-operator_16_credentialsrequest-gcp.yaml

@@ -16,10 +16,43 @@ spec:
   providerSpec:
     apiVersion: cloudcredential.openshift.io/v1
     kind: GCPProviderSpec
-    predefinedRoles:
-      - roles/compute.instanceAdmin
-      - roles/compute.loadBalancerAdmin
-      - roles/iam.serviceAccountUser
+    permissions:
+    - "compute.addresses.create"
+    - "compute.addresses.delete"
+    - "compute.addresses.get"
+    - "compute.addresses.list"
+    - "compute.firewalls.create"
+    - "compute.firewalls.delete"
+    - "compute.firewalls.get"
+    - "compute.firewalls.update"
+    - "compute.forwardingRules.create"
+    - "compute.forwardingRules.delete"
+    - "compute.forwardingRules.get"
+    - "compute.healthChecks.create"
+    - "compute.healthChecks.delete"
+    - "compute.healthChecks.get"
+    - "compute.healthChecks.update"
+    - "compute.httpHealthChecks.create"
+    - "compute.httpHealthChecks.delete"
+    - "compute.httpHealthChecks.get"
+    - "compute.httpHealthChecks.update"
+    - "compute.instanceGroups.create"
+    - "compute.instanceGroups.delete"
+    - "compute.instanceGroups.get"
+    - "compute.instanceGroups.update"
+    - "compute.instances.get"
+    - "compute.instances.use"
+    - "compute.regionBackendServices.create"
+    - "compute.regionBackendServices.delete"
+    - "compute.regionBackendServices.get"
+    - "compute.regionBackendServices.update"
+    - "compute.targetPools.addInstance"
+    - "compute.targetPools.create"
+    - "compute.targetPools.delete"
+    - "compute.targetPools.get"
+    - "compute.targetPools.removeInstance"
+    - "compute.zones.list"
+
     # If set to true, don't check whether the requested
     # roles have the necessary services enabled
     skipServiceCheck: true