[DOC] Incorrect information about permissions included in GCP basic/primitive roles

[japrac]

Description

Documentation erroneously states that the necessary permissions for running this extension are included in the basic/primitive GCP roles of 'Owner' and 'Editor'

Environment information

See "Note" under step 5 of "Create and assign an IAM Role" at https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/gcp.html#create-and-assign-an-iam-role

• both 'Owner' and 'Editor' GCP basic roles are affected
• these two roles do not include the following permissions:
  • storage.buckets.get
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • storage.objects.update

Recommendation

• Create a custom role with the necessary permissions listed under step 4
• A combination of 'Compute Admin' and 'Storage Admin' roles would also provide all of the required permissions
• If using the 'Owner' or 'Editor' roles, ensure you add the permissions listed above (which are missing from these GCP basic roles)

Severity Level

Severity: 5 (documentation issue which may cause permissions errors on initial deployment)

Reference

• GCP basic role definitions: https://cloud.google.com/iam/docs/understanding-roles#basic-definitions
• Storage IAM permissions and roles: https://cloud.google.com/storage/docs/access-control/iam-roles#basic-roles-intrinsic
• General IAM permissions reference: https://cloud.google.com/iam/docs/permissions-reference

[shyawnkarim]

Thanks for reporting this issue with our documentation. We are now tracking this internally with ID AUTOSDK-544.