Google cloud checklist #4
Conversation
There was a problem hiding this comment.
I think this is very promising, but would like clarifications. I am also not knowledgeable enough about Cloud Run to know if there are more questions one would typically like to ask, so I have only been able to comment within the context of what is written (not what is not written).
|
|
||
| ## Cloud Run Authentication | ||
|
|
||
| 1. Do you have Identity provider access control in place? Is it both for the user and other service? |
There was a problem hiding this comment.
Please clarify this question. Seems to conflate topics (Identity Provider and Access Control) and it is unclear what the second question means. Perhaps unpack it a bit. How would you like access control etc. to be handled for users and across services?
| ## Cloud Run Authentication | ||
|
|
||
| 1. Do you have Identity provider access control in place? Is it both for the user and other service? | ||
| 1. Do you have the service account for cloud run service? If so, what permissions are provided? |
There was a problem hiding this comment.
Perhaps this is obvious if one understands Cloud Run better than I do, but how else, besides a Service Account, would one use Cloud Run? And could you link to a resource that would say what the minimal or otherwise reasonable set of permissions it ought to have?
|
|
||
| 1. Do you have Identity provider access control in place? Is it both for the user and other service? | ||
| 1. Do you have the service account for cloud run service? If so, what permissions are provided? | ||
| 1. How access tokens are used to authenticate when calling Google Cloud APIs? |
There was a problem hiding this comment.
Fix grammar.
And how else than via access tokens would one call the APIs?
| 1. Do you have Identity provider access control in place? Is it both for the user and other service? | ||
| 1. Do you have the service account for cloud run service? If so, what permissions are provided? | ||
| 1. How access tokens are used to authenticate when calling Google Cloud APIs? | ||
| 1. How are the secrets manage in Cloud Run? Are secrets managed by the Secret Manager? |
There was a problem hiding this comment.
"managed"
Since Google Cloud Secret Manager is just one of many options for secrets, should the question perhaps be "How are secrets managed in Cloud Run, e.g., are they managed via Google Cloud Secret Manager?"
| 1. Do you have the service account for cloud run service? If so, what permissions are provided? | ||
| 1. How access tokens are used to authenticate when calling Google Cloud APIs? | ||
| 1. How are the secrets manage in Cloud Run? Are secrets managed by the Secret Manager? | ||
| 1. Do you have customer managed encrytion keys? |
There was a problem hiding this comment.
Clarify in what service this question relates to.
| 1. How access tokens are used to authenticate when calling Google Cloud APIs? | ||
| 1. How are the secrets manage in Cloud Run? Are secrets managed by the Secret Manager? | ||
| 1. Do you have customer managed encrytion keys? | ||
| 1. Is Cloud Run integrated with Binarization autherization? Or is code binarized and then deployed? |
There was a problem hiding this comment.
Spell check and grammar check the document, please. And this question felt like it was on a significantly deeper level, technology wise, than the others. Please provide a link, because what even is binarization? Is it really an either-or type of question, that it is either integrated with binarization or binarized and then deployed?
4 participants
This PR adds a technology specific checklist for Google Cloud Run