GCP Access Process:
Standard Access: For permanent access to resources, projects or assets
- Resources in scope for this procedure: GCP Organization Level permissions, Managed Instance and Sourcegraph Cloud
- Clone sourcegraph/infrastructure repo into a new branch
- Under folder gcp/org find the appropriate terraform file:
- Files are organized by permission level
- Organization permission
- Used when granting access across all resources in all projects
- Folder permissions
- Used to grant access to all projects and resources in a particular folder, such as engineering projects or managed instances
- Project permissions
- Used for granular permissions granted on per project basis
- Modify the terraform in the relevant file
- If the role you are trying to gain access to already has a resource block, add yourself to it
- If it doesnt, create a new resource block and follow the naming convention in the file
- Resource name: projectname_rolename
- Run
terraform init
and then terraform plan
to review changes
- If
terraform plan
is changing more than what is expected, reach out to security team to review the unexpected changes
- If
terraform plan
output is expected, create a PR
- Tag security for review
- Post in #tech-ops slack channel so a ticket is created to track manager approvals
- Once approved, run terraform apply
Procedure for requesting escalated permission for incident response:
- Environment in scope: Sourcegraph Cloud and Managed Instances
- Reach out to Tech Ops via #tech-ops channel
- Request access as follows
- Tech Ops will add you to the google group
- You will automatically lose access at the end of the time frame unless you renew with approvals
Procedure for requesting on-call access
- Environment in scope: Sourcegraph Cloud and Managed Instances
- Reach out to Tech Ops via #tech-ops channel
- Request access as follows
- Tech Ops will add you to the google group
- You will automatically lose access at the end of the time frame unless you renew with approvals