Change UserPolicy to PUBLIC on WHOIS and EPP endpoints

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=193407195
This commit is contained in:
jianglai 2018-04-18 13:29:15 -07:00
parent 77bfa5f4b8
commit f289259101
8 changed files with 15 additions and 32 deletions

View file

@ -145,15 +145,6 @@ oAuth:
- <client_id>
```
This service account also needs to be an ["App Engine Admin"](https://github.com/google/nomulus/blob/3dfd141e0fed650b5eb2631b4345220355221b77/java/google/registry/request/auth/UserAuthInfo.java#L31),
which means it needs to granted a role like "Project Viewer":
```bash
$ gcloud add-iam-binding <nomulus-project> \
--member=serviceAccount:<service-account-email> \
--role=roles/viewer
```
### Setup nameservers
The terraform output (run `terraform output` in the environment folder to show
@ -325,15 +316,6 @@ oAuth:
Redeploy Nomulus for the change to take effect.
The project that hosts Nomulus also needs to add this service account as a
project viewer so that OAuth protected endpoints like `/_dr/epp` and
`/_dr/whois` can be accessed by the proxy:
```bash
$ gcloud projects add-iam-policy-binding <project-id> \
--member serviceAccount:<service-account-email> --role roles/viewer
```
Also bind the "Logs Writer" and role to the proxy service account so that it can
write logs to [Stackdriver Logging](https://cloud.google.com/logging/).