Change UserPolicy to PUBLIC on WHOIS and EPP endpoints

------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=193407195
2025-08-05 09:21:49 +02:00 · 2018-04-18 13:29:15 -07:00 · 2018-04-18 13:29:15 -07:00 · f289259101
commit f289259101
parent 77bfa5f4b8
8 changed files with 15 additions and 32 deletions
--- a/docs/proxy-setup.md
+++ b/docs/proxy-setup.md
@ -145,15 +145,6 @@ oAuth:
    - <client_id>
 ```

-This service account also needs to be an ["App Engine Admin"](https://github.com/google/nomulus/blob/3dfd141e0fed650b5eb2631b4345220355221b77/java/google/registry/request/auth/UserAuthInfo.java#L31),
-which means it needs to granted a role like "Project Viewer":
-
-```bash
-$ gcloud add-iam-binding <nomulus-project> \
- --member=serviceAccount:<service-account-email> \
- --role=roles/viewer
- ```
-
 ### Setup nameservers

 The terraform output (run `terraform output` in the environment folder to show
@ -325,15 +316,6 @@ oAuth:

 Redeploy Nomulus for the change to take effect.

-The project that hosts Nomulus also needs to add this service account as a
-project viewer so that OAuth protected endpoints like `/_dr/epp` and
-`/_dr/whois` can be accessed by the proxy:
-
-```bash
-$ gcloud projects add-iam-policy-binding <project-id> \
--member serviceAccount:<service-account-email> --role roles/viewer
-```
-
 Also bind the "Logs Writer" and role to the proxy service account so that it can
 write logs to [Stackdriver Logging](https://cloud.google.com/logging/).