mirror of
https://github.com/google/nomulus.git
synced 2025-08-05 09:21:49 +02:00
Change UserPolicy to PUBLIC on WHOIS and EPP endpoints
------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=193407195
This commit is contained in:
parent
77bfa5f4b8
commit
f289259101
8 changed files with 15 additions and 32 deletions
|
@ -145,15 +145,6 @@ oAuth:
|
|||
- <client_id>
|
||||
```
|
||||
|
||||
This service account also needs to be an ["App Engine Admin"](https://github.com/google/nomulus/blob/3dfd141e0fed650b5eb2631b4345220355221b77/java/google/registry/request/auth/UserAuthInfo.java#L31),
|
||||
which means it needs to granted a role like "Project Viewer":
|
||||
|
||||
```bash
|
||||
$ gcloud add-iam-binding <nomulus-project> \
|
||||
--member=serviceAccount:<service-account-email> \
|
||||
--role=roles/viewer
|
||||
```
|
||||
|
||||
### Setup nameservers
|
||||
|
||||
The terraform output (run `terraform output` in the environment folder to show
|
||||
|
@ -325,15 +316,6 @@ oAuth:
|
|||
|
||||
Redeploy Nomulus for the change to take effect.
|
||||
|
||||
The project that hosts Nomulus also needs to add this service account as a
|
||||
project viewer so that OAuth protected endpoints like `/_dr/epp` and
|
||||
`/_dr/whois` can be accessed by the proxy:
|
||||
|
||||
```bash
|
||||
$ gcloud projects add-iam-policy-binding <project-id> \
|
||||
--member serviceAccount:<service-account-email> --role roles/viewer
|
||||
```
|
||||
|
||||
Also bind the "Logs Writer" and role to the proxy service account so that it can
|
||||
write logs to [Stackdriver Logging](https://cloud.google.com/logging/).
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue