Remove the dependency on the `storage.bucket.get` permissions
Description
At the moment, geddit
requires the GCP user to have the storage.bucket.get
permission. This is not required for getting the contents of an object and also isn't a permission of the predefined role roles/storage.objectViewer
.
Remove the dependency of geddit
on the storage.bucket.get
.
Further details
Came across the permissions issue when trying to solve https://gitlab.developers.cam.ac.uk/uis/devops/gcp-deploy-boilerplate/-/issues/55.
Acceptance criteria
-
geddit
GCP fetcher no longer requiresstorage.bucket.get
.
Links/references
https://cloud.google.com/storage/docs/access-control/iam-roles#standard-roles