Policy: GCP > Kubernetes Engine > Permissions > Levels

Define the permissions levels that can be used to grant access to Kubernetes Engine an GCP project. Permissions levels defined will appear in the UI to assign access to Guardrails users.

Note: Some services do not use all permissions levels, and any permissions level that has no permissions associated will not be created even if it is selected here.

Resource Types

This policy targets the following resource types:

GCP > Project

Primary Policy

This policy is used with the following primary policy:

GCP > Kubernetes Engine > Permissions

Modifiers

Policy Specification

Schema Type	`array`
Default template	`{% if $.availableLevels.items[0].value \| length == 0 %} [] {% endif %}{% for item in $.availableLevels.items[0].value %}- {{ item }} {% endfor %}`
Default template input	`- \| { item: project { turbot{ id } } } - \| { availableLevels: policyValues(filter:"policyTypeLevel:self resourceId:{{ $.item.turbot.id }} policyTypeId:'tmod:@turbot/gcp-iam#/policy/types/permissionsLevelsDefault'") { items { value } } }`

Schema Type

array

Default template

{% if $.availableLevels.items[0].value | length == 0 %} [] {% endif %}{% for item in $.availableLevels.items[0].value %}- {{ item }}
{% endfor %}

Default template input

- |
  {
    item: project {
      turbot{
        id
      }
    }
  }
- |
  {
    availableLevels: policyValues(filter:"policyTypeLevel:self resourceId:{{ $.item.turbot.id }} policyTypeId:'tmod:@turbot/gcp-iam#/policy/types/permissionsLevelsDefault'") {
      items {
        value
      }
    }
  }

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/iamPermissions

Policy Type URI

tmod:@turbot/gcp-kubernetesengine#/policy/types/kubernetesEnginePermissionsLevels

GraphQL

query policyType(id: "tmod:@turbot/gcp-kubernetesengine#/policy/types/kubernetesEnginePermissionsLevels") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-kubernetesengine#/policy/types/kubernetesEnginePermissionsLevels'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-kubernetesengine#/policy/types/kubernetesEnginePermissionsLevels'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-kubernetesengine#/policy/types/kubernetesEnginePermissionsLevels"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-kubernetesengine#/policy/types/kubernetesEnginePermissionsLevels"