Feature Request P2
Status Update
No update yet.
Comments
pa...@gmail.com
Hello,
Thanks for reaching out to us!
The Product Engineering Team has been made aware of your feature request, and will address it in due course. Though we can't provide an ETA on feature requests nor guarantee their implementation, rest assured that your feedback is always taken very seriously, as it allows us to improve our products. Thank you for your trust and continued support to improve Google Cloud Platform products.
In case you want to report a new issue, please do not hesitate to create a new [Issue Tracker]
Thanks and Regards,
Onkar Mhetre
Google Cloud Support
da...@rewe-digital.com
Specifically, this happened to us. We have a GKE cluster with two similarly-sized node pools. One has E2 nodes and the other has C2D nodes. We wanted to temporarily double the size of our E2 nodepool and checked the quotas page first. The only quota in the entire GCP project that was above 20% was "CPUs" at 55%. We reasoned that since only half of our machines were in the nodepool we wanted to double, this would only raise us to around 80-85% of quota, which seemed safe for a temporary change. We were surprised to see our scale-up fail due to quota. (And then we clumsily tried to quickly scale down to get below quota using direct GCE ASG scaling rather than GKE autoscaler, which ended up deleting a bunch of our more active machines instead of the empty ones — perhaps user error, but a bigger impact than we had expected for what we thought was going to be a simple "scale up fast, let it scale down slowly once our temporary need was over".)
Had the human-readable label in the UI said "E2 and N1 CPUs" instead of "CPUs" we would not have made that mistake: we would have tried for a smaller scale-up or requested more quota first.
I assume that the "internal"/computer-readable name `CPUS` is unlikely to change for compatibility reasons, but hopefully the UI display name is less hardcoded?
Had the human-readable label in the UI said "E2 and N1 CPUs" instead of "CPUs" we would not have made that mistake: we would have tried for a smaller scale-up or requested more quota first.
I assume that the "internal"/computer-readable name `CPUS` is unlikely to change for compatibility reasons, but hopefully the UI display name is less hardcoded?
pa...@rewe-digital.com
As requested by Matthias Herterich during our weekly Google call I describe our use case a bit deeper:
We want to use the new Hashicorp Vault JWT Plugin (https://www.vaultproject.io/docs/auth/jwt.html ) to authenticate Google accounts wich works fine so far. In addition to that we want to use Google groups for authorization. To do so we can use a group claim but this is currently not supported by Googles OAuth2 implementation.
To work around this issue we have to sync user<->group mappings between Google and vault using its API.
Using this feature it is not necessary to build sync jobs like this. This may also be useable for products other than vault where someone would like to do authorization based on Google groups (grafana, kubernetes RBAC.....).
We want to use the new Hashicorp Vault JWT Plugin (
To work around this issue we have to sync user<->group mappings between Google and vault using its API.
Using this feature it is not necessary to build sync jobs like this. This may also be useable for products other than vault where someone would like to do authorization based on Google groups (grafana, kubernetes RBAC.....).
Description
What you would like to accomplish:
- I would like to use Google Groups to authenticate via oAuth 2.0
If applicable, reasons why alternative solutions are not sufficient:
- This feature would be really handy to assign various permissions based on Google Groups