On Mon, May 14, 2018 at 09:00:05PM +0200, Emmanuel Kasper wrote: > @list: Do we have some official account for GCE like we have for Amazon > ?
We don't need the same kind of single official account as Amazon has, because GCP works on the notion of projects which is not tied to a single set of credentials. Access and permissions can be managed based on Google accounts for individual users and based on a couple different models for groups of users. Right now there exists a Google-paid "debian-cloud-experiments" project with a small quota, meant for Debian project contributors to try experiments related to supporting Debian in GCE, such as building cloud images. Our Google contacts have historically been willing to manually manage access for people doing this work, though see below about a better long-term solution for later in 2018 or 2019. The Debian images which Google currently builds and publishes are in a Google-paid "debian-cloud" project, which Google's tooling makes easy for users to find. Once Debian is building its own GCE images, I expect Google will be willing to work with us to publish them in a visible way, at least on par with other images built by prominent community distros, maybe more than that if they end up meeting enough GCE product needs. I defer to Zach for any corrections or additions, since I haven't worked at Google since 2015. Work is underway such that, some time later this year or next, Debian itself will be able to provision Google accounts for our GCP work through the Google Cloud Identity system and to take ownership of its GCP projects as an organization. SPI is assisting DSA and the cloud team with this due to its eligibility for G Suite for Nonprofits, which in turn allows Debian to use Cloud Identity with debian.org. DSA will start out with a manual process but may automate it later. To be clear: none of this requires Debian to migrate its primary accounts system to Google and no such migation is planned. Current thinking is that we won't be enabling the broader G Suite feature set for debian.org Google accounts either, since that's proprietary SaaS. Cloud Identity is just identity-as-a-service. Cloud Identity can tie in nicely to whatever permissions management and auditing is desired for the various Debian-linked GCP projects and resources. It would also help with billing of paid GCP usage and/or tracking of sponsored GCP credit. - Jimmy Kaplowitz [email protected]
