Should delegates run in the same GCP project as the resources connectors try to use?
Let’s say you have a usecase where a GCP project with Google Secret Manager (GSM) is installed and a service account with roles/secretmanager.admin IAM role assigned, but that GCP project has no delegates running. Delegates are running a different project called project B then you will be thinking Should delegates run in the same GCP project as the resources connectors try to USE?
-
The GSM connector setup wizard only asks for the service account key file and the delegates to connect but does not ask for the target GCP project to host the GSM secrets.
-
The scope of the GCP Secret Manager will be the Project, Org or Account where it’s being created. The secret manager designed for Project 1 will not be visible in Project 2.
-
Hence we do not ask target Project as it’s the current scope where it’s being created.
-
GCP project info is part of the key file. That acts as authentication to connect to GCP Secret Manager.
-
The requirement for the delegate is that it should have access/connectivity to the project where the GSM is present.
-
You can find more information on how to add a Google Cloud Secret Manager to harness here in our documentation: Add a Google Cloud Secret Manager | Harness Developer Hub