cloud: Stop giving BigQuery access to submitters

Now that our BigQuery dataset is so large (and not partitioned), and costs a lot to query, stop giving submitters permissions for accessing it. We'll have to think of something else. E.g. giving access to PostgreSQL.
kernelci · Sep 22, 2023 · 0b50681 · 0b50681
1 parent 04710f3
commit 0b50681
Showing 1 changed file with 0 additions and 10 deletions.
diff --git a/cloud b/cloud
@@ -1659,16 +1659,6 @@ function submitter_deploy() {
 
     member="serviceAccount:$submitter@$project.iam.gserviceaccount.com"
 
-    role="roles/bigquery.dataViewer"
-    mute gcloud projects add-iam-policy-binding "$project" \
-                                                --quiet \
-                                                --member "$member" \
-                                                --role "$role"
-    role="roles/bigquery.jobUser"
-    mute gcloud projects add-iam-policy-binding "$project" \
-                                                --quiet \
-                                                --member "$member" \
-                                                --role "$role"
     role="roles/pubsub.publisher"
     mute gcloud pubsub topics add-iam-policy-binding --project="$project" \
                                                      "$new_topic" \