GCP-3125: Support Additional Roles/APIs For Integration QuickStart #98
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tedkahwaji
force-pushed
the
teddy.kahwaji/gcp-3125
branch
from
4096df0 to
6ef4116
Compare
tedkahwaji
requested review from
thekevinhuang
and removed request for
a team
tedkahwaji
force-pushed
the
teddy.kahwaji/gcp-3125
branch
from
6ef4116 to
6a4fcec
Compare
tedkahwaji
force-pushed
the
teddy.kahwaji/gcp-3125
branch
from
6a4fcec to
877e939
Compare
thekevinhuang
approved these changes
Dec 2, 2025
thekevinhuang
left a comment
thekevinhuang
left a comment
There was a problem hiding this comment.
I think this looks good to me. Did want to note that this does put the onus on the downstream product team to supply the correct api/permissions (and the eventual code reviewer to confirm that those do exist).
dtru-ddog
approved these changes
Dec 4, 2025
tedkahwaji
force-pushed
the
teddy.kahwaji/gcp-3125
branch
from
0329774 to
34dc45f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The following change adds support for including additional roles and APIs to the service account created during the integration quick-start flow. This is intended for downstream products that require permissions beyond those needed for the baseline GCP integration. The UI will maintain the mapping of downstream
productID→ required APIs and roles. While this mapping will eventually be retrieved via an API, it is currently hard-coded.I made the decision to send this data during user selection rather than embedding a static mapping in the script. Since the UI already needs this mapping for the Terraform flow, keeping it in one place avoids the need to continually synchronize the script and the UI.
Also when implementing the log forwarding script, the
gcloudcommand was updated to support a builder component that constructs the required arguments for the command. This change updates all usages of thegcloudfunction to use these builders.Testing
Tested by updating the UI locally to provide the necessary product requirements for llm-observability and running the script locally
https://drive.google.com/file/d/1inZM0vt7hVUbk9j8_gixuwnF5kKy9-q4/view?usp=sharing