Merge pull request #173 from jweite-amazon/least-priv-docs

Added least privilege role description to docs (book).

Author: jweite-amazon

docs/book/src/SUMMARY.md

@@ -9,6 +9,7 @@
     - [Custom Images](topics/custom-images.md)
     - [SSH Access To Nodes](topics/ssh-access.md)
     - [Unstacked etcd](topics/unstacked-etcd.md)
+    - [CloudStack Permissions](topics/cloudstack-permissions.md)
 - [Developer Guide](development/index.md)
     - [Development With Tilt](development/tilt.md)
     - [Building CAPC](development/building.md)

docs/book/src/topics/cloudstack-permissions.md

@@ -0,0 +1,42 @@
+# CloudStack Permissions for CAPC
+
+The account that CAPC runs under must minimally be a Domain Admin type account with a role offering the following permissions
+
+* assignToLoadBalancerRule
+* associateIpAddress
+* createAffinityGroup
+* createEgressFirewallRule
+* createLoadBalancerRule
+* createNetwork
+* createTags
+* deleteAffinityGroup
+* deleteNetwork
+* deleteTags
+* deployVirtualMachine
+* destroyVirtualMachine
+* disassociateIpAddress
+* getUserKeys
+* listAccounts
+* listAffinityGroups
+* listDiskOfferings
+* listDomains
+* listLoadBalancerRuleInstances
+* listLoadBalancerRules
+* listNetworkOfferings
+* listNetworks
+* listPublicIpAddresses
+* listServiceOfferings
+* listSSHKeyPairs
+* listTags
+* listTemplates
+* listUsers
+* listVirtualMachines
+* listVirtualMachinesMetrics
+* listVolumes
+* listZones
+* queryAsyncJobResult
+* startVirtualMachine
+* stopVirtualMachine
+* updateVMAffinityGroup
+
+This permission set has been verified to successfully run the CAPC E2E test suite (Oct 11, 2022).

docs/book/src/topics/index.md

@@ -5,6 +5,7 @@
 - [Custom Images](custom-images.md)
 - [SSH Access To Nodes](ssh-access.md)
 - [Unstacked etcd](unstacked-etcd.md)
+- [CloudStack Permissions](cloudstack-permissions.md)
 
 
 ## TODO :