Replies: 1 comment
-
Yes, that's accurate.
That's true and documented here, although in my experience it rarely takes longer than a few minutes for the Asset Inventory to reflect IAM policy changes. I am not sure if there are any environment-specific factors that might explain why you're experiencing longer delays than others -- but I would be a bit surprised if the delays stayed that long consistently.
That would be quite a change, and there is a reason why JIT Access relies on the Cloud Asset I'm sorry that I don't have any better answers currently... |
Beta Was this translation helpful? Give feedback.
-
Hello,
I'm trying to use JitAccess at the moment and I'm having a problem with the way it works.
Unless I'm mistaken, JitAccess uses Cloud Asset to read permissions and IAM (via security.admin) to write them.
The problem I'm having is that I have a huge latency between the action of adding permissions on IAM (by configuring rights with the constraint "has({}.jitAccessConstraint)") and its read availability on CloudAsset (>48h).
I've opened a ticket with GCP about this latency and they tell me that it's the 'normal' operation of CloudAsset, which updates on a 'best effort' basis, and that it can sometimes take a while to synchronise (= every time for me since I've been doing the tests).
This makes using this tool very complicated (not responsive enough to add/remove temporary permissions).
Is this a problem you're having too? And, if so, do you have any advice to offer?
Is it possible not to use CloudAsset for reading? Maybe directly via IAM to avoid this latency?
Or maybe am I using the tool incorrectly?
Thank you
ps : i'm using 1.3 on cloudrun, i will try to update it to see if it improves this issue .
Beta Was this translation helpful? Give feedback.
All reactions