Merge pull request #41 from gitpod-io/nan/agent-storage-iam-comment

nandajavarma · web-flow · commit 27caf9ecd3e5 · 2026-05-12T15:46:15.000+02:00
docs: explain why agent_storage needs objectAdmin
diff --git a/iam.tf b/iam.tf
@@ -318,6 +318,8 @@ resource "google_storage_bucket_iam_member" "runner_runner_assets_access" {
 }
 
 # GCS access for agent storage bucket (runner VMs)
+# objectAdmin is required because the runner deletes conversation, blob, and
+# result objects during agent execution cleanup (objectUser lacks delete).
 resource "google_storage_bucket_iam_member" "runner_agent_storage_access" {
   count = var.enable_agents ? 1 : 0
 

Original file line number	Diff line number	Diff line change
`@@ -318,6 +318,8 @@ resource "google_storage_bucket_iam_member" "runner_runner_assets_access" {`
`318`	`318`	`}`
`319`	`319`
`320`	`320`	`# GCS access for agent storage bucket (runner VMs)`
	`321`	`+# objectAdmin is required because the runner deletes conversation, blob, and`
	`322`	`+# result objects during agent execution cleanup (objectUser lacks delete).`
`321`	`323`	`resource "google_storage_bucket_iam_member" "runner_agent_storage_access" {`
`322`	`324`	`count = var.enable_agents ? 1 : 0`
`323`	`325`