Lucidity Assessment
The Lucidity Assessment tool is designed to retrieve essential VM metadata and disk-level storage metrics. This includes details such as the number of VMs, attached managed disk information, and mount point specifics. The Assessment process may temporarily utilize GCP's native services, such as OS Config and Cloud Monitoring, to collect the necessary data.
The permissions listed below are crucial for the Assessment tool to perform operations like collecting storage metrics. These permissions are only required during the metric collection phase and are temporary. Once the Assessment is complete, Lucidity will remove any configurations it introduced and will not retain them in your GCP environment.
For the Lucidity Assessment, we would need the following permissions:
# | Permission Name | Description |
|---|---|---|
1 | serviceusage.services.list | To list all the services present in that project. Lucidity checks if osconfig service is present in the list or not and enables it, if it is disabled. |
2 | compute.disks.list | To get disk IDs of all the disks present in that project. |
3 | compute.instances.get | To get Information of each Instance, which will help Lucidity get the instance type to identify the number of disk slots available for that particular instance. |
4 | compute.instances.list | To get the instance IDs of all the instances present in that specific project. |
5 | serviceusage.services.enable | osconfig.googleapis.com - To enable this service, because the Ops agent uses this service to get the utilization metrics. |
6 | serviceusage.services.disable | osconfig.googleapis.com - To disable this service if Lucidity Assessment has enabled it. |
7 | compute.instances.update | After adding metadata, label. update call should be made to sync the properties. |
8 | resourcemanager.folders.list | To identify project hierarchy and organizational structure |
9 | compute.zones.list | To get all the supported zones in that project. |
10 | monitoring.timeSeries.list | To retrieve Ops Agent metrics, including mount point metrics, Lucidity typically fetches utilization data from the last 10 minutes and stores it. |
11 | osconfig.osPolicyAssignments.create | To create an OS policy that includes details on Ops Agent installation, enabling support for Lucidity Assessment metrics collection. |
12 | osconfig.osPolicyAssignments.delete | To delete the OS policy created for Lucidity Assessment once the Assessment is complete. |
13 | osconfig.osPolicyAssignments.get | To get the details of the created OS policy and check its status. |
14 | osconfig.osPolicyAssignments.list | To list all OS policies in the project and verify if Lucidity's policy has already been created. |
15 | resourcemanager.projects.list | To get all the projects in that organisation. |
16 | osconfig.osPolicyAssignments.update | To update the OS policy after Lucidity Assessment, modifying it to uninstall the Ops Agent. We ideally wait 10 minutes for the uninstallation to complete. |
17 | osconfig.osPolicyAssignmentReports.list | To get compliance reports showing whether a VM instance complies with the assigned OS policies. |
18 | resourcemanager.projects.get | To get project details such as project ID and organization ID to include it in the Assessment report. |