Managed Services infrastructure

Infrastructure access

For MSP service environments other than category: test, access needs to be requested through Entitle. Test environments are placed in the “Engineering Projects” GCP folder, which should have access granted to engineers by default.

Entitle access to a production MSP project is generally provisioned through the mspServiceReader and mspServiceEditor custom GCP roles, which provide read-only and editing access respectively. Convenience links for requesting these roles are available in the per-service operation pages above, based on each environment.

You can also choose to request access to an individual project in Entitle by following these steps:

• Go to app.entitle.io/request and select Specific Permission
• Fill out the following:
  • Integration: GCP Production Projects
  • Resource types: Project
  • Resource: name of MSP project you are interested in
  • Role: mspServiceReader (or mspServiceEditor if you need additional privileges - use with care!)
  • Duration: choose your own adventure!

The custom roles used for MSP infrastructure access are configured in sourcegraph/infrastructure.

Terraform Cloud access

Terraform Cloud (TFC) workspaces for MSP can be found using the msp workspace tag.

To gain access to MSP project TFC workspaces, log in to Terraform Cloud and then request membership to the Managed Services Platform Operators TFC team via Entitle. This TFC team has access to all MSP workspaces, and is configured here.

Note that you must log in to Terraform Cloud before making your Entitle request. If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud’s SSO implementation.

For more details, also see creating and configuring services.