From 2bef9844bf99e4cfe6f4dd041ec4774ede9d4af4 Mon Sep 17 00:00:00 2001 From: Eric Liang Date: Thu, 1 Nov 2018 23:23:06 -0700 Subject: [PATCH] Revert "[autoscaler] Also grant roles to worker nodes" (#3199) This reverts commit 55d161b49f4ab2803463c3b003bc392a49e7faa6. --- python/ray/autoscaler/aws/config.py | 1 - python/ray/autoscaler/gcp/config.py | 12 ++++-------- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/python/ray/autoscaler/aws/config.py b/python/ray/autoscaler/aws/config.py index 54c07aa29..249970e8f 100644 --- a/python/ray/autoscaler/aws/config.py +++ b/python/ray/autoscaler/aws/config.py @@ -101,7 +101,6 @@ def _configure_iam_role(config): logger.info("Role not specified for head node, using {}".format( profile.arn)) config["head_node"]["IamInstanceProfile"] = {"Arn": profile.arn} - config["worker_nodes"]["IamInstanceProfile"] = {"Arn": profile.arn} return config diff --git a/python/ray/autoscaler/gcp/config.py b/python/ray/autoscaler/gcp/config.py index a651c3983..d6ae2edeb 100644 --- a/python/ray/autoscaler/gcp/config.py +++ b/python/ray/autoscaler/gcp/config.py @@ -168,16 +168,12 @@ def _configure_iam_role(config): _add_iam_policy_binding(service_account, DEFAULT_SERVICE_ACCOUNT_ROLES) - # NOTE: The amount of access is determined by the scope + IAM - # role of the service account. Even if the cloud-platform scope - # gives (scope) access to the whole cloud-platform, the service - # account is limited by the IAM rights specified below. config["head_node"]["serviceAccounts"] = [{ "email": service_account["email"], - "scopes": ["https://www.googleapis.com/auth/cloud-platform"] - }] - config["worker_nodes"]["serviceAccounts"] = [{ - "email": service_account["email"], + # NOTE: The amount of access is determined by the scope + IAM + # role of the service account. Even if the cloud-platform scope + # gives (scope) access to the whole cloud-platform, the service + # account is limited by the IAM rights specified below. "scopes": ["https://www.googleapis.com/auth/cloud-platform"] }]