Re: debian.org organisation on GCP [was: Re: Vagrant box CI/CD]
On Fri, Jun 29, 2018 at 04:08:44PM -0400, Jimmy Kaplowitz wrote:
> On Fri, Jun 29, 2018 at 12:47:12PM +0200, Bastian Blank wrote:
> > On Fri, Jun 29, 2018 at 01:26:39AM -0400, Jimmy Kaplowitz wrote:
> > > There are other constraints: You can't create your own organization
> > > without a G Suite account, which can't be free without SPI's 501(c)(3)
> > > nonprofit status or some foreign equivalent.
> > There is the Cloud Identity product, which creates an organization as
> > well. And the last time I looked at it, this worked pretty well.
> I'm glad they seeem to have added this option - DSA and I were already
> planning to use Cloud Identity, but last time I checked, standalone
> Cloud Identity without G Suite couldn't create a GCP organization. This
> is now possible.
> Anyway, Debian doesn't neeed or want most of the proprietary G Suite
> services, so starting debian.org with Cloud Identity (through SPI's G
> Suite or otherwise) makes sense.
I just had an odd conversation with G Suite support, to make sure I
wasn't going to set things up in an irreversible way that we'd regret
later. And indeed, from looking at the G Suite admin console, the truth
seems to be as bizarre as they said:
With SPI's G Suite for Nonprofits account, we can add debian.org as a
secondary domain with the G Suite feature set, and then disable the
individual G Suite services to make it roughly the same as Cloud
Identity. We can also set up a G Suite organizational unit to make this
easy for all new accounts. However our free account type doesn't
actually let us make the more limited Cloud Identity type of account
that lacks official G Suite license.
My guess is that they didn't think to set that up because Cloud Identity
is actually a subset of G Suite, so the only reason to want less would
be ideologies like Debian's. :) We can still achieve a similar result
through the option to disable features, as I noted.
Aside from the paid editions of G Suite, they did say that Cloud
Identity's free edition is only available through Google Cloud Platform
with a billing account enabled. How were you planning to handle billing
for that, if done separately from SPI?
If Google wants to provide a gratis billing account, this could work,
but otherwise we shouldn't be using personal credit cards for this. If
we're at least sometimes paying, we should stick with the G Suite option
that both Debian and SPI can control and keep track of, with any
non-sponsored usage paid by SPI from the funds held for Debian. Projects
which are partially or fully sponsored by Google could have promotional
coupons applied to normal billing accounts, or special gratis billing
accounts could be provided for us to link with those projects.
Last step before I proceed with registering within G Suite is to do a
bit more research on how to differentiate between the two domains in
Google Cloud IAM, even if they share a G Suite account. Currently making
inquiries with people who would know.
- Jimmy Kaplowitz