fix(DOC-2058): clarify GCP IAM permissions are for agent, not Terraform bootstrap

[mfernest]

Summary

• Updates the note on the GCP IAM policies page to clarify that the listed permissions belong to the Redpanda agent service account, not to the GCP user account or Terraform service account
• Addresses confusion: the original text implied these were permissions needed to create BYOC clusters (e.g., via Terraform bootstrap), when they are actually permissions granted to the deployed agent

Test plan

• Verify Netlify deploy preview renders the updated note correctly on the GCP IAM policies page

Fixes DOC-2058

Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 41d1c003-081c-4ae7-832c-dc84a5eaf167

📥 Commits

Reviewing files that changed from the base of the PR and between e5d47a4 and 2ad6fab.

📒 Files selected for processing (1)

• modules/security/partials/iam-policies.adoc

---

📝 Walkthrough

Walkthrough

This pull request updates the GCP BYOC documentation to clarify IAM permissions. The change specifies that the described IAM permissions are those used by the Redpanda agent service account to manage BYOC resources, distinguishing them from the permissions a user's GCP account needs for the initial Terraform bootstrap. A link reference is also updated from plural to singular form.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• DOC-1967: Clarify that Redpanda manages Kubernetes infrastructure in … #527: Modifies BYOC documentation with clarifications about IAM permissions and the Redpanda agent's role in resource management.

Suggested reviewers

• kbatuigas
• razalkind
• micheleRP

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description covers the main changes and reasoning, but is missing the required template sections like 'Page previews' and 'Checks' from the repository template.	Add 'Page previews' section with Netlify preview link and complete the 'Checks' section by marking the appropriate checkbox(es) to match the repository's PR description template.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: clarifying that GCP IAM permissions apply to the agent service account, not Terraform bootstrap.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/doc-2058-gcp-iam-bootstrap-misleading

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	2ad6fab
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/69b9ae20ac8e200008324b47
😎 Deploy Preview	https://deploy-preview-531--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[matteogaraventa]

Thanks for the update @mfernest .

The new docs version makes it clear that such docs page doesn't cover the initial Terraform bootstrap use-case, however this is precisely what customer's pain point is which prompted him to raise two Zendesk tickets.

So is there a plan to create dedicated documentation for the needed permissions for the initial Terraform bootstrap use-case?

Thanks a lot.

CC: @gavinheavyside @jason-da-redpanda