From d596f8a872011931192b8c16fd4e547675ffa89f Mon Sep 17 00:00:00 2001
From: Luke Alexander <luke.alexander@mixcloud.com>
Date: Tue, 16 Apr 2019 10:19:09 +0100
Subject: [PATCH 1/2] add more details about GCS policies and testing

---
 docs/storage.md | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/docs/storage.md b/docs/storage.md
index 93845a4985..a111d7c903 100644
--- a/docs/storage.md
+++ b/docs/storage.md
@@ -208,14 +208,28 @@ config:
 
 ### GCS Policies
 
+__Note:__ GCS Policies should be applied at the project level, not at the bucket level
+
 For deployment:
 
-`Storage Object Creator` and ` Storage Object Viewer`
+`Storage Object Creator` and `Storage Object Viewer`
 
 For testing:
 
 `Storage Object Admin` for ability to create and delete temporary buckets.
 
+To test the policy is working as expected, exec into the sidecar container, eg:
+
+```sh
+kubectl exec -it -n monitoring prometheus-prometheus-operator-prometheus-0 -c thanos-sidecar -- /bin/sh
+```
+
+Then test that you can at least list objects in the bucket, eg:
+
+```sh
+thanos bucket ls --objstore.config="${OBJSTORE_CONFIG}"
+```
+
 ## Azure Configuration
 
 To use Azure Storage as Thanos object store, you need to precreate storage account from Azure portal or using Azure CLI. Follow the instructions from Azure Storage Documentation: [https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account](https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account?tabs=portal)

From 0961a24d748dadd46f216f163a2468b4ceebbca0 Mon Sep 17 00:00:00 2001
From: Luke Alexander <luke.alexander@mixcloud.com>
Date: Tue, 16 Apr 2019 13:20:33 +0100
Subject: [PATCH 2/2] remove fixed names from exec command

---
 docs/storage.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/storage.md b/docs/storage.md
index a111d7c903..03dcfb3772 100644
--- a/docs/storage.md
+++ b/docs/storage.md
@@ -221,7 +221,7 @@ For testing:
 To test the policy is working as expected, exec into the sidecar container, eg:
 
 ```sh
-kubectl exec -it -n monitoring prometheus-prometheus-operator-prometheus-0 -c thanos-sidecar -- /bin/sh
+kubectl exec -it -n <namespace> <prometheus with sidecar pod name> -c <sidecar container name> -- /bin/sh
 ```
 
 Then test that you can at least list objects in the bucket, eg: