You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The document points out that it needs userinfo-email scope so that the RoleBinding (and/or ClusterRoleBinding) can use the service account email instead of a numeric string of service account ID for its definition)
This feature request is to add the userinfo-email scope to the scopes of VM service account when provisioning Jenkins agent.
The userinfo-email scope is a read-only scope top get primary Google Account email address so it should be safe to add to this plugin.
What feature do you want to see added?
I'm using GCE plugin to provision Jenkins agents and trying to configure RBAC for them against my GKE cluster following docs on https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control.
The document points out that it needs
userinfo-emailscope so that the RoleBinding (and/or ClusterRoleBinding) can use the service account email instead of a numeric string of service account ID for its definition)This feature request is to add the
userinfo-emailscope to the scopes of VM service account when provisioning Jenkins agent.The
userinfo-emailscope is a read-only scope top get primary Google Account email address so it should be safe to add to this plugin.Scope URL:
https://www.googleapis.com/auth/userinfo.emailGKE docs: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#forbidden_error_for_service_accounts_on_vm_instances
Upstream changes
No response
Are you interested in contributing this feature?
I'm happy to make this change.
The text was updated successfully, but these errors were encountered: