You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have the same issue. gcp-inspec simply seems to be ignoring this env variable in GitHub workflow.
GOOGLE_IMPERSONATE_SERVICE_ACCOUNT: project-service-account@..**.iam.gserviceaccount.com
Any idea about how to use service account impersonation with gcp inspec resources.
we use service-account impersonation to execute everything through our pipelines but I couldn't find a way to do this with chef-inspec
Describe the problem
I have tried following with a containerized inspec:
function inspec { docker run -it -e GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token --impersonate-service-account=sa-name@.iam.gserviceaccount.com) --rm -v$(pwd):/share 6bf4cff907b6 "$ @"; }
If I pass the same SA's key file in GOOGLE_APPLICATION_CREDENTIALS it works
I do get the warning when I use first command that SA impersonation will be used but get output like below:
WARNING: This command is using service account impersonation. All API calls will be executed as [sa-name@.iam.gserviceaccount.com].
Profile: GCP InSpec Profile (policy-monitor)
Version: 0.1.0
Target: gcp://default
Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 1.8.8
Target: gcp://default
Test Summary: 0 successful, 0 failures, 0 skipped
I am trying to execute tests like below which works if have GOOGLE_APPLICATION_CREDENTIALS :
inspec exec . -t gcp:// --input-file=inputs.yml --chef-license=accept-silent --insecure --no-ssl --self-signed
The text was updated successfully, but these errors were encountered: