Allow to use emails as service accounts on GCP
Fixes smallstep/step#163
This commit is contained in:
parent
0a756ce9d0
commit
4cef086c00
2 changed files with 2 additions and 1 deletions
|
@ -287,7 +287,7 @@ func (p *GCP) authorizeToken(token string) (*gcpPayload, error) {
|
|||
if len(p.ServiceAccounts) > 0 {
|
||||
var found bool
|
||||
for _, sa := range p.ServiceAccounts {
|
||||
if sa == claims.Subject {
|
||||
if sa == claims.Subject || sa == claims.Email {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
|
|
|
@ -213,6 +213,7 @@ func TestGCP_AuthorizeSign(t *testing.T) {
|
|||
p3, err := generateGCP()
|
||||
assert.FatalError(t, err)
|
||||
p3.ProjectIDs = []string{"other-project-id"}
|
||||
p3.ServiceAccounts = []string{"foo@developer.gserviceaccount.com"}
|
||||
|
||||
aKey, err := generateJSONWebKey()
|
||||
assert.FatalError(t, err)
|
||||
|
|
Loading…
Reference in a new issue