mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Allow to use emails as service accounts on GCP

Browse source 
Fixes smallstep/step#163
This commit is contained in:
Mariano Cano 2019-06-03 17:28:39 -07:00
parent 0a756ce9d0
commit 4cef086c00
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authority/provisioner/gcp.go
View file

@ -287,7 +287,7 @@ func (p *GCP) authorizeToken(token string) (*gcpPayload, error) {
if len(p.ServiceAccounts) > 0 { if len(p.ServiceAccounts) > 0 {
var found bool var found bool
for _, sa := range p.ServiceAccounts { for _, sa := range p.ServiceAccounts {
if sa == claims.Subject { if sa == claims.Subject || sa == claims.Email {
found = true found = true
break break
} }

1
authority/provisioner/gcp_test.go
View file

@ -213,6 +213,7 @@ func TestGCP_AuthorizeSign(t *testing.T) {
p3, err := generateGCP() p3, err := generateGCP()
assert.FatalError(t, err) assert.FatalError(t, err)
p3.ProjectIDs = []string{"other-project-id"} p3.ProjectIDs = []string{"other-project-id"}
p3.ServiceAccounts = []string{"foo@developer.gserviceaccount.com"}
aKey, err := generateJSONWebKey() aKey, err := generateJSONWebKey()
assert.FatalError(t, err) assert.FatalError(t, err)