Skip to content

Unable to provide conditional access to a service account on a project using DM #684

New issue
New issue
Open
Open
Unable to provide conditional access to a service account on a project using DM#684
@sandyydk

Description

@sandyydk
sandyydk
opened on May 6, 2022

I have the following yaml :

resources:
- name: bind-iam-policy-secret-accessor
  type: gcp-types/cloudresourcemanager-v1:virtual.projects.iamMemberBinding
  properties: 
    resource: myprojectA
    role: roles/secretmanager.secretAccessor
    member: "serviceAccount:sandeep@myproject.iam.gserviceaccount.com"

The above works out but the one below with a conditional access fails :

resources:
- name: bind-iam-policy-secret-accessor
  type: gcp-types/cloudresourcemanager-v1:virtual.projects.iamMemberBinding
  properties: 
    resource: myprojectA
    role: roles/secretmanager.secretAccessor
    member: "serviceAccount:sandeep@myproject.iam.gserviceaccount.com"
    condition: "resource.name.extract('/secrets/{name}').startsWith('sandeep-')"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions