gcp_scanner icon indicating copy to clipboard operation
gcp_scanner copied to clipboard
verified publisher icon google

Unit test for impersonation

Open mshudrak opened this issue 3 years ago • 3 comments

We currently do not cover SA impersonation with unit tests.

mshudrak avatar Jul 18 '22 17:07 mshudrak

Hi @mshudrak , Could you guide me on this topic ? Could you explanation little bit more on this ?

ggold7046 avatar Feb 25 '23 13:02 ggold7046

hi @mshudrak , Can you elloborate please?

ghost avatar Feb 27 '23 20:02 ghost

Sorry for the long response. Well, this is not a simple issue. As you can see I removed "good first issue" tag on Jan 18 since it requires editor access on test-gcp-project. However, if you really want to play with it you can setup your own GCP project. What we basically need is to setup GCP service account that can impersonate other accounts and write unit test for that.

More info: https://cloud.google.com/iam/docs/impersonating-service-accounts, https://medium.com/@tanujbolisetty/gcp-impersonate-service-accounts-36eaa247f87c Corresponding code: https://github.com/google/gcp_scanner/blob/main/src/gcp_scanner/credsdb.py#L294

mshudrak avatar Feb 28 '23 14:02 mshudrak