You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I am using the following code to perform integration testing in GCP project.
describe google_project_service(project: 'chef-gcp-inspec', name: 'aiplatform.googleapis.com') do
it { should exist }
its('state') { should cmp "ENABLED" }
end
This code is working fine with the service account with the its key. However, when I use the same code for impersonate service account. It was failed with the error:
Profile: GCP InSpec Profile (inspec-image)
Version: 0.1.0
Target: gcp://SA1
× google-project-service-1.0: Ensure that the Vertex API has been enabled correctly
× Control Source Code Error ./controls/vertexai_dataset.rb:64
Bad response: #Net::HTTPForbidden:0x0000000008e0d460
The GCP IAM ENV is setting as follow:
SA1 has a key
SA2 is impersonating from SA1
I tried to look around for the resolve but no luck.
Please let me know if I am missing something.
Thanks
The text was updated successfully, but these errors were encountered:
It may help if you provide some more information about how you are instructing InSpec to impersonate the service account. InSpec just leverages https://github.com/googleapis/google-auth-library-ruby to handle authentication with Google Cloud, so if that library doesn't support it then by extension InSpec wouldn't do it out of the box. This also seems very relevant: googleapis/google-auth-library-ruby#353
Thanks @rbclark for your information. Yes, I tried to use the google-auth-library-ruby to handle authentication before I raised the issue.
Yes, it is related to the issue #353
Hi,
I am using the following code to perform integration testing in GCP project.
describe google_project_service(project: 'chef-gcp-inspec', name: 'aiplatform.googleapis.com') do
it { should exist }
its('state') { should cmp "ENABLED" }
end
This code is working fine with the service account with the its key. However, when I use the same code for impersonate service account. It was failed with the error:
Profile: GCP InSpec Profile (inspec-image)
Version: 0.1.0
Target: gcp://SA1
× google-project-service-1.0: Ensure that the Vertex API has been enabled correctly
× Control Source Code Error ./controls/vertexai_dataset.rb:64
Bad response: #Net::HTTPForbidden:0x0000000008e0d460
The GCP IAM ENV is setting as follow:
I tried to look around for the resolve but no luck.
Please let me know if I am missing something.
Thanks
The text was updated successfully, but these errors were encountered: