Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new Permissions to Orchestrator Service Account #1409

Open
weberjm opened this issue Apr 6, 2022 · 1 comment
Open

Add new Permissions to Orchestrator Service Account #1409

weberjm opened this issue Apr 6, 2022 · 1 comment
Labels
component orchestrator component repository documentation

Comments

@weberjm
Copy link
Member

weberjm commented Apr 6, 2022

With the recent bug fixes by @russojrv allowing the customPermissions to correctly pass from a request through iam-utils to the createToken request, services which use this functionality will now need the iam.token.update permission in order to successfully supplement default permissions with those specifically needed for a token.

Ex: When creating a flow, the Orchestrator needs to add the readRaw permission for secrets so that the flow can properly call external credentials-secured services.

Therefore, the documentation for creating the orchestrator service account should be updated to provide it the iam.token.update permission.
@weberjm
Copy link
Member Author

weberjm commented Apr 6, 2022

This should also be mentioned for the component-repository for any deployments which will use the lookup functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component orchestrator component repository documentation
Milestone
No milestone
Development

No branches or pull requests
1 participant
@weberjm