I wish to make API calls to spinnaker which have IAP authentication enable along with Fiat application level restriction which is based on google groups. Am somehow able to pass IAP auth using gcp service account to get token using OIDC. But than am blocked by fiat application level restriction as it only works for user belonging to particular google group. Any idea on how to make it work.
I think the most straightforward way to do this right now is just adding your service account to the google group. If you are using the IAP gate-config, this should sign your service account in as a Spinnaker user, instead of anonymous.
Is it possible to add gcp service account to a gsuite google group as user? does it not validate the domain?
PS: I don’t know how Gsuite google group works
Yes, I believe you can directly add the service account email to the google group!
Thanks a lot. Let me give it a try.