How to apply conditional permissions for GCP Cloud Build
I have 5 gcp clouldbuild triggers. I want to add user that who can edit specific trigger.
From, IAM, i added user and granted cloud build editor role and from IAM condition, I added conditions as seen in attached. However, user can still can not edit specified trigger. (p.s. without condition, user can edit all triggers).
- I have trigger name in
projects/{PROJECT_ID}/locations/{LOCATION}/triggers/{TRIGGER_ID}syntax. Since my triggers are global, I replace {LOCATION} with global.
As per this official document of IAM cloud build has permissions for overall build not for triggers. It means we have permission for build-level not for trigger level. Cloud Build Editor has Full control of Cloud Build resources that is the reason you are getting full access or no access, I have tried to reproduce the same scenario but am facing the same issues.
My suggestion is to have separate dev, UAT, and PROD projects and so that you can provide the permissions as per your requirement.
I have checked for feature requests or bugs on it but it seems any issues are not created till now so if you are not satisfied you can create a new Issue tracker thread describing your issue. If you are using paid support you can create an issue.
- pg.Pool is not a constructor
- Could not load the default credentials? (Node.js Google Compute Engine tutorial)
- How to apply conditional permissions for GCP Cloud Build
- Downloading a public file from Google Cloud to Google colaboratory
- Why is Firestore not mapping a field of type private?
- Alternatives for using PNPM in a cloudbuild CI pipeline
- What is the ackDeadline property on Subscription and ackDeadline on Subscriber in GCP Pub/Sub?
- What's the difference between BigQuery and Bigtable?
- The program does not recognize the function oneTapClient.beginSignIn()
- Hiding my API key from being accessed directly
- Issue when trying to register an app for consent screen in google oauth
- Extracting JSON with nested `$` keys
- Cannot deploy public api on Cloud Run using Terraform
- Running aGoogle Workspace Add - ons over local HTTP endpoint
- Creating first admin in SFTPGo using VM instance startup script?
- How can I delete all my payment methods in Google Cloud without providing another primary payment method?
- Google Cloud CLI upgrade shows SyntaxWarning: invalid escape sequence
- Is it GCP really free after the free-trial period?
- Service Account key showing up in CLI but not in GCP Console
- How to upload token.pickle to Google cloud run function via .zip file?
- Terraform big query data transfer Error: Missing parameter: connector.endpoint.host. Config name
- Comparison of loading from different file formats in BigQuery
- Skaffold error using VSCode and Google Cloud SDK on Windows 11
- How do you sign a HIPAA BAA for Google Cloud platform?
- (Terraform, GCP) Error 403: Permission denied to list services for consumer container [projects/335478934851]
- Update Strategy When Using Auto Scaling with MIG on GCP
- ALS (Alternating Least Square) algorithm in multiple rankings for a user
- Unable to setup GKE workload identity invalid argument
- 403 iam.serviceAccounts.actAs permission error trying to attach a service account to a resource in another project
- Beam Dataflow Reshuffle Failing