Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error setting up authorization using G Suite #2504

Closed
wheleph opened this issue Mar 5, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@wheleph
Copy link

commented Mar 5, 2018

Cloud Provider

GCP, Kubernetes

Environment

I am running Spinnaker on GKE to deploy into GKE.

Feature Area

Authrorization

Description

I’m setting up authorization in Spinnaker against G Suite according to these guides: https://www.spinnaker.io/setup/security/authorization/google-groups, https://www.spinnaker.io/setup/security/authorization but getting this error in the logs of Fiat:

Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Not Authorized to access this resource/api",
    "reason" : "forbidden"
  } ],
  "message" : "Not Authorized to access this resource/api"
}

The service account configured in Fiat does have Domain wide Delegation and has admin.directory.group.readonly assigned:

image-2018-03-02-09-57-09-386
image-2018-03-02-10-03-01-340

Steps to Reproduce

https://www.spinnaker.io/setup/security/authorization/google-groups/

Additional Details

The issues is also mentioned here: https://community.spinnaker.io/t/error-setting-up-authorization-using-g-suite/213

@wheleph

This comment has been minimized.

Copy link
Author

commented Apr 19, 2018

It turned out that I didn't configure authorization correctly. I put spinnaker-fiat@bolcom-pro-spinnaker-f28.iam.gserviceaccount.com as admin username which was incorrect. After changed it to be a username of G Suite Admin console user it started working.

More details in the thread: https://community.spinnaker.io/t/error-setting-up-authorization-using-g-suite-solved/213

@wheleph wheleph closed this Apr 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.