Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Agentless service account deployment lacks organization permissions #2502

Closed
orouz opened this issue Sep 12, 2024 · 0 comments · Fixed by #2530
Closed

Agentless service account deployment lacks organization permissions #2502

orouz opened this issue Sep 12, 2024 · 0 comments · Fixed by #2530
Assignees
@orouz
Labels
bug Something isn't working Team:Cloud Security Cloud Security team related

Comments

@orouz
Copy link
Collaborator

orouz commented Sep 12, 2024

Describe the bug

in agentless, deploying a service account for CSPM GCP organization-account ends up not fetching resources due to lack of permissions.

To Reproduce

  1. deploy agentless in qa env
  2. deploy CSPM GCP, pick agentless mode
  3. open cloudshell, paste command to deploy the service account
  4. copy the service account JSON and paste in integration installation
  5. go to agent logs, see Permission Denied errors

Expected behavior

  • no permission denied errors

Additional context

  • fix was verified by manually granting the service account email access to the "roles/cloudasset.viewer", "roles/browser" roles on the organization level
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@orouz orouz

Labels
bug Something isn't working Team:Cloud Security Cloud Security team related
Projects
None yet
Milestone
No milestone
1 participant
@orouz