Closed priyanshukumar397 closed 1 month ago
WunderGraph commits fully to Open Source and we want to make sure that we can help you as fast as possible. The roadmap is driven by our customers and we have to prioritize issues that are important to them. You can influence the priority by becoming a customer. Please contact us here.
Hi @priyanshukumar397,
thanks for opening an issue,
this is necessary for cloud run to work properly in this scenario and no security concern.
It follows the official docs, please have a look at https://cloud.google.com/run/docs/configuring/services/service-identity
Ok thanks for pointing out :)
Component(s)
router
Component version
latest
wgc version
latest
controlplane version
latest
router version
latest
What happened?
Detailed paths
Introduced through: resource › google_project_iam_member[cosmo-service-account-permissions]
https://github.com/cosmo/blob/main/infrastructure/router/modules/google-cloudrun/iam.tf
This issue is...
IAM user has Service Account User or Service Account Token Creator role assigned at project level The impact of this is...
Users can impersonate service accounts and abuse the elevated permissions You can resolve it by...
Remove roles/iam.serviceAccountUser and roles/iam.serviceAccountTokenCreator from project level bindings
Environment information
No response
Router configuration
No response
Router execution config
No response
Log output
No response
Additional context
No response