Service Account
Steps to Create Service Accounts for Spinnaker
Overview
To automatically trigger pipelines and to modify the resources in accounts or applications, Fiat Service Accounts are used. This means that a GIT commit could trigger a Jenkins build that could kick off a pipeline to deploy the newly built image in your access-controlled QA environment.
Steps to Create Service Accounts
Service accounts are persistent and configuration merely consists of giving it a name and a set of roles. Therefore, Front50 is the most logical place to configure a service account. There is no UI for creating service accounts at the moment.
The roles you give this service account determine who has access to use it. In order to prevent a privilege escalation vulnerability, only users with every role the service account has may use it.
Ensure to Update when Halyard Support Service Accounts. Till then, execute the below
Newly created Service account can be seen,
To pick up the changes made, its mandate to sync Fiat
Ensure to provide all the necessary permissions for the newly created service account
How to use Service Accounts
Now that Fiat is enabled, user should be able to see “Run As User” option in the Trigger configuration. This list contains all the service accounts currently can be accessed
Upon saving the pipeline, two authorization checks will occur:
Does the user have access to this service account?
Does the service account have access to this application?
At pipeline runtime, standard authorization checks against the account and application occur just as if it were a human user.
Last updated