Hi, we are using Bitbucket Pipelines for our CI/CD engine, and it works great with Google App Engine. However, there appears to be one significant security flaw with GCP.
We need to permission a service account to deploy our application and the only permission that appears to work is Project Owner. The keys are secured, but if, somehow, someone were to gain access to this service account, they could delete our entire project, which also includes our database and a few other mission critical resources. It would be much safer if we could deploy our application with granular permissions like GAE Deployer and GCS Admin, which we have tried to use unsuccessfully. We also tried to create a custom App Engine role, which granted all permissions, but the permissions still failed us. Does anyone have any suggestions? Thanks, Mike -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/fe9ad4dd-ce58-4eb8-b500-2d35674c6c74%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
