Reduced OAuth scope to read_write

7e3c9fcc · Konstantin Chukhlomin · bergquist · fcdf2820 · 7e3c9fcc · 7e3c9fcc
Commit 7e3c9fcc authored Aug 07, 2017 by Konstantin Chukhlomin Committed by bergquist Sep 15, 2017
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletions

docs/sources/installation/configuration.md
+2 -0

pkg/components/imguploader/gcsuploader.go
+1 -1

pkg/components/imguploader/gcsuploader_test.go
+0 -0

No files found.
--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@@ -683,6 +683,8 @@ basic auth password
 Path to JSON key file associated with a Google service account to authenticate and authorize.
 Service Account keys can be created and downloaded from https://console.developers.google.com/permissions/serviceaccounts.
+Service Account should have "Storage Object Writer" role.
 ### bucket name
 Bucket Name on Google Cloud Storage. 

--- a/pkg/components/imguploader/gcpuploader.go
+++ b/pkg/components/imguploader/gcpuploader.go
@@ -39,7 +39,7 @@ func (u *GCSUploader) Upload(imageDiskPath string) (string, error) {
 	log.Debug("Creating JWT conf")
-	conf, err := google.JWTConfigFromJSON(data, "https://www.googleapis.com/auth/devstorage.full_control")
+	conf, err := google.JWTConfigFromJSON(data, "https://www.googleapis.com/auth/devstorage.read_write")
 	if err != nil {
 		return "", err
 	}

--- a/pkg/components/imguploader/gcpuploader_test.go
+++ b/pkg/components/imguploader/gcpuploader_test.go