gsa | Greenbone Security Assistant - The web frontend | Security Testing library

I want to give GSAs direct access to modify Google users. I can't find current docs on this so assuming it's not possible right now?

It looks like this is only possible for working with groups: https://workspaceupdates.googleblog.com/2020/08/new-api-cloud-identity-groups-google.html

I need to give a GSA access to read group membership and also modify user attributes.

Right now I:

• create an admin a G Suite user
• create a GSA with domain wide auth with these scopes
  • https://www.googleapis.com/auth/admin.directory.group
  • https://www.googleapis.com/auth/admin.directory.user

Impersonate the G Suite user with the GSA and modify user attributes like this:

I created App Engine custom domains with my own GCP user account.

If I run this command as that user I see a resourceRecords: field with all the A and AAAA records:

gcloud app domain-mappings describe 'mydom.com'

If I run the SAME command as a different user (one that has app engine admin and viewer roles) I see the resourceRecords: field with only a CNAME record. Why is this?

No permissions errors, no other errors. The SAME command run by different users returns different values from the describe API.

This behavior is unexpected. How/why is this happening?

I run Terraform centrally with a GSA. That GSA is getting different data from the API because of whatever this behavior is doing plans return incorrect info.

EDIT: There is now an official bug report for this (please star it!) https://issuetracker.google.com/issues/207364598

I'm trying to use some simple I/O macros introduced in book "Assembler Language Programming for IBM Z System Servers" (Macros introduced in Appendix B section). But when I'm tryin to run the sample program, as soon as program reach the first macro system dump occurs. Also there is IEF686I in the output. I'm a student learning IBM assembly language and I'm not familiar with JCL and I don't know if I'm doing something wrong in it. Is the format of getting input and assigning the output area OK or I should do it in a different way? Here is the JCL:

I have a script that I've used before that uses a list of keywords to query a master file with multiple columns and entries. The script should read the masterfile line by line and when it encounters a keyword it writes the whole line into a new file.

The keyword file looks like this:

A2M,ABCC9,ACADVL,ACTC1,ACTN2,ADA2,AGL

The master file looks like this:

https://github.com/GoogleCloudPlatform/cloudsql-proxy

I have found this is possible by setting impersonation system wide with this command: gcloud config set auth/impersonate_service_account .

The proxy exe seems to read the gcloud config.

But that is really clunky. I want to start the proxy and specify a specific user to impersonate without having to change it system wide. Also, I'm not resorting to generating non-expiring json keys- I want to use impersonation.

Many Gcloud commands now support a specific switch for this, but the proxy exe does not. See this GitHub issue (with no response from google): https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/417

Can I run gcloud auth print-access-token --impersonate-service-account= and set an env var the proxy exe will pick up or something?

I can't find anything in the code except this mention of gcloud: https://github.com/GoogleCloudPlatform/cloudsql-proxy/blob/eca37935e7cd54efcd612c170e46f45c1d8e3556/cmd/cloud_sql_proxy/cloud_sql_proxy.go#L160

• When the gcloud command-line tool is installed on the local machine, the "active account" is used for authentication. Run 'gcloud auth list' to see which accounts are installed on your local machine and 'gcloud config list account' to view the active account.

which is funny because when running auth/impersonate_service_account gcloud config list account doesn't say anything about it.

Is there a way to have Gcloud do impersonation on a per session basis?

EDIT: just to follow up, per the answer the --token totally works, so now I can run the proxy with IAM auth and impersonation a gsa simultaneously:

Say I have a generic type that takes a parameter:

I want to create cluster on gcp using kops.

For this, first I created gcs bucket. Then exported value for KOPS_STATE_STORE as

Here is my question:

I would like to implement two buttons in one activity. One is calculate BMI, another is go to check time. I wish users could see two buttons in the same activity, also depends on what they want to do. (These functions are not work at the same time, it is seperately. Also, I implement the button return to the home page both in these two activities.)

In the Android emulator, the message comes " app continued stopping."

Following is the MainActivity.java file:

I am trying to get a container image to open on localhost (OpenVAS). I have done the following: