Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Request for new functionality
View staffing
Description
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish:
I would like a feature to restrict Cloud Build executions so that only certain groups will be allowed to access specific Cloud Build execution logs without seeing other execution logs in Cloud Build History
How this might work:
This could work by either allowing the Storage viewer role needed for Cloud Build logs now to be scoped per bucket or allowing support for resource tags for IAM for Cloud Build
If applicable, reasons why alternative solutions are not sufficient:
At the moment, the permissions applied for Cloud Build are project level and cannot be adjusted on a resource level. While logs can be stored in a user defined bucket, that still requires project level storage permissions (which won't support setting this permission at the bucket level)
Other information (workarounds you have tried, documentation consulted, etc):
IAM tags to work with Cloud Build tags was tried, but this process is not supported due to Cloud Build not supporting this kind of tag as mentioned in [1]
[1]