internal/gomote: add securitybot project to isPrivilegedUser
Change-Id: Icf8ece0bce5fd903a51389556de16c716417aaef
Reviewed-on: https://go-review.googlesource.com/c/build/+/462897
Reviewed-by: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
diff --git a/internal/gomote/gomote.go b/internal/gomote/gomote.go
index 36c4789..c06fd2d 100644
--- a/internal/gomote/gomote.go
+++ b/internal/gomote/gomote.go
@@ -605,7 +605,8 @@
// isPrivilegedUser returns true if the user is trusted to use sensitive machines.
// The user has to be a part of the appropriate IAM group.
func isPrivilegedUser(email string) bool {
- return strings.HasSuffix(email, "@google.com") || strings.HasSuffix(email, "@symbolic-datum-552.iam.gserviceaccount.com")
+ return strings.HasSuffix(email, "@google.com") || strings.HasSuffix(email, "@symbolic-datum-552.iam.gserviceaccount.com") ||
+ strings.HasSuffix(email, "@go-security-trybots.iam.gserviceaccount.com")
}
// iapEmailRE matches the email string returned by Identity Aware Proxy for sessions where