internal/gomote: add securitybot project to isPrivilegedUser Change-Id: Icf8ece0bce5fd903a51389556de16c716417aaef Reviewed-on: https://go-review.googlesource.com/c/build/+/462897 Reviewed-by: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org>

commit: 2c6ba0e5fd9ec1d2335e8a63bbe08c1ff139e094 [log] [tgz]
author: Roland Shoemaker <roland@golang.org> Fri Jan 20 12:53:16 2023 -0800
committer: Gopher Robot <gobot@golang.org> Fri Jan 20 21:03:24 2023 +0000
tree: 23e74e372ca1451ab2981dcfa3455eadadecbb8c
parent: 2795de0aa9b78ce8f0b2d4c76f8eb32c3953d3fa [diff]
diff --git a/internal/gomote/gomote.go b/internal/gomote/gomote.go
index 36c4789..c06fd2d 100644
--- a/internal/gomote/gomote.go
+++ b/internal/gomote/gomote.go

@@ -605,7 +605,8 @@
 // isPrivilegedUser returns true if the user is trusted to use sensitive machines.
 // The user has to be a part of the appropriate IAM group.
 func isPrivilegedUser(email string) bool {
-	return strings.HasSuffix(email, "@google.com") || strings.HasSuffix(email, "@symbolic-datum-552.iam.gserviceaccount.com")
+	return strings.HasSuffix(email, "@google.com") || strings.HasSuffix(email, "@symbolic-datum-552.iam.gserviceaccount.com") ||
+		strings.HasSuffix(email, "@go-security-trybots.iam.gserviceaccount.com")
 }
 
 // iapEmailRE matches the email string returned by Identity Aware Proxy for sessions where
commit	2c6ba0e5fd9ec1d2335e8a63bbe08c1ff139e094	[log] [tgz]
author	Roland Shoemaker <roland@golang.org>	Fri Jan 20 12:53:16 2023 -0800
committer	Gopher Robot <gobot@golang.org>	Fri Jan 20 21:03:24 2023 +0000
tree	23e74e372ca1451ab2981dcfa3455eadadecbb8c
parent	2795de0aa9b78ce8f0b2d4c76f8eb32c3953d3fa [diff]