diff --git a/src/main/java/com/google/jenkins/plugins/computeengine/InstanceConfiguration.java b/src/main/java/com/google/jenkins/plugins/computeengine/InstanceConfiguration.java index c476926e..6ff23612 100644 --- a/src/main/java/com/google/jenkins/plugins/computeengine/InstanceConfiguration.java +++ b/src/main/java/com/google/jenkins/plugins/computeengine/InstanceConfiguration.java @@ -542,9 +542,11 @@ private List networkInterfaces() { private List serviceAccounts() { if (notNullOrEmpty(serviceAccountEmail)) { List serviceAccounts = new ArrayList<>(); - serviceAccounts.add(new ServiceAccount() - .setEmail(serviceAccountEmail) - .setScopes(Arrays.asList(new String[] {"https://www.googleapis.com/auth/cloud-platform"}))); + serviceAccounts.add( + new ServiceAccount().setEmail(serviceAccountEmail).setScopes(Arrays.asList(new String[] { + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email" + }))); return serviceAccounts; } else { return null; diff --git a/src/main/resources/com/google/jenkins/plugins/computeengine/InstanceConfiguration/help-serviceAccountEmail.html b/src/main/resources/com/google/jenkins/plugins/computeengine/InstanceConfiguration/help-serviceAccountEmail.html index 3d08f146..a6f31e6e 100644 --- a/src/main/resources/com/google/jenkins/plugins/computeengine/InstanceConfiguration/help-serviceAccountEmail.html +++ b/src/main/resources/com/google/jenkins/plugins/computeengine/InstanceConfiguration/help-serviceAccountEmail.html @@ -16,6 +16,7 @@

Use IAM to specify the capabilities of the service account. The service account will be granted the https://www.googleapis.com/auth/cloud-platform + and https://www.googleapis.com/auth/userinfo.email scope, allowing it full access to those specified capabilities.