From bc368088a160a6f0912359adcc77eb4dd48ac7a3 Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Mon, 24 Jun 2024 18:04:22 +0200
Subject: [PATCH] hotfix(privatek8s/infra.ci) restrict top-level credential
 scope for the kubernetes cloud SA

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 config/jenkins_infra.ci.jenkins.io.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/jenkins_infra.ci.jenkins.io.yaml b/config/jenkins_infra.ci.jenkins.io.yaml
index b05a0be56..98a44a050 100644
--- a/config/jenkins_infra.ci.jenkins.io.yaml
+++ b/config/jenkins_infra.ci.jenkins.io.yaml
@@ -112,7 +112,7 @@ controller:
                 - string:
                     description: "Token of the Service Account account 'jenkins-agent' on the Kubernetes cluster 'infraci.jenkins.io-agents-1'"
                     id: "infraci.jenkins.io-agents-1-jenkins-agent-sa-token"
-                    scope: GLOBAL
+                    scope: SYSTEM
                     secret: "${INFRACIJENKINSIO_AGENTS_1_TOKEN}"
       agent-settings: |
         jenkins: