Merge branch 'gcp-allow-define-full-name-trusted-acc' into 'master'

Added option to define the full email of trusted service acc (GONRG-4213)

See merge request !144

provider/partition-gcp/README.md

@@ -82,6 +82,7 @@ In order to run the service locally or remotely, you will need to have the follo
 | `osm.postgres.username` | ex `postgres` | Postgres admin username | no | - |
 | `osm.postgres.password` | ex `postgres` | Postgres admin password | yes | - |
 | `ENVIRONMENT` | `gcp` or `anthos` | If `anthos` then authorization is disabled | no | - |
+| `SERVICE_ACCOUNT_TAIL` | `****` |By default Partition service while authenticating the request, verifies that the email in provided token belongs to a service account from a specific project by email tail `<GOOGLE_CLOUD_PROJECT> + .iam.gserviceaccount.com`, this behavior can be changed with this variable, you may specify which email tail exactly expected.| no | - |
 
 ## Configuring mappers' Datasources
 

provider/partition-gcp/src/main/java/org/opengroup/osdu/partition/provider/gcp/security/GcpAuthorizationService.java

@@ -79,11 +79,12 @@ public class GcpAuthorizationService implements IAuthorizationService {
   }
 
   private boolean isAllowedAccount(String accountEmail) {
+    for (String partitionAdmin : configuration.getPartitionAdminAccounts()) {
+      if (partitionAdmin.equals(accountEmail)) {
+        return true;
+      }
+
     if (StringUtils.endsWith(accountEmail, configuration.getServiceAccountTail())) {
-      for (String partitionAdmin : configuration.getPartitionAdminAccounts()) {
-        if (partitionAdmin.equals(accountEmail)) {
-          return true;
-        }
         if (StringUtils.startsWith(accountEmail, partitionAdmin)) {
           return true;
         }