nodejs-error-reporting icon indicating copy to clipboard operation
nodejs-error-reporting copied to clipboard
verified publisher icon googleapis

Support Workload Identity for Running on GKE

Open antoniordz96 opened this issue 5 years ago • 1 comments

Ask: Support Workload Identity for applications running on GKE.

Use Case: Have a host tenant GKE Project (A) where developers stackdriver error reports can be sent back to project B. Leverage writing to stackdriver error reporting by leveraging SA from Project B.

Currently: At the moment this client library does not support Workload Identity. This is due to the indirect dependency of google-auth-library-nodejs (from google-common).

Current Workaround: for users to either use the default service account or pass in a secret containing the service account credentials.

Example Code: https://gist.github.com/ajr80231/0f8a7f79958cdbfcbc8e66d275071d60

antoniordz96 avatar Sep 09 '20 14:09 antoniordz96

The missing functionality is ability to provide the service account key directly. The key can be retrieved from Kubernetes service account that is linked to the Workload Identity. As a workaround, developers can use nodejs-logging package to log the errors.

minherz avatar Jul 12 '22 21:07 minherz

This is now supported in google-auth-library-nodejs (https://github.com/googleapis/google-auth-library-nodejs/pull/1131), released in v7+ (https://github.com/googleapis/google-auth-library-nodejs/releases/tag/v7.0.0). This was picked up in google-common1 shortly after (https://github.com/googleapis/nodejs-common/pull/648) and released in v3.6 (https://github.com/googleapis/nodejs-common/releases/tag/v3.6.0). This library has required v4 of @google-cloud/common since mid-2022: https://github.com/googleapis/nodejs-error-reporting/pull/648

meredithslota avatar Oct 20 '23 18:10 meredithslota