yoshidan
Unable to use `google_cloud_default` with Workload Identity
It seems maybe the hardcoded dependency on default SA email prevents us from using this in our production environment using Workload Identity for application SA.
Do you accept PRs?
Please make a PR and we will merge it.
I am currently disassembling google-cloud-default in https://github.com/yoshidan/google-cloud-rust/pull/172, after the merge will be easier to modify with interface changes.
I just tried the two quick-win ideas I had but it does not seem to have done the trick. Not sure if I'll have time to deep dive into this, but I'll let you know if that changes.
Thanks for the work on this BTW 👍🏻
Hi I am encountering issues using the auth crate with workload identity as well!
A few issues with parsing the JSON generated from workload identity:
- The
Formatstruct expects a field nametpin JSON, but the generated JSON contains a field named"type"instead - If I manually edit my JSON's field, I then encounter:
unsupported account: external_account
@jaychia Thank you for your report.
1.The Format struct expects a field name tp in JSON, but the generated JSON contains a field named "type" instead
Now I added the rename option to deserialize type
https://github.com/yoshidan/google-cloud-rust/pull/195/files
- If I manually edit my JSON's field, I then encounter: unsupported account: external_account
Is the external-account feature enabled? ex)
google-cloud-pubsub = { version="0.18.0", default-features=false, features=["trace", "auth", "external-account", "rustls-tls"]}
https://github.com/yoshidan/google-cloud-rust/pull/180