Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Workload Identity for Running on GKE #514

Closed
antoniordz96 opened this issue Sep 9, 2020 · 2 comments
Closed

Support Workload Identity for Running on GKE #514

antoniordz96 opened this issue Sep 9, 2020 · 2 comments
Labels
api: clouderrorreporting Issues related to the googleapis/nodejs-error-reporting API. priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@antoniordz96
Copy link

Ask: Support Workload Identity for applications running on GKE.

Use Case: Have a host tenant GKE Project (A) where developers stackdriver error reports can be sent back to project B. Leverage writing to stackdriver error reporting by leveraging SA from Project B.

Currently: At the moment this client library does not support Workload Identity. This is due to the indirect dependency of google-auth-library-nodejs (from google-common).

Current Workaround: for users to either use the default service account or pass in a secret containing the service account credentials.

Example Code: https://gist.github.com/ajr80231/0f8a7f79958cdbfcbc8e66d275071d60
@product-auto-label product-auto-label bot added the api: clouderrorreporting Issues related to the googleapis/nodejs-error-reporting API. label Sep 9, 2020
@yoshi-automation yoshi-automation added the triage me I really want to be triaged. label Sep 10, 2020
@bcoe bcoe added the type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. label Sep 11, 2020
@yoshi-automation yoshi-automation removed the triage me I really want to be triaged. label Sep 11, 2020
@losalex losalex self-assigned this Jun 5, 2022
@minherz
Copy link
Contributor

minherz commented Jul 12, 2022

The missing functionality is ability to provide the service account key directly. The key can be retrieved from Kubernetes service account that is linked to the Workload Identity.
As a workaround, developers can use nodejs-logging package to log the errors.

@minherz minherz added the priority: p3 Desirable enhancement or fix. May not be included in next release. label Jul 12, 2022
@losalex losalex removed their assignment Jul 3, 2023
@meredithslota
Copy link
Contributor

This is now supported in google-auth-library-nodejs (googleapis/google-auth-library-nodejs#1131), released in v7+ (https://github.com/googleapis/google-auth-library-nodejs/releases/tag/v7.0.0). This was picked up in google-common1 shortly after (googleapis/nodejs-common#648) and released in v3.6 (https://github.com/googleapis/nodejs-common/releases/tag/v3.6.0). This library has required v4 of @google-cloud/common since mid-2022: #648

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api: clouderrorreporting Issues related to the googleapis/nodejs-error-reporting API. priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@bcoe @minherz @meredithslota @antoniordz96 @yoshi-automation @losalex