google-cla[bot]
commented
7 months ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
This commit adds support for configuring the collector to authenticate with a token source that comes from a file defined by the CLOUD_SDK_ACCESS_TOKEN_PATH environment variable.
When the token expires, the token source will refresh by reading the file again. Optionally the user can set CLOUD_SDK_ACCESS_TOKEN_EARLY_EXPIRY to control when the refresh occurs.
The gcloud CLI has support for authenticating with user-supplied access tokens. See: https://issuetracker.google.com/issues/134539464#comment12
This is useful when credentials need to be generated dynamically from some centralized system that passes these scoped short-lived credentials to untrusted systems which use them to authenticate with GCP services (instead of having the untrusted system generate the credentals with some base/root credentials).