Feature Request: support external account and impersonated service account credentials key

abdolence / gcloud-sdk-rs

Async Google Cloud Platform (GCP) gRPC/REST APIs client implementation based on Tonic middleware and Reqwest.

Apache License 2.0

71 stars 21 forks source link

Feature Request: support external account and impersonated service account credentials key #27

Closed i10416 closed 2 years ago

i10416 commented 2 years ago

rel https://github.com/abdolence/gcloud-sdk-rs/issues/26 https://github.com/abdolence/gcloud-sdk-rs/blob/master/gcloud-sdk/src/token_source/credentials.rs#L12

// JSON key file types.
const (
    serviceAccountKey          = "service_account"
    userCredentialsKey         = "authorized_user"
    externalAccountKey         = "external_account"
    impersonatedServiceAccount = "impersonated_service_account"
)

https://github.com/golang/oauth2/blob/6fdb5e3db783d4a038a89fb82279727f80e7bf8e/google/google.go#L94

abdolence commented 2 years ago

Thanks for reporting this! The original code to work with OAuth and token sources was inherited from old project. I'll look into it since I need GitHub keyless integration myself soon.

abdolence commented 2 years ago

Now this is supported for OIDC/SAML (such as GitHub actions) starting with v0.19.5: https://github.com/abdolence/gcloud-sdk-rs#workload-identity-federation

abdolence commented 2 years ago

There are still limitations for AWS and impersonated_service_account without federation auth. I'll create separate tickets for them since it requires a bit work.

i10416 commented 1 year ago

Now this is supported for OIDC/SAML (such as GitHub actions) starting with v0.19.5:

Thank you!