Closed halradaideh closed 4 months ago
This action does not use gcloud, so it would not respect that setting.
make sense 😄 can we at least make the action accept access token similar to https://github.com/docker/login-action?tab=readme-ov-file#workload-identity-federation-1
I can obtain the access token using GKE metadata server
Hi @halradaideh based on your other issue, I think there may be a misunderstanding about Service Account Impersonation. That being said, if you have an access token, this action is largely unnecessary. It's just writing a KUBECONFIG file to disk; you can do that yourself in a few lines of YAML: https://github.com/google-github-actions/get-gke-credentials/blob/209853c111c085f95a9a15e848e18044fac29fbc/src/gkeClient.ts#L326-L369
got it, I found the file and swapped the accessToken thus understanding that it only writes the file in the proper place with access token obtained form the auth action
file=$(find * | grep gha-kubeconfig)
DATA=$(cat /tmp/token.json | jq .accessToken)
sed -i "s/token: .*/token: $DATA/g" $file
TL;DR
this action doesn't respect SA impersonation made through gcloud config set auth/impersonate_service_account
Expected behavior
No response
Observed behavior
No response
Action YAML
Log output
No response
Additional information
No response