Closed hugohjerten closed 2 years ago
Neither bq
nor gsutil
support Workload Identity Federation yet. Unfortunately there's nothing we can do in these actions to fix this.
@sethvargo should we add this as a warning to the WI section like auth?
@sethvargo aah, thanks! I had missed this entirely. Thanks for letting me know :)
@sethvargo I have a hard time finding additional information on when support for bq
& gsutil
can be expected. Do you have any information/links on this? Thanks in advance.
Hi @hugohjerten - it would be up to the teams that own those tools to add support. This is usually driven by customer demand, so if you have a GCP TAM, ask them to open a bug on your behalf.
Related, but not specific feature request. gcloud storage rsync [208889871] - Visible to Public - Issue Tracker
TL;DR
The
gcloud
componentbq
(BigQuery) fails, due to not having "valid credentials". This is after successfully authenticating using/auth
with theworkload_identity_provider
option, and even though the regulargcloud
command works as expected.Expected behavior
I wish to move from long-lived service account keys to using Workflow Identity Federation in my Github Action Workflows. My workflows use the the
gcloud
tool and install the component BigQuery component (bq
). After successfully authenticating using the/auth
Github Action with theworkload_identity_provider
option, I expect thebq
component to be able to properly use the generated credentials file also.Observed behavior
After installing the
bq
component and authenticating using the/auth
Github Action with theworkload_identity_provider
option, any usage of thebq
command results in the following output:Action YAML
Additional information
I have tried explicitly authenticating in
gcloud
also, using the generated credential files, but this made no difference:When googling I have also examined the possibility of a bug (see here & here) that has to do with the flag
CLOUDSDK_PYTHON_SITEPACKAGES=1
. But this didn't help either...