Open rpetti opened 1 year ago
This should get bumped up to the service team at some point in the future!
Is there a contact for them or do we just keep trying to push Google through the usual support channels?
Raised an issue with them in their public issue tracker: https://issuetracker.google.com/u/1/issues/268071356
Community Note
Description
Currently the only supported options for OIDC configuration is issuer uri:
This works fine when you are connecting from a publicly accessible endpoint, since WIF will use OIDC discovery to obtain the JWKS keys.
Unfortunately many people will need to authenticate using WIF from internal firewalled systems that are not accessible from the public internet. In these cases, WIF simply doesn't work.
This is why many OIDC implementations support other configuration options so it can function in such situations:
New or Affected Resource(s)
Potential Terraform Configuration
References
We have raised this with Google multiple times but have seen no effort given into providing a solution. We are hoping that the Terraform team can put pressure on Google to implement this feature.
b/299601100