Open ntang86 opened 10 months ago
Hi @ntang86 - The instance_id
claim needs to be populated in this case. You can see the condition in the code at https://github.com/hashicorp/vault-plugin-auth-gcp/blob/main/plugin/path_login.go#L234. Do you know if it's possible to have that populated in cloud run?
Otherwise, it's going to take a pull request with some changes here to support it for cloud run.
Hello,
I used to use the GCE metadata to auto auth to vault with the jwt but I noticed that it does not work with cloud run. I get the following
I saw that apparently this PR solved the authentication issue https://github.com/hashicorp/vault-plugin-auth-gcp/pull/115, but I can't make it work. Do we have an example? I can get an ID token through "http://metadata/computeMetadata/v1/instance/service-accounts/default/identity" but when I try to authenticate, it shows the above error.
Checking the jwt produced on Cloud Run by the same code, on cloud run I'm missing some data. Hence, the error message. Would it be possible to use "gce" auth with cloudrun?