This PR adds plugin WIF support to the GCP auth engine. This adds the following new fields to the config endpoint to enable configuring Workload Identity Federation:
identity_token_audience
identity_token_ttl
service_account_email
The PR adds the PluginIdentityTokenSupplier Credential Provider that fetches a plugin identity token from Vault and passes it to an external account Token Source for a valid federated credential exchange. The PR also pulls in the latest tag v0.9.0 for the go-gcp-common library with WIF utils.
This PR adds plugin WIF support to the GCP auth engine. This adds the following new fields to the config endpoint to enable configuring Workload Identity Federation:
identity_token_audience
identity_token_ttl
service_account_email
The PR adds the
PluginIdentityTokenSupplier
Credential Provider that fetches a plugin identity token from Vault and passes it to an external account Token Source for a valid federated credential exchange. The PR also pulls in the latest tagv0.9.0
for thego-gcp-common
library with WIF utils.