This PR adds plugin WIF support to the GCP auth engine. This adds the following new fields to the config endpoint to enable configuring Workload Identity Federation:
identity_token_audience
identity_token_ttl
service_account_email
The PR adds the PluginIdentityTokenSupplier Credential Provider that fetches a plugin identity token from Vault and passes it to an external account Token Source for a valid federated credential exchange. The PR also pulls in the latest tag v0.9.0 for the go-gcp-common library with WIF utils.
vinay-gopalan
commented
4 months ago
This PR adds plugin WIF support to the GCP auth engine. This adds the following new fields to the config endpoint to enable configuring Workload Identity Federation:
identity_token_audienceidentity_token_ttlservice_account_emailThe PR adds the
PluginIdentityTokenSupplierCredential Provider that fetches a plugin identity token from Vault and passes it to an external account Token Source for a valid federated credential exchange. The PR also pulls in the latest tagv0.9.0for thego-gcp-commonlibrary with WIF utils.