issue with gcp artifact registry roleset: unsupported ressource type

[artifact-reg]

hello I am trying to add permission at artifact registry repository level using vault roleset. I got unsupported ressource type thanks for your support and best regards

cat bind.hcl resource "https://artifactregistry.googleapis.com/v1beta2/projects/prj-id/locations/europe-west1/repositories/test123" { roles = ["roles/artifactregistry.reader"] }

./vault write gcp/roleset/my-token-roleset project="prj-id" secret_type="access_token" token_scopes="https://www.googleapis.com/auth/cloud-platform" bindings=@bind.hcl Error writing data to gcp/roleset/my-token-roleset: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/gcp/roleset/my-token-roleset Code: 400. Errors:

• invalid resource "https://artifactregistry.googleapis.com/v1beta2/projects/prj-id/locations/europe-west1/repositories/test123": unsupported resource type: projects/locations/repositories

[austingebauer]

Thanks for opening this @artifact-reg! We currently don't support artifact registry as a resource for assigning roles, so this is a feature request. It's unlikely that we pick this up any time soon. We'd be happy to review a pull request if you want to add support.

[danjeffery]

@austingebauer I'm also interested in why this is not supported. Google is EOL very soon on container registry so this is a big deal for some folks.

A PR was contributed: https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/110 It was then closed with no explanation (or response from Hashicorp) a year later.