wyardley
commented
1 year ago Yes please! Running into this issue, and because of how inspec plugins work, took me a little to figure out that this is where it needs to get updated.
Open rbclark opened 2 years ago
wyardley
commented
1 year ago Yes please! Running into this issue, and because of how inspec plugins work, took me a little to figure out that this is where it needs to get updated.
brettcurtis
commented
1 year ago Took me a while to hunt this down, any traction on this?
dazuma
commented
1 year ago The core issue is https://github.com/inspec/train/issues/658. Fix that, and the pinning of googleauth to pre-1.0 should go away.
Describe the Enhancement:
The googleauth gem is currently on a pre 1.0 release which is no longer being updated. For future features the 1.x release will need to be used.
Describe the Need:
Currently when performing a scan with GCP, the recommended method of acquiring credentials is via Workload Identity Federation. Currently the googleauth gem does not support that feature, however I am working to add the feature and already have a mostly working prototype. In order for inspec to support using this feature as well, this gem will need to be updated to the 1.x release of googleauth, since new features in that gem will not be backported to the old version that is being used here.
Current Alternative
I'm currently backporting my work to a 0.14.x branch for my own purposes but that will never be an official solution.
Can We Help You Implement This?:
Based on my investigation, it looks like the google-api gems are all backwards compatible with pre 1.0 versions of the googleauth gem, however it looks like the older gems which are currently in use do not support the 1.x releases. In order for this request to be possible it seems likely that the other gems will need to be updated as well.