Closed juldrixx closed 8 months ago
For me these lines should be changed from
authParams, _ := resolveAuthRef(ctx, client, logger, triggerAuthRef, nil, namespace, secretsLister)
return authParams, kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderNone}, nil
}
...
func resolveAuthRef(ctx context.Context, client client.Client, logger logr.Logger,
...
result := make(map[string]string)
var podIdentity kedav1alpha1.AuthPodIdentity
to
authParams, podIdentity := resolveAuthRef(ctx, client, logger, triggerAuthRef, nil, namespace, secretsLister)
return authParams, podIdentity, nil
}
...
func resolveAuthRef(ctx context.Context, client client.Client, logger logr.Logger,
...
result := make(map[string]string)
var podIdentity kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderNone}
Hello, I'm reviewing the code and I think that you are right. On cases where the workload is a CRD (where podSpec isn't available), Pod identity is ignored and that's not correct. Are you willing to open a PR with the fix? (and maybe adding any test to prevent this in the future as current e2e test isn't covering that scenario)
I made the PR, but I did not touch the unit test because I'm not too sure on how to do it.
FWIW, we're having the same issue here. Same setup on 2.12.0
Report
I followed the example to scale on
PubSub
metrics usingWorkload Identity
as authentication method following theses pages:I have this 2 resources:
And the
Service Account
,keda-operator
, has the annotation:iam.gke.io/gcp-service-account
. I tested that theWorkload Identity
was working on theService Account
.Expected Behavior
The
ScaledObject
should be active.Actual Behavior
The
ScaledObject
is inactive and logging:error parsing PubSub metadata: google application credentials not found
.Steps to Reproduce the Problem
Follow the example: https://keda.sh/docs/2.11/scalers/gcp-pub-sub/#example-using-triggerauthentication-with-gcp-identity
Logs from KEDA operator
KEDA Version
2.11.2
Kubernetes Version
1.27
Platform
Google Cloud
Scaler Details
GCP PubSub
Anything else?
For me the issue is here . Because it should retrieve the
providerIdentity
but it's not returned (and theauthParams
is empty).Therefore the
config.PodIdentity
here is set tonone
. And then when we get the credentials, we get nothing here and we make the scaler erroring here.Either the documentation is wrong, or there's something missing in the code (or I'm missing something).