Closed ghost closed 1 year ago
chris-brindley
commented
1 year ago Please can you add your team as the CODEOWNERs for this orb?
Also not sure if you're aware but the official GCP CLI orb already lets you login with OIDC - so you might be able to simplify what you're doing somewhat if you wanted to. https://circleci.com/developer/orbs/orb/circleci/gcp-cli#commands-setup
ghost
commented
1 year ago Please can you add your team as the CODEOWNERs for this orb?
Also not sure if you're aware but the official GCP CLI orb already lets you login with OIDC - so you might be able to simplify what you're doing somewhat if you wanted to. https://circleci.com/developer/orbs/orb/circleci/gcp-cli#commands-setup
I have updated the CODEOWNERS. Yes we had a look at the gcp cli orb but there are a few limitations on how we can use it in the workflow e.g. it doesn't allow us to login to different GCP projects assuming different service accounts as part of the same job/steps, this orb is to provide us that flexibility as and when required. Also to avoid re-writing the script to fetch secrets in all our workflows.
chris-brindley
commented
1 year ago Okay sounds good 👍 Approved and merged.
This adds a GCP OIDC orb which allows using the GCP OIDC auth with workload identity pool and avoid using the static service account key. This ORB also allows imports GCP secrets from the secret manager, loading it into a secret file and provide it as ENV vars available to the jobs.