Open andreasgebauer opened 2 years ago
Just had a deeper look at the code and I think replacing constant GOOGLE_CREDENTIAL_AVAILABLE in class org.springframework.cloud.vault.config.ClientAuthenticationFactory with
private static final boolean IAM_API_CLIENT_AVAILABLE = ClassUtils.isPresent("com.google.api.services.iam.v1.Iam", ClientAuthenticationFactory.class.getClassLoader());
would be a good solution to my problem and probably won't break anything as org.springframework.vault.authentication.GcpIamAuthentication uses this class to sign JWTs.
We should be generally able to swap the order in which the two authentication mechanisms are applied as the plain GcpIamAuthentication
method is deprecated by Google anyway.
There might also be the option to introduce another property in GcpIamProperties where you can specify which method to use. I would really like to see this in the next release.
Currently the ClientAuthentication for GCP_IAM is relying on classes available on the classpath. Since I am having both classes on the classpath because I rely on Google API client libraries which pull in the class com.google.api.client.googleapis.auth.oauth2.GoogleCredential from package google-api-client transitively I am unable to use the GCP IAM credentials authentication because it is just second in the row for the class is available check.
I want to be able to choose GCP IAM credentials authentication regardless of the classes available on my classpath because the other method should not be used anymore.