Find a better way to determine which GCP ClientAuthentication to use

[andreasgebauer]

Currently the ClientAuthentication for GCP_IAM is relying on classes available on the classpath. Since I am having both classes on the classpath because I rely on Google API client libraries which pull in the class com.google.api.client.googleapis.auth.oauth2.GoogleCredential from package google-api-client transitively I am unable to use the GCP IAM credentials authentication because it is just second in the row for the class is available check.

I want to be able to choose GCP IAM credentials authentication regardless of the classes available on my classpath because the other method should not be used anymore.

[andreasgebauer]

Just had a deeper look at the code and I think replacing constant GOOGLE_CREDENTIAL_AVAILABLE in class org.springframework.cloud.vault.config.ClientAuthenticationFactory with private static final boolean IAM_API_CLIENT_AVAILABLE = ClassUtils.isPresent("com.google.api.services.iam.v1.Iam", ClientAuthenticationFactory.class.getClassLoader()); would be a good solution to my problem and probably won't break anything as org.springframework.vault.authentication.GcpIamAuthentication uses this class to sign JWTs.

[mp911de]

We should be generally able to swap the order in which the two authentication mechanisms are applied as the plain GcpIamAuthentication method is deprecated by Google anyway.

[andreasgebauer]

There might also be the option to introduce another property in GcpIamProperties where you can specify which method to use. I would really like to see this in the next release.