Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Workload Identity Authentication #1021

Open
wants to merge 9 commits into
base: dev
Choose a base branch
from
Open

Add support for Workload Identity Authentication #1021

wants to merge 9 commits into from

Conversation

terryyanko
Copy link

@terryyanko terryyanko commented Sep 23, 2024
edited
Loading

Related to: percona/roadmap#26

For workloads running on GCE, fetch the service account token from the metadata server to allow for access to GCP services without explicit keys.

Tested successfully with local mongo and GCE metadata server emulator

@it-percona-cla
Copy link

it-percona-cla commented Sep 23, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@terryyanko terryyanko marked this pull request as ready for review September 23, 2024 17:30
@defbin defbin added this to the next milestone Sep 29, 2024
egegunes
egegunes reviewed Nov 11, 2024
View reviewed changes
pbm/storage/s3/s3.go
Timeout: 100 * time.Millisecond,
}

req, err := http.NewRequest("GET", "http://169.254.169.254/computeMetadata/v1", nil)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we add the trailing slash, client doesn't need to follow redirect

Suggested change
req, err := http.NewRequest("GET", "http://169.254.169.254/computeMetadata/v1", nil)
req, err := http.NewRequest("GET", "http://169.254.169.254/computeMetadata/v1/", nil)

pbm/storage/s3/s3.go
}
providers = append(providers, &credentials.StaticProvider{Value: credentials.Value{
AccessKeyID: "GCP_OAUTH_TOKEN",
SecretAccessKey: "GCP_OATH_TOKEN",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is GCP_OATH_TOKEN a typo?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@egegunes egegunes egegunes left review comments

@defbin defbin Awaiting requested review from defbin defbin is a code owner

@boris-ilijic boris-ilijic Awaiting requested review from boris-ilijic boris-ilijic is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
community feature new feature need-qa
Projects
None yet
Milestone
next
Development

Successfully merging this pull request may close these issues.
4 participants
@terryyanko @it-percona-cla @egegunes @defbin