Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support service_account in ApplicationDefaultCredentials and Use SelfSignedJwt #4926

Merged
merged 5 commits into from
Oct 16, 2023

Conversation

tustvold
Copy link
Contributor

Which issue does this PR close?

Closes #.

Rationale for this change

https://google.aip.dev/auth/4111 defines a process for using self-signed JWTs directly with Google Cloud services, without first exchanging them with the Google OAuth server. Additionally it states that they should be used by default for service accounts

Considering its better efficiency and reliability comparing with OAuth flow (bypassing the exchanging step), ADC should use self-signed JWT as the default authentication flow when service account key is provided as the source credential.

This PR therefore adds support for service_account in ApplicationDefaultCredentials, and uses the self-signed JWT flow for service accounts

What changes are included in this PR?

Are there any user-facing changes?

@github-actions github-actions bot added the object-store Object Store Interface label Oct 13, 2023
Copy link
Contributor

@crepererum crepererum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor doc nitpicks (all with suggestions).

object_store/src/gcp/credential.rs Outdated Show resolved Hide resolved
object_store/src/gcp/credential.rs Outdated Show resolved Hide resolved
object_store/src/gcp/credential.rs Outdated Show resolved Hide resolved
object_store/src/gcp/credential.rs Outdated Show resolved Hide resolved
object_store/src/gcp/credential.rs Outdated Show resolved Hide resolved
@tustvold tustvold merged commit 69c9375 into apache:master Oct 16, 2023
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
object-store Object Store Interface
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants