-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connect to IAP protected endpoint with Workload Identity Federation #1545
Comments
* fix: add hashes to requirements.txt and update Docker images so they require hashes. * fix: add hashes to docker/owlbot/java/src * Squashed commit of the following: commit ab7384ea1c30df8ec2e175566ef2508e6c3a2acb Author: Jeffrey Rennie <rennie@google.com> Date: Tue Aug 23 11:38:48 2022 -0700 fix: remove pip install statements (googleapis#1546) because the tools are already installed in the docker image as of googleapis/testing-infra-docker#227 commit 302667c9ab7210da42cc337e8f39fe1ea99049ef Author: WhiteSource Renovate <bot@renovateapp.com> Date: Tue Aug 23 19:50:28 2022 +0200 chore(deps): update dependency setuptools to v65.2.0 (googleapis#1541) Co-authored-by: Anthonios Partheniou <partheniou@google.com> commit 6e9054fd91d1b500cae58ff72ee9aeb626077756 Author: WhiteSource Renovate <bot@renovateapp.com> Date: Tue Aug 23 19:42:51 2022 +0200 chore(deps): update dependency nbconvert to v7 (googleapis#1543) Co-authored-by: Anthonios Partheniou <partheniou@google.com> commit d229a1258999f599a90a9b674a1c5541e00db588 Author: Alexander Fenster <fenster@google.com> Date: Mon Aug 22 15:04:53 2022 -0700 fix: update google-gax and remove obsolete deps (googleapis#1545) commit 13ce62621e70059b2f5e3a7bade735f91c53339c Author: Jeffrey Rennie <rennie@google.com> Date: Mon Aug 22 11:08:21 2022 -0700 chore: remove release config and script (googleapis#1540) We don't release to pypi anymore. * chore: rollback java changes to move forward with other languages until Java's docker image is fixed Source-Link: googleapis/synthtool@4826337 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:7fefeb9e517db2dd8c8202d9239ff6788d6852bc92dd3aac57a46059679ac9de Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Hi @michajas, we haven't yet supported this feature unfortunately. We are discussing the FR as it's been requested in a few other issues on this repo. We'll update once we have an answer! |
hey @sofisl @danielbankhead I'm also stuck on this, any word on this FR? or is there a way to workaround this? I'm trying to run automated tests in a GH action using playwright by hitting an app that's behind IAP. Works locally with my own credentials |
In the same situation here. Github Actions + Workload Identity Federation. We're able to impersonate the Github Actions SA locally and auth to IAP without issue. The issue appears to be isolated to WIF and not just impersonation of a SA. |
Hi!
I'm trying to create setup where I can run my code that will impersonate SA based on Workload Identity Federation and then call IAP protected endpoint (running on Cloud Run).
I've managed to do such setup with Python library but I'm unable to do it in nodejs.
I've tried to combine samples regarding WIF and IAP but without any luck.
When running
const client = await auth.getIdTokenClient(targetAudience);
I'm getting error:Cannot fetch ID token in this environment, use GCE or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to a service account credentials JSON file.
My
GOOGLE_APPLICATION_CREDENTIALS
var is pointing to validexternal_account
credentials file.Could you please point me to right solution?
The text was updated successfully, but these errors were encountered: