Skip to content

UPSTREAM: docker/distribution: 3497: Support authentication using gcp workload identity federation#26

Merged
openshift-merge-robot merged 2 commits intoopenshift:image-registry-4.7-distribution-2461543from
akhil-rane:support_gcp_workload_identity
Sep 13, 2021
Merged

UPSTREAM: docker/distribution: 3497: Support authentication using gcp workload identity federation#26
openshift-merge-robot merged 2 commits intoopenshift:image-registry-4.7-distribution-2461543from
akhil-rane:support_gcp_workload_identity

Conversation

@akhil-rane
Copy link

@akhil-rane akhil-rane commented Jul 14, 2021

Workload identity federation will enable short lived credentials in a gcp
cluster. Current version golang.org/x/oauth2 does not support it.

This PR also includes changes that gcp storage driver code to consume
new credentials

ref: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

@akhil-rane
update golang.org/x/oauth2 to support gcp workload identity
2247794
@akhil-rane
Allow google oauth client to consume creds for workload identity
a28c7cb 
New short lived credentials for workload identity have different type
called 'external_account'. Current code does not support this type.
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 14, 2021
@openshift-ci openshift-ci bot requested review from adambkaplan and dmage July 14, 2021 01:32
@akhil-rane akhil-rane changed the title WIP: Support gcp workload identity federation Support gcp workload identity federation Jul 27, 2021
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 27, 2021
@dmage
Copy link

dmage commented Sep 1, 2021

@akhil-rane please add a link for the upstream PR in description.

@akhil-rane akhil-rane changed the title Support gcp workload identity federation UPSTREAM: docker/distribution: 3497: Support authentication using gcp workload identity federation Sep 10, 2021
@akhil-rane
Copy link
Author

akhil-rane commented Sep 10, 2021

@akhil-rane please add a link for the upstream PR in description.

addressed. PTAL

@dmage
Copy link

dmage commented Sep 13, 2021

/lgtm

@openshift-ci
Copy link

openshift-ci bot commented Sep 13, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akhil-rane, dmage

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 13, 2021
@openshift-merge-robot openshift-merge-robot merged commit 30f7a83 into openshift:image-registry-4.7-distribution-2461543 Sep 13, 2021
@bverschueren bverschueren mentioned this pull request Sep 15, 2021
Closed
@dmage dmage mentioned this pull request Mar 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adambkaplan adambkaplan Awaiting requested review from adambkaplan

@dmage dmage Awaiting requested review from dmage

Assignees

@dmage dmage

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akhil-rane @dmage @openshift-merge-robot

Comments