-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage credentials without GCP Service Account as a middleman #87
Comments
I found it could theoretically work if not for parsing gcp-workload-identity-federation-webhook/webhooks/mutatepod.go Lines 57 to 64 in 047970f
EDIT: and a few more places |
nazarewk
added a commit
to nazarewk/gcp-workload-identity-federation-webhook
that referenced
this issue
Nov 13, 2024
nazarewk
added a commit
to nazarewk/gcp-workload-identity-federation-webhook
that referenced
this issue
Nov 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am not sure since when (probably quite recently) it is possible to grant direct resource access to federation principals without using GCP Service Account as a middleman.
It would be great to support this use case here.
When I try to skip service account email annotation I'm getting this error
gcp-workload-identity-federation-webhook/webhooks/identityconfig.go
Line 88 in 047970f
Which at the same time is wrong (should point to service account annotation, not expiration annotation).
The text was updated successfully, but these errors were encountered: