Connect to IAP protected endpoint with Workload Identity Federation #1545
Labels
priority: p3
Desirable enhancement or fix. May not be included in next release.
type: feature request
‘Nice-to-have’ improvement, new feature or different behavior or design.
Comments
michajas
added
priority: p3
ddelgrosso1
pushed a commit
to ddelgrosso1/google-auth-library-nodejs
that referenced
this issue
May 16, 2023
* fix: add hashes to requirements.txt
and update Docker images so they require hashes.
* fix: add hashes to docker/owlbot/java/src
* Squashed commit of the following:
commit ab7384ea1c30df8ec2e175566ef2508e6c3a2acb
Author: Jeffrey Rennie <rennie@google.com>
Date: Tue Aug 23 11:38:48 2022 -0700
fix: remove pip install statements (googleapis#1546)
because the tools are already installed in the docker image as of googleapis/testing-infra-docker#227
commit 302667c9ab7210da42cc337e8f39fe1ea99049ef
Author: WhiteSource Renovate <bot@renovateapp.com>
Date: Tue Aug 23 19:50:28 2022 +0200
chore(deps): update dependency setuptools to v65.2.0 (googleapis#1541)
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
commit 6e9054fd91d1b500cae58ff72ee9aeb626077756
Author: WhiteSource Renovate <bot@renovateapp.com>
Date: Tue Aug 23 19:42:51 2022 +0200
chore(deps): update dependency nbconvert to v7 (googleapis#1543)
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
commit d229a1258999f599a90a9b674a1c5541e00db588
Author: Alexander Fenster <fenster@google.com>
Date: Mon Aug 22 15:04:53 2022 -0700
fix: update google-gax and remove obsolete deps (googleapis#1545)
commit 13ce62621e70059b2f5e3a7bade735f91c53339c
Author: Jeffrey Rennie <rennie@google.com>
Date: Mon Aug 22 11:08:21 2022 -0700
chore: remove release config and script (googleapis#1540)
We don't release to pypi anymore.
* chore: rollback java changes
to move forward with other languages until Java's docker image is fixed
Source-Link: googleapis/synthtool@4826337
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:7fefeb9e517db2dd8c8202d9239ff6788d6852bc92dd3aac57a46059679ac9de
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
|
Hi @michajas, we haven't yet supported this feature unfortunately. We are discussing the FR as it's been requested in a few other issues on this repo. We'll update once we have an answer! |
sofisl
added
type: feature request
danielbankhead
changed the title
|
hey @sofisl @danielbankhead I'm also stuck on this, any word on this FR? or is there a way to workaround this? I'm trying to run automated tests in a GH action using playwright by hitting an app that's behind IAP. Works locally with my own credentials |
|
In the same situation here. Github Actions + Workload Identity Federation. We're able to impersonate the Github Actions SA locally and auth to IAP without issue. The issue appears to be isolated to WIF and not just impersonation of a SA. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi!
I'm trying to create setup where I can run my code that will impersonate SA based on Workload Identity Federation and then call IAP protected endpoint (running on Cloud Run).
I've managed to do such setup with Python library but I'm unable to do it in nodejs.
I've tried to combine samples regarding WIF and IAP but without any luck.
When running
const client = await auth.getIdTokenClient(targetAudience);I'm getting error:Cannot fetch ID token in this environment, use GCE or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to a service account credentials JSON file.My
GOOGLE_APPLICATION_CREDENTIALSvar is pointing to validexternal_accountcredentials file.Could you please point me to right solution?
The text was updated successfully, but these errors were encountered: