Use new endpoints for GCS backend authentication #22451
Comments
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Terraform Version
Description
Sorry for breaking the template here but I'm not sure how to best frame this problem within the existing template.
Google recently changed some OAuth 2.0 authorization flow endpoints from being hosted under
google.comtogoogleapis.comdomains. This was related to requests issued from within a GCP VPC network under VPC Service Control restricted perimeters where due to DNS changes*.googleapis.comis available but not the other services under*.google.com. Go Oauth client libraries were already updated in golang/oauth2#310 and since then GCP resources are using the right endpoint and work fine, however the GCS backend is not using the client libraries for this and still has the wrong endpoint hardcoded.In summary, we need to change:
TokenURL: "https://accounts.google.com/o/oauth2/token",
to
TokenURL: "https://oauth2.googleapis.com/token",
I'll send a PR shortly that fixes this.
The text was updated successfully, but these errors were encountered: