Comments (5)
github-actions
commented on June 10, 2024
Hi there @GergelyKalmar ๐!
Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.
from auth.
sethvargo
commented on June 10, 2024
Hi @GergelyKalmar - thank you for opening an issue. It looks like the Hadoop connector does not support Workload Identity Federation. If it's using the standard Google Java SDK, it may require a dependency update. Unfortunately there's nothing we can do in this "auth" action to fix that. Upstream clients must add support for Workload Identity.
You could try using the less-secure Service Account Key Export, which will probably work.
from auth.
GergelyKalmar
commented on June 10, 2024
I don't think that's quite right, it is supposed to have support since version 3.0, it was one of the new features that was introduced. See GoogleCloudDataproc/hadoop-connectors#671 and also https://github.com/GoogleCloudDataproc/hadoop-connectors/releases/tag/v3.0.0, point 25: "Add support for WORKLOAD_IDENTITY_FEDERATION_CREDENTIAL_CONFIG_FILE authentication type that retrieves a refresh token using workload identity federation configuraiton defined in: fs.gs.auth.workload.identity.federation.credential.config.file".
I am really not sure if the issue is with gcs-connector at this point. Of course, it might be that this feature is broken, or we are using it wrong, but it also seems like the issue is related to the environment that we are using instead (given it complains about this certificate path problem only when using workload identity federation).
from auth.
sethvargo
commented on June 10, 2024
WORKLOAD_IDENTITY_FEDERATION_CREDENTIAL_CONFIG_FILE is not a standard envvar, so I'm not sure what's expected by that. The project would need to properly handle GOOGLE_APPLICATION_CREDENTIALS pointing to a WIF file (instead of a Service Account Key).
from auth.
elvin-sadigov-db
commented on June 10, 2024
Hi @sethvargo, Sorry I missed above conversation.
I went through the source code. There is a unit test which reads WIF file, but as you mentioned how the code handle the credential json file, that is the question.
https://github.com/GoogleCloudDataproc/hadoop-connectors/blob/v3.0.0/util-hadoop/src/test/java/com/google/cloud/hadoop/util/HadoopCredentialsConfigurationTest.java#L174
They use below google auth versions and had a release for 3.0.0 version: https://github.com/GoogleCloudDataproc/hadoop-connectors/releases/tag/v3.0.0
I believe google auth 1.14.0 supports WIF.
https://github.com/GoogleCloudDataproc/hadoop-connectors/blob/v3.0.0/pom.xml
@GergelyKalmar FYI, thanks!
from auth.
Related Issues (20)
- Add support for access tokens HOT 7
- Export GOOGLE_CREDENTIALS for Terraform HOT 2
- A request regarding inter-project authentication HOT 2
- Doc missing something? HOT 8
- google-github-actions/auth@v1 works but v2 doesn't HOT 6
- Disable warning ยจDid you forget to use "actions/checkout" before this step?ยจ HOT 7
- Google Cloud Service Account Key JSON not working HOT 2
- The mapped attribute 'google.subject' must be of type STRING. HOT 2
- WorkloadIDentityPoolProvider ID error message on create-oidc is dubious at best. HOT 2
- Save application default credentials (ADC) HOT 4
- Circular dependency when loading GitHub app private keys from Google Secret Manager HOT 4
- Impersonation issues for Google Workspace HOT 20
- Retry options seem to be deprecated, but not according to the docs HOT 1
- "create_credentials_file" option HOT 3
- Local testing HOT 3
- GKE WLI to authenticate as another service account HOT 12
- gsutil isn't authenticated HOT 16
- cant use credentials_json after an hour and half HOT 3
- Typo in Readme HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth.