google-storage-sink serviceAccountKey is not required #1203
Comments
|
Kamelets could run even outside gcp/gke. But we could relax the requirement on serviceAccountKey as required parameter. |
|
It's harder than what I thought. We are enconding the service account key as base64, there is no way at this stage to have the parameter optional if we are prepeding base64 in front of it. For the moment it will stay as is. |
|
This greatly complicates deployment on GCP and requires keeping keyfiles around. The ADC process allows for keyfiles as well, it sounds like this implementation isn't compliant because of how the configuration is being fed in. FWIW the old connector appears to work and have the setting as optional. |
|
I created this on Camel core side to make it optional. https://issues.apache.org/jira/projects/CAMEL/issues/CAMEL-18802 |
|
The old connector was based on the pure component, the new ones have been based on Kamelet, a different concept. |
|
By the way, thanks for reporting problems and improvements. This is highly appreciated. I hope we could have a fix for the next camel-kamelets release. |
|
This will be in 0.11.0 and in ckc 3.20.0 |
|
Thanks for tracking this down! |
Google supports the ADC (Application Default Credentials) process for applications hosted on their platform.
https://cloud.google.com/docs/authentication/application-default-credentials
This field is not necessary unless the kamelet is running outside of GCP/GKE. You can use Workload Identity together with ADC to authenticate without a keyfile. The google libraries do this automatically.
Thanks!
The text was updated successfully, but these errors were encountered: