storage: support external_account credentials in detectDefaultGoogleAccessID #8528
Labels
api: storage
Issues related to the Cloud Storage API.
type: feature request
‘Nice-to-have’ improvement, new feature or different behavior or design.
Is your feature request related to a problem? Please describe.
detectDefaultGoogleAccessID can detect GoogleAccessID when the library is authenticated by GKE workload identity but it cannot when it is authenticated by workload identity federation (e.g. GitHub Actions) because the credential type is
external_account
.Describe the solution you'd like
We'd like the function detectDefaultGoogleAccessID to support
external_account
credentials. If theservice_account_impersonation_url
value in the credential is available, the function should be able to extract an Email from it just like the case ofimpersonated_service_account
credentials.Describe alternatives you've considered
We can specify GoogleAccessID explicitly in a user code but we don't want to branch out logics depending on how the library is authenticated.
The text was updated successfully, but these errors were encountered: