Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move off deprecated GoogleCredential IAM authentication method to IAM credentials #600

Closed
igouss opened this issue Dec 1, 2020 · 7 comments
Closed

Move off deprecated GoogleCredential IAM authentication method to IAM credentials #600

igouss opened this issue Dec 1, 2020 · 7 comments
Labels
in: auth Issues in authentication type: enhancement A general enhancement
Milestone
2.3.2

Comments

@igouss
Copy link

igouss commented Dec 1, 2020

Project should use this dependency instead for GCP IAM authentication
https://github.com/googleapis/google-auth-library-java
@mp911de
Copy link
Member

mp911de commented Dec 2, 2020

Feel free to submit a pull request adding another variant of GcpIamAuthentication using the mentioned library.

@mp911de mp911de added status: ideal-for-contribution An issue that a contributor can help us with type: enhancement A general enhancement labels Dec 2, 2020
@igouss
Copy link
Author

igouss commented Dec 3, 2020

Can you take a look?
https://github.com/spring-projects/spring-vault/compare/master...igouss:UpdateGcpCredentialSupplier?expand=1

I have trouble running tests locally. But I did not really try.

[INFO] Scanning for projects...
[ERROR] [ERROR] Some problems were encountered while processing the POMs:
[ERROR] Non-resolvable import POM: Could not find artifact org.springframework.vault:spring-vault-dependencies:pom:2.3.0-SNAPSHOT @ org.springframework.vault:spring-vault-parent:2.3.0-SNAPSHOT, /home/igoussev/spring-vault/pom.xml, line 108, column 16

One issue: see // TODO: Figure out how to set httpTransport on IamCredentialsClient

@igouss
Copy link
Author

igouss commented Dec 3, 2020
edited

I found this warning while working on this. Sounds like this project will be affected.

https://cloud.google.com/iam/docs/migrating-to-credentials-api

The IAM API also contains methods for signing JWTs and binary blobs. As of July 1, 2020, these methods are deprecated in the REST API and in all client libraries for the IAM API. You must migrate to the Service Account Credentials API before July 1, 2021.

@mp911de mp911de added the in: auth Issues in authentication label Dec 10, 2020
@mp911de
Copy link
Member

mp911de commented Jan 15, 2021

This issue went unnoticed. Starting with a pull request is a good idea. Instead of changing the existing GcpIamAuthentication, I'd suggest to introduce a new variant to not break existing code.

@senzzzi senzzzi mentioned this issue Jan 20, 2021
Closed
andreasgebauer added a commit to andreasgebauer/spring-cloud-vault that referenced this issue Jan 27, 2021
@andreasgebauer
WIP spring-projects/spring-vault#600
ffa6aab
@andreasgebauer andreasgebauer mentioned this issue Jan 27, 2021
Closed
@andreasgebauer
Copy link
Contributor

andreasgebauer commented Jan 28, 2021
edited

Would be nice to have the support for the IAM credentials API available in the next release. I created a PR yesterday. Please let me know if this works for you

@mp911de
Copy link
Member

mp911de commented Jan 28, 2021

Thanks a lot. Will have a look in the next few days.

@mp911de mp911de added this to the 2.3.2 milestone Feb 19, 2021
@mp911de
Copy link
Member

mp911de commented Feb 19, 2021

It makes sense to backport this change into the next service release given that the IAM API will stop working as of July this year.

mp911de added a commit that referenced this issue Feb 19, 2021
@mp911de
Polishing.
f156c56 
Update documentation, extract base class for GCP IAM authentication options.

Closes gh-600.
Original pull request: gh-619.
mp911de pushed a commit that referenced this issue Feb 19, 2021
@andreasgebauer @mp911de
Add support for GCP IAM credentials API.
53f14ab 
We now support the IAM Credentials API in addition to the deprecated IAM API for signing JWT.

Closes gh-600.
Original pull request: gh-619.
mp911de added a commit that referenced this issue Feb 19, 2021
@mp911de
Polishing.
63f7f4a 
Update documentation, extract base class for GCP IAM authentication options.

Closes gh-600.
Original pull request: gh-619.
@mp911de mp911de removed the status: ideal-for-contribution An issue that a contributor can help us with label Feb 19, 2021
@mp911de mp911de mentioned this issue Feb 19, 2021
Closed
mp911de added a commit that referenced this issue Mar 10, 2021
@mp911de
Polishing.
e0bea23 
Rename GoogleCloudIamAuthenticationOptionsBuilder to GcpIamCredentialsAuthenticationOptionsBuilder.

See gh-600.
mp911de added a commit that referenced this issue Mar 10, 2021
@mp911de
Polishing.
20c1d74 
Rename GoogleCloudIamAuthenticationOptionsBuilder to GcpIamCredentialsAuthenticationOptionsBuilder.

See gh-600.
@mp911de mp911de changed the title GcpCredentialSupplier uses deprecated GoogleCredential class Move off deprecated GoogleCredential IAM authentication method to IAM credentials Mar 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: auth Issues in authentication type: enhancement A general enhancement
Projects
None yet
Milestone
2.3.2
Development

Successfully merging a pull request may close this issue.

Add support for GCP IAM credentials API andreasgebauer/spring-vault
3 participants
@igouss @mp911de @andreasgebauer