Reputation: 31
Camel pubsub connect via external account (workload-identity-federation)
Does the camel-google-pubsub support external account(Workload Identity Federation) authorization? I'm using camel-google-pubsub 3.21.0.
According to the document, It support service account https://camel.apache.org/components/next/google-pubsub-component.html
But I found anther way:
Although GooglePubsubComponent only provides the setServiceAccountKey method, it does not provide a place to set the credentials path.
But we can do it through ADC.
If we do not set ServiceAccountKey, it will use getApplicationDefault, and getApplicationDefault uses the GOOGLE_APPLICATION_CREDENTIALS environment variable to find credentials.
credentialsProvider = FixedCredentialsProvider.create(ObjectHelper.isEmpty(endpoint.getServiceAccountKey())
? GoogleCredentials.getApplicationDefault() : ServiceAccountCredentials.fromStream(ResourceHelper
.resolveMandatoryResourceAsInputStream(getCamelContext(), endpoint.getServiceAccountKey()))
.createScoped(PublisherStubSettings.getDefaultServiceScopes()));
So we only need to set the GOOGLE_APPLICATION_CREDENTIALS environment variable to implement the external account authentication method.
Does this way is recommended?
Upvotes: 0
Views: 48
Answers (0)
Related Questions
- Workload identity federation with @google-cloud
- Can GKE Workload Identity be used with Domain Wide Delegation?
- GCP Identity Federation Authentication not working from docker on github actions
- Support for wildcards with Workload Identity Federation
- AttributeError: 'tuple' object has no attribute 'authorize' - GCP Create Service Account with Workload Identity Federation
- google cloud IAM workload identity federation with azure ad 'app registration'/'enterprise applications'