feat: gcs dataplane enhancement #83
Conversation
… runtime changes for credentials.
git-masoud
changed the title
| * Default authentication: | ||
| * Authenticates against the Google Cloud API using the [Application Default Credentials](https://cloud.google.com/docs/authentication#adc). | ||
| * These will automatically be provided if the connector is deployed with the correct service account attached. | ||
| * Service Account key file |
There was a problem hiding this comment.
Suggest to add a link about managing key files : https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys
| * These will automatically be provided if the connector is deployed with the correct service account attached. | ||
| * Service Account key file | ||
| * Authentication using a Service Account key file exported from Google Cloud Platform | ||
| * Service Account key file can be stored in a vault or encoded as base64 and provided in the dataAddress. |
There was a problem hiding this comment.
Pls check GcpConfiguration.java , as this provide a configuration at connector level where service account is optionally set.
| @@ -49,11 +50,12 @@ public String name() { | |||
| public void initialize(ServiceExtensionContext context) { | |||
|
|
|||
| var monitor = context.getMonitor(); | |||
| var gcpCredential = new GcpCredentials(vault, typeManager, monitor); | |||
There was a problem hiding this comment.
Does it make sense to have GcpCredentials taking also the GcpConfiguration object injected?
If a service account is provided in the dataAddress, then it overrides the GcpConfiguration.
| var tokenKeyName = destination.getKeyName(); | ||
| var serviceAccountKeyName = destination.getStringProperty(GcsStoreSchema.SERVICE_ACCOUNT_KEY_NAME); | ||
| var serviceAccountValue = destination.getStringProperty(GcsStoreSchema.SERVICE_ACCOUNT_KEY_VALUE); | ||
| var gcpServiceAccountCredentials = new GcpServiceAccountCredentials(tokenKeyName, serviceAccountKeyName, serviceAccountValue); |
There was a problem hiding this comment.
Does it make sense pass directly destination.getKeyName() instead of declaring the variable? (same for SourceFactory)
|
This pull request is stale because it has been open for 7 days with no activity. |
|
This pull request was closed because it has been inactive for 7 days since being marked as stale. |
What this PR changes/adds
We implemented other approaches for authentication against the gcp api in the core already. Now, in this PR, this feature is being used by the dataplane to enhance the usage of google storage data-plane. Therefore, users can dynamically change their service account key file in run time by adding it into the vault and or adding it into the data address.
Further notes
Another approach for authentication is to create a Service Account key file and use it to retrieve the GoogleCredentials. Similar to Azure storage Data Plane, the key could be uploaded into the vault and be pointed in the keyname in the DataAddress.
Linked Issue(s)
Closes #59