![]() ![]() credential-source-headers $HEADER_KEY= $HEADER_VALUE \ credential-source-url $URL_TO_GET_OIDC_TOKEN \ ![]() # Generate an OIDC configuration file for URL-sourced credentials. To generate a URL-sourced OIDC workload identity configuration, run the following command: Additional required request headers can also be The response can be in plain text or JSON. This generates the configuration file in the specified output file.įor URL-sourced credentials, a local server needs to host a GET endpoint to return the OIDC token. $PATH_TO_OIDC_ID_TOKEN: The file path used to retrieve the OIDC token.$SERVICE_ACCOUNT_EMAIL: The email of the service account to impersonate.$OIDC_PROVIDER_ID: The OIDC provider ID.$POOL_ID: The workload identity pool ID.$PROJECT_NUMBER: The Google Cloud project number.Where the following variables need to be substituted: output-file /path/to/generated/config.json # -credential-source-field-name "id_token" \ Default is "text": # -credential-source-type "json" \ # Optional argument for the field that contains the OIDC credential. credential-source-file $PATH_TO_OIDC_ID_TOKEN \ service-account $SERVICE_ACCOUNT_EMAIL \ Projects/ $PROJECT_NUMBER/locations/global/workloadIdentityPools/ $POOL_ID/providers/ $OIDC_PROVIDER_ID \ Gcloud iam workload-identity-pools create-cred-config \ # Generate an OIDC configuration file for file-sourced credentials. ![]() To generate a file-sourced OIDC configuration, run the following command: The token can be stored directly as plain text or in Needs to be updated in the file every hour. For tokens with one hour lifetimes, the token Location with a new OIDC token prior to expiration. (file-sourced credentials) or from a local server (URL-sourced credentials).įor file-sourced credentials, a background process needs to be continuously refreshing the file To configure workload identity federation from an OIDC identity provider.Īfter configuring the OIDC provider to impersonate a service account, a credential configurationįor OIDC providers, the Auth library can retrieve OIDC tokens either from a local file location
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |