ChloeSheasby opened a new issue, #35899: URL: https://github.com/apache/airflow/issues/35899
### Description Currently, the only way to authenticate with Google Cloud operators is through defining a file path to the Google Cloud Credentials. This is not always a safe option, and credentials can be acquired in different ways through the Workload Federated Identity service in Google Cloud Platform. This can be done in the following: - Request a token from your external service (defined in your Federated Identity) - Provide the following items as the payload to this api endpoint: https://sts.googleapis.com/v1/token - subject_token: the token from the previous request - grant_type: "urn:ietf:params:oauth:grant-type:token-exchange" - requested_token_type: "urn:ietf:params:oauth:token-type:access_token" - scope: "https://www.googleapis.com/auth/cloud-platform"; - subject_token_type: "urn:ietf:params:oauth:token-type:jwt" - Provide the following items to this api endpoint: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/<federated identity service account>:generateAccessToken - Headers: use the token from the previous request in the "Authorization" section - Payload: - scope: ["https://www.googleapis.com/auth/cloud-platform";] - Use the token from the last request as the authentication. ### Use case/motivation I would like to be able to authenticate the Google Cloud operators through the Workload Federated Identity instead of providing the file path to credentials. This would help me to be able to use Airflow's native Google Cloud operators instead of making custom operators. ### Related issues _No response_ ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
