mik-laj commented on issue #6050: [AIRFLOW-5434][DONT-MERGE] Use hook to provide credentials in GKEPodOperator URL: https://github.com/apache/airflow/pull/6050#issuecomment-529115287 I am wondering about the optional ``gcp_conn_id`` parameter. It was optional. Now it's required. When the user did not provide a value, credentials was set up to use ADC strategies. I think we should abandon this mechanism for security reasons. Credentials should only be determined based on the connection configuration. Now this is not a big problem, but in the future this connection configuration only by connecting can be crucial. In future, it may allow the introduction of further security mechanisms, e.g. IAM. Do you think it is worth introducing backward compatibility or leaving the current implementation? If we leave the current implementation then I have to add a note in UPDATING.md It is worth noting that ADC is quite a complex mechanism and permissions may be mistakenly granted.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
