gianarb commented on issue #3797: URL: https://github.com/apache/arrow-rs/issues/3797#issuecomment-1808010047
Hello! I am writing here to double check if the issue I am working on is similar to this one or if I am just doing something wrong since my lack of knowledge when it comes to GCP. I enabled GCP support to my application that uses datafusion (previously I was using AWS and local storage), everything works fine locally when I use the `APPLICATION_CREDENTIALS` environment variable but in production my workload runs on GCP autopilot so my plan was to use the suggested workload identity to provide access to GCP Object Storage and my expectation is that the token acquisition should work without any configuration (from a datafusion point of view) https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to But it fails: ``` Error performing token request: response error \"Unable to generate access token; IAM returned 400 Bad Request: Invalid form of account ID serviceAccount:<>.iam.gserviceaccount.com. Should be [Gaia ID |Email |Unique ID |] of the account ``` So I am wondering if I don't know how to properly configure the object store builder or if it is an unsupported authentication method. Thanks -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
