Xuanwo commented on issue #5233: URL: https://github.com/apache/arrow-rs/issues/5233#issuecomment-1897834567
> 1. The GCSCredential seems too simple. It uses a self-signed JWT to request the temporary token and then retrieves the objects. I think it should use the service account credential to retrieve the objects, like how it is done in the AWS part. Yep. GCP has different kind of services accounts like `service_account`, `external_account` and `impersonated_service_account`. We should store those services account information to presign users request. reqsign implemented most of them which worth to take a look: https://github.com/Xuanwo/reqsign/blob/main/src/google/credential.rs -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
