[
https://issues.apache.org/jira/browse/NIFI-16010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Turcsanyi updated NIFI-16010:
-----------------------------------
Fix Version/s: 2.10.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Enforce service-account credential type in GCP credential strategies
> --------------------------------------------------------------------
>
> Key: NIFI-16010
> URL: https://issues.apache.org/jira/browse/NIFI-16010
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Priority: Major
> Fix For: 2.10.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> The GCP service-account credential strategies loads configured JSON through
> the generic GoogleCredentials.fromStream() loader, which dispatches on the
> JSON "type" field. A document with "type": "external_account" supplied to the
> "Service Account Credentials (Json File)" or "Service Account Credentials
> (Json Value)" strategy is accepted and produces ExternalAccountCredentials,
> even though external identity is supposed to flow through the separate
> "Workload Identity Federation" strategy. The inline JSON property is only
> validated as syntactically valid JSON.
> We should make the service-account strategies enforce their own contract.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
