[
https://issues.apache.org/jira/browse/JCLOUDS-1585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654128#comment-17654128
]
Eron Wright commented on JCLOUDS-1585:
--------------------------------------
This issue seems like a significant usability and security problem, see the
[Google Cloud
documentation|https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#alternatives_to]
which says:
{quote}Workload Identity is the recommended way for your workloads running on
Google Kubernetes Engine (GKE) to access Google Cloud services in a secure and
manageable way.
Note: We recommend that you use Workload Identity because the alternatives
(e.g. using a service account key) require you to make security compromises.
{quote}
> Unable to use Google Cloud Storage provider inside a Google Cloud environment
> -----------------------------------------------------------------------------
>
> Key: JCLOUDS-1585
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1585
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-blobstore, jclouds-labs-google
> Affects Versions: 2.4.0
> Environment: Google dataproc cluster with 1.5-ubuntu18 image version
> Reporter: Alexis BRENON
> Priority: Major
> Labels: GCP
>
> To generate a Google Storage blobstore, user needs to pass credentials
> composed of identity and private key.
> However, when running the application inside a Google Cloud environment
> (Compute Engine, Dataproc, etc.) these credentials are not available and
> suitable creadentials can be fetched through [Application Default Credentials
> library|https://cloud.google.com/docs/authentication/production#automatically].
> This bug prevents anyone to use the GCSÂ blobstore inside GCP environment as
> already reported on
> [StackOverflow|https://stackoverflow.com/q/56279711/4373898].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
