Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for using GCE assigned service accounts #833

Closed
andyfoston opened this issue Dec 4, 2024 · 0 comments · Fixed by #827
Closed

Add support for using GCE assigned service accounts #833

andyfoston opened this issue Dec 4, 2024 · 0 comments · Fixed by #827

Comments

@andyfoston
Copy link
Contributor

andyfoston commented Dec 4, 2024
edited by sync-by-unito bot
Loading

Project board link

Add support for using Google GCE service accounts that are assigned to a VM, rather than using an explicit service account key.

Using a static key is a problem for my organisation as these need to be frequently rotated. However, when a service account is assigned to a GCE Virtual Machine, a short lived key is made available via the GCE metadata API so this completely removes this issue for us.

The gcloud-aio GCS client library supports using this, so I've created a PR to add support for this. To use this feature, the key_file can be omitted from the medusa.ini file.

I have tested this with a Google Compute Engine VM, and this works as expected. I think this will also work when used with GKE Workload Identity too (for K8ssandra), but I haven't tested this (related to #558)

┆Issue is synchronized with this Jira Story by Unito
┆Issue Number: MED-115
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for using an attached GCE service account andyfoston/cassandra-medusa
1 participant
@andyfoston