Assigned
Status Update
No update yet.
Comments
ba...@google.com
ma...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
This will create a public issue which anybody can view and comment on.
Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.
Problem you have encountered:
We are trying to avoid using Service Account in Workload Identity Federation Authentication (WIF) so we can connect to the Compute Engine Instance with OS Login without using custom SSH keys to log in to the Instance.
Ideally would be to enable using Direct Resource Access
Upon trying to perform the required steps in order to setup a Workload Identity Pool that has direct IAM permissions on Google Cloud resources without using any intermediate service accounts or keys [3], we were unable to connect to a compute engine Instance using OS Login. The gcloud beta compute ssh command was not working via OS Login. However, using Service Account and SSH keys worked, but only by following this
What you expected to happen:
The ultimate goal is to avoid using Service Accounts in the Workload Identity Federation (WIF) authentication process and utilize Direct Workload Identity Federation
Steps to reproduce:
Other information (workarounds you have tried, documentation consulted, etc):
[3:]https://github.com/google-github-actions/auth?tab=readme-ov-file#preferred-direct-workload-identity-federation