Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add support for using GCE assigned service accounts #833

Closed
andyfoston opened this issue Dec 4, 2024 · 0 comments · Fixed by #827
Closed

Add support for using GCE assigned service accounts #833

andyfoston opened this issue Dec 4, 2024 · 0 comments · Fixed by #827

Comments

@andyfoston
Copy link
Contributor

andyfoston commented Dec 4, 2024
edited by sync-by-unito bot
Loading

Project board link

Add support for using Google GCE service accounts that are assigned to a VM, rather than using an explicit service account key.

Using a static key is a problem for my organisation as these need to be frequently rotated. However, when a service account is assigned to a GCE Virtual Machine, a short lived key is made available via the GCE metadata API so this completely removes this issue for us.

The gcloud-aio GCS client library supports using this, so I've created a PR to add support for this. To use this feature, the key_file can be omitted from the medusa.ini file.

I have tested this with a Google Compute Engine VM, and this works as expected. I think this will also work when used with GKE Workload Identity too (for K8ssandra), but I haven't tested this (related to #558)

┆Issue is synchronized with this Jira Story by Unito
┆Issue Number: MED-115
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for using an attached GCE service account andyfoston/cassandra-medusa
1 participant
@andyfoston