Andrea Cosentino created CAMEL-23231:
----------------------------------------
Summary: Camel-Google-common: Add Workload Identity Federation
support for all Google components
Key: CAMEL-23231
URL: https://issues.apache.org/jira/browse/CAMEL-23231
Project: Camel
Issue Type: New Feature
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Fix For: 4.19.0
The camel-google-common credential helper (GoogleCredentialsHelper) supported
service account JSON keys and Application Default Credentials (ADC) but did not
support Workload Identity Federation (WIF). This is a significant gap for
modern cloud-native deployments where workloads running on GKE, Cloud Run,
GitHub Actions, AWS, and Azure need to authenticate to GCP without managing
service account key files. WIF uses OIDC token exchange to provide secure,
keyless authentication.
This change adds WIF support to the shared GoogleCommonConfiguration interface
and GoogleCredentialsHelper, which are used by all 16 Google components. The
implementation supports explicit WIF configuration files (for GitHub Actions,
AWS, Azure), automatic GKE Workload Identity via ADC, and service account
impersonation via ImpersonatedCredentials.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
