Pierre Villard created NIFI-16010:
-------------------------------------
Summary: Enforce service-account credential type in GCP credential
strategies
Key: NIFI-16010
URL: https://issues.apache.org/jira/browse/NIFI-16010
Project: Apache NiFi
Issue Type: Improvement
Components: Extensions
Reporter: Pierre Villard
Assignee: Pierre Villard
The GCP service-account credential strategies loads configured JSON through the
generic GoogleCredentials.fromStream() loader, which dispatches on the JSON
"type" field. A document with "type": "external_account" supplied to the
"Service Account Credentials (Json File)" or "Service Account Credentials (Json
Value)" strategy is accepted and produces ExternalAccountCredentials, even
though external identity is supposed to flow through the separate "Workload
Identity Federation" strategy. The inline JSON property is only validated as
syntactically valid JSON.
We should make the service-account strategies enforce their own contract.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
