[
https://issues.apache.org/jira/browse/NIFI-16010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard updated NIFI-16010:
----------------------------------
Status: Patch Available (was: Open)
> Enforce service-account credential type in GCP credential strategies
> --------------------------------------------------------------------
>
> Key: NIFI-16010
> URL: https://issues.apache.org/jira/browse/NIFI-16010
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Priority: Major
>
> The GCP service-account credential strategies loads configured JSON through
> the generic GoogleCredentials.fromStream() loader, which dispatches on the
> JSON "type" field. A document with "type": "external_account" supplied to the
> "Service Account Credentials (Json File)" or "Service Account Credentials
> (Json Value)" strategy is accepted and produces ExternalAccountCredentials,
> even though external identity is supposed to flow through the separate
> "Workload Identity Federation" strategy. The inline JSON property is only
> validated as syntactically valid JSON.
> We should make the service-account strategies enforce their own contract.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
