[
https://issues.apache.org/jira/browse/NIFI-16010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18088459#comment-18088459
]
ASF subversion and git services commented on NIFI-16010:
--------------------------------------------------------
Commit 17ddb8740e3fd487b6086547add04c7f83a12053 in nifi's branch
refs/heads/main from Pierre Villard
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=17ddb8740e3 ]
NIFI-16010 - Enforce service-account credential type in GCP credential
strategies (#11323)
Signed-off-by: Peter Turcsanyi <[email protected]>
> Enforce service-account credential type in GCP credential strategies
> --------------------------------------------------------------------
>
> Key: NIFI-16010
> URL: https://issues.apache.org/jira/browse/NIFI-16010
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Priority: Major
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> The GCP service-account credential strategies loads configured JSON through
> the generic GoogleCredentials.fromStream() loader, which dispatches on the
> JSON "type" field. A document with "type": "external_account" supplied to the
> "Service Account Credentials (Json File)" or "Service Account Credentials
> (Json Value)" strategy is accepted and produces ExternalAccountCredentials,
> even though external identity is supposed to flow through the separate
> "Workload Identity Federation" strategy. The inline JSON property is only
> validated as syntactically valid JSON.
> We should make the service-account strategies enforce their own contract.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
