You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Tamás Utasi <ta...@gmail.com> on 2021/08/23 12:36:19 UTC
How to get camel-google-pubsub working on GKE, pubsub with workload
identity (instead of service account keys?
I'm trying to get a simple piece of code working using:
- GKE (https://cloud.google.com/kubernetes-engine),
- google pubsub,
- workload identity (
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity),
- camel-google-pubsub and camel-google-pubsub-starter v 3.11.0
My app comes up OK, but when it tries to connect to my subscription it
fails with: "io.grpc.StatusRuntimeException: PERMISSION_DENIED: The request
is missing a valid API key."
This is reasonable as I'm not providing the "serviceAccountKey" query
parameter as I want to use workload identity (which I configured all the
way through) cause, as of today, that is the recommended way to access
Google Cloud services from GKE instead of a mounted service account keys.
However. inspecting the code
https://github.com/apache/camel/blob/camel-3.11.1/components/camel-google/camel-google-pubsub/src/main/java/org/apache/camel/component/google/pubsub/GooglePubsubComponent.java
tells me that this is impossible at the moment.
I'm happy to create a JIRA and attempt to open a PR to add support for
workload identity if someone can confirm that this is desired.
Best Regards,
Tamas
Re: How to get camel-google-pubsub working on GKE, pubsub with
workload identity (instead of service account keys?
Posted by Andrea Cosentino <an...@gmail.com>.
No, it will be reviewed on Github.
Thanks
Il giorno mer 25 ago 2021 alle ore 16:00 Tamás Utasi <ta...@gmail.com>
ha scritto:
> Hi,
>
> I raised a PR: https://github.com/apache/camel/pull/5987.
>
> What should I expect next? Should I write to the dev mailing list?
>
> Tamás
>
> On Tue, 24 Aug 2021 at 00:00, Andrea Cosentino
> <an...@yahoo.com.invalid> wrote:
>
> > Hello,
> > You're welcome to open a Jira and work on a PR. We need to review more
> > google cloud components for sure in relation to this.
> > Thanks for reaching out to the community
> >
> > Inviato da Yahoo Mail su Android
> >
> > Il lun, 23 ago, 2021 alle 21:45, Tamás Utasi<ta...@gmail.com> ha
> > scritto: I'm trying to get a simple piece of code working using:
> > - GKE (https://cloud.google.com/kubernetes-engine),
> > - google pubsub,
> > - workload identity (
> > https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
> ),
> > - camel-google-pubsub and camel-google-pubsub-starter v 3.11.0
> >
> > My app comes up OK, but when it tries to connect to my subscription it
> > fails with: "io.grpc.StatusRuntimeException: PERMISSION_DENIED: The
> request
> > is missing a valid API key."
> >
> > This is reasonable as I'm not providing the "serviceAccountKey" query
> > parameter as I want to use workload identity (which I configured all the
> > way through) cause, as of today, that is the recommended way to access
> > Google Cloud services from GKE instead of a mounted service account keys.
> >
> > However. inspecting the code
> >
> >
> https://github.com/apache/camel/blob/camel-3.11.1/components/camel-google/camel-google-pubsub/src/main/java/org/apache/camel/component/google/pubsub/GooglePubsubComponent.java
> > tells me that this is impossible at the moment.
> >
> > I'm happy to create a JIRA and attempt to open a PR to add support for
> > workload identity if someone can confirm that this is desired.
> >
> > Best Regards,
> > Tamas
> >
> >
>
> --
> best regards,
> *Tamás Utasi*
>
> mail: tamas.utasi@gmail.com
>
Re: How to get camel-google-pubsub working on GKE, pubsub with
workload identity (instead of service account keys?
Posted by Tamás Utasi <ta...@gmail.com>.
Hi,
I raised a PR: https://github.com/apache/camel/pull/5987.
What should I expect next? Should I write to the dev mailing list?
Tamás
On Tue, 24 Aug 2021 at 00:00, Andrea Cosentino
<an...@yahoo.com.invalid> wrote:
> Hello,
> You're welcome to open a Jira and work on a PR. We need to review more
> google cloud components for sure in relation to this.
> Thanks for reaching out to the community
>
> Inviato da Yahoo Mail su Android
>
> Il lun, 23 ago, 2021 alle 21:45, Tamás Utasi<ta...@gmail.com> ha
> scritto: I'm trying to get a simple piece of code working using:
> - GKE (https://cloud.google.com/kubernetes-engine),
> - google pubsub,
> - workload identity (
> https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity),
> - camel-google-pubsub and camel-google-pubsub-starter v 3.11.0
>
> My app comes up OK, but when it tries to connect to my subscription it
> fails with: "io.grpc.StatusRuntimeException: PERMISSION_DENIED: The request
> is missing a valid API key."
>
> This is reasonable as I'm not providing the "serviceAccountKey" query
> parameter as I want to use workload identity (which I configured all the
> way through) cause, as of today, that is the recommended way to access
> Google Cloud services from GKE instead of a mounted service account keys.
>
> However. inspecting the code
>
> https://github.com/apache/camel/blob/camel-3.11.1/components/camel-google/camel-google-pubsub/src/main/java/org/apache/camel/component/google/pubsub/GooglePubsubComponent.java
> tells me that this is impossible at the moment.
>
> I'm happy to create a JIRA and attempt to open a PR to add support for
> workload identity if someone can confirm that this is desired.
>
> Best Regards,
> Tamas
>
>
--
best regards,
*Tamás Utasi*
mail: tamas.utasi@gmail.com
R: How to get camel-google-pubsub working on GKE, pubsub with
workload identity (instead of service account keys?
Posted by Andrea Cosentino <an...@yahoo.com.INVALID>.
Hello,
You're welcome to open a Jira and work on a PR. We need to review more google cloud components for sure in relation to this.
Thanks for reaching out to the community
Inviato da Yahoo Mail su Android
Il lun, 23 ago, 2021 alle 21:45, Tamás Utasi<ta...@gmail.com> ha scritto: I'm trying to get a simple piece of code working using:
- GKE (https://cloud.google.com/kubernetes-engine),
- google pubsub,
- workload identity (
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity),
- camel-google-pubsub and camel-google-pubsub-starter v 3.11.0
My app comes up OK, but when it tries to connect to my subscription it
fails with: "io.grpc.StatusRuntimeException: PERMISSION_DENIED: The request
is missing a valid API key."
This is reasonable as I'm not providing the "serviceAccountKey" query
parameter as I want to use workload identity (which I configured all the
way through) cause, as of today, that is the recommended way to access
Google Cloud services from GKE instead of a mounted service account keys.
However. inspecting the code
https://github.com/apache/camel/blob/camel-3.11.1/components/camel-google/camel-google-pubsub/src/main/java/org/apache/camel/component/google/pubsub/GooglePubsubComponent.java
tells me that this is impossible at the moment.
I'm happy to create a JIRA and attempt to open a PR to add support for
workload identity if someone can confirm that this is desired.
Best Regards,
Tamas