Standalone WorkloadIdentityClient

This issue has been tracked since 2022-06-08.


Is it possible to use the WorkloadIdentityClient in a standalone manner? I have an OIDC compliant provider and would like to instruct teams to act with our onpremise OIDC provider like we do with github.

The existing documentation suggests dropping down to gcloud to create the credentials but it seems like this breaks the spirit of the implementation.

Detailed design

No response

Additional information

No response

sethvargo wrote this answer on 2022-06-08

Hi @duffenterprises

Thank you for opening an issue. We do not intend to support the WorkloadIdentityClient as a standalone package. It's specific to this GitHub Action. Since this is open source, I would recommend you fork or incorporate it into your project while maintaining the copyright.

Those gcloud commands just write out a JSON file that points to an envvar or file to get the OIDC token. You can set GOOGLE_APPLICATION_CREDENTIALS to point to that file.

duffenterprises wrote this answer on 2022-06-08

@sethvargo Perhaps this is better asked to the team that maintains this documentation, but why is this the prescribed path?

sethvargo wrote this answer on 2022-06-08

@duffenterprises - I would recommend opening an issue on that repo and tagging @bcoe. He's done a lot of work in the space on that repo.

but why is this the prescribed path?

Can you clarify what you mean by "this"?

More Details About Repo
Owner Name google-github-actions
Repo Name auth
Full Name google-github-actions/auth
Language TypeScript
Created Date 2021-09-16
Updated Date 2023-03-24
Star Count 573
Watcher Count 16
Fork Count 116
Issue Count 3


Issue Title Created Date Updated Date