<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:38:33 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-2415] KMSProvider for GCP does not accept access_token for the service account email</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-2415</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;Hi,&lt;/p&gt;

&lt;p&gt;I am trying to do CSFLE using GCE&apos;s default Service Account. But, the KMSProvider for GCP is looking for the &quot;privateKey&quot; for the SA. Our GCP admin does not allow creating keys for SA as a security measure.&#160;&lt;/p&gt;

&lt;p&gt;As an alternative, can the driver accept the access token for the SA for authentication.&lt;/p&gt;

&lt;p&gt;Thanks,&lt;/p&gt;

&lt;p&gt;Ankur&lt;/p&gt;</description>
                <environment></environment>
        <key id="2042718">GODRIVER-2415</key>
            <summary>KMSProvider for GCP does not accept access_token for the service account email</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="ankurbarua@gmail.com">ankur barua</reporter>
                        <labels>
                    </labels>
                <created>Mon, 9 May 2022 18:21:50 +0000</created>
                <updated>Sat, 6 Aug 2022 15:04:33 +0000</updated>
                            <resolved>Sat, 6 Aug 2022 15:04:33 +0000</resolved>
                                                                                        <votes>1</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="4732882" author="kevin.albertson" created="Sat, 6 Aug 2022 15:04:33 +0000"  >&lt;p&gt;Resolved by &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2501&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2501&quot;&gt;&lt;del&gt;GODRIVER-2501&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</comment>
                            <comment id="4546023" author="kevin.albertson" created="Thu, 12 May 2022 18:57:32 +0000"  >&lt;p&gt;Thank you for the feature request &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=ankurbarua%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;ankurbarua@gmail.com&quot;&gt;ankurbarua@gmail.com&lt;/a&gt; . This is a limitation in all drivers. The work to support GCP with attached service accounts is tracked in &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;MONGOCRYPT-328&lt;/del&gt;&lt;/a&gt;. Please watch &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2377&quot; title=&quot;Add support for GCP attached service accounts when using GCP KMS&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2377&quot;&gt;&lt;del&gt;MONGOCRYPT-328&lt;/del&gt;&lt;/a&gt; for updates.&lt;/p&gt;</comment>
                            <comment id="4536180" author="JIRAUSER1268709" created="Mon, 9 May 2022 18:27:41 +0000"  >&lt;p&gt;To add some more specifics, the request would be to not require a privateKey and have the go client get access tokens using the default SA from the GCE VM or e.g. when Workload Identity is used in GKE.&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;This is required for customers that only allow using default SA credentials and have an org policy to prevent downloading SA keys. Here are more docs on this default SA: &lt;a href=&quot;https://cloud.google.com/compute/docs/access/service-accounts#use-sas&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://cloud.google.com/compute/docs/access/service-accounts#use-sas&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&quot;A user-managed service account can be attached to a Compute Engine instance to provide credentials to applications running on the instance. These credentials are used by the application for authentication to Google Cloud APIs, and authorization to access Google Cloud resources. &quot;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="2098081">GODRIVER-2501</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1845855">DRIVERS-2377</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5006R00001lRlL0QAK]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i0d4dk:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>