Update google OAUTH2 to support Workload Identity Federation

[prashantkul]

Please update google OAUTH2 library to support Workload Identity Federation.

GO v0.0.0-20210218202405-ba52d332ba99 or later of the golang.org/x/oauth2 module

[calvn]

Hello, thanks for opening a GH issue on this request! There's an ongoing dependency issue where both the golang.org/x/oauth2 package and the github.com/etcd-io/etcd package depends on google.golang.org/grpc, and upgrading the former breaks the latter due to package incompatibility issues, thus breaking the Vault build.

We're looking into updating the etcd depending to be at etcd v3.5.0-alpha.0 or newer which might unblock us from this dependency problem, but we'll have to make additional code changes to get the imports and references updated throughout the codebase.

Related to etcd-io/etcd#12124
Similar to hashicorp/cap#14

[MXfive]

Seems this is unblocked now, would be really great for cloud portable workloads to run on both clouds simultaneously using Vault to provision credentials.

[prashantkul]

Absolutely. We’ve tons of customer thay use vault on prep or in cloud. So it would be highly beneficial from risk management.

On Wed, Feb 16, 2022 at 10:28 PM Martyn Cross ***@***.***> wrote: Seems this is unblocked now, would be really great for cloud portable workloads to run on both clouds simultaneously using Vault to provision credentials. — Reply to this email directly, view it on GitHub <#11255 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJODEHSGW4KK3FIY2UECEADU3SIPBANCNFSM42FU3D3A> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you authored the thread.Message ID: ***@***.***>

-- *Prashant Kulkarni* Customer Engineer, Security & Compliance Specialist Google Cloud

[austingebauer]

@prashantkul - We've recently upgraded our golang.org/x/oauth2 dependency beyond the version you've suggested in this issue. Are you able to provide any additional information as to how this specific dependency upgrade would help us support Workload Identity Federation? Thank you!

[sofixa]

I can confirm that Vault now supports GCP Workload Identity Federation and can successfully auth into GCP from other trusted identity providers.

[hsimon-hashicorp]

Thank you, @sofixa - I will close this issue now, but folks can feel free to re-open it as needed. Thanks again!