-
Notifications
You must be signed in to change notification settings - Fork 74k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Workload Identity Federation authentication in GFile #57104
Comments
Any update on this from Googlers? This is a pretty tricky annoyance in our CI/CD workflows on GitHub Actions to Vertex and Dataflow, since |
Hi, If this is issue is related to any security vulnerability of Tensorflow, could you please report it in the proper channel so that this will be taken on priority. |
cc @sachinprasadhs
|
Even better Google has now gone even farther introducing direct auth, allowing you to fully bring your own identity to authenticate directly with GCP APIs instead of using an impersonated service account at all. Also recommended by Google over service account impersonation. That's certainly not supported here either. |
Click to expand!
Issue Type
Feature Request
Source
binary
Tensorflow Version
2.9.0
Custom Code
No
OS Platform and Distribution
Ubuntu 20:04
Mobile device
No response
Python version
3.9
Bazel version
No response
GCC/Compiler version
No response
CUDA/cuDNN version
No response
GPU model and memory
No response
Current Behaviour?
Workload Identity Federation is the new and preferred authentication mechanism to GCS on CI systems where long lived service account keys can pose a security risk according to https://github.com/google-github-actions/auth. It would be great if TensorFlow gfile would be able to utilise this authentication mechanism as well.
Standalone code to reproduce the issue
Relevant log output
No response
The text was updated successfully, but these errors were encountered: