What is the problem you are having with rclone?
I want to know how I connect rclone with Gcloud WIF( Workload Identity Federation ). Like which credentials I need to pass in and any guides will be really useful.
I want to know how I connect rclone with Gcloud WIF( Workload Identity Federation ). Like which credentials I need to pass in and any guides will be really useful.
That looks to be an IAM tool by Google. Not quite sure how it ties into rclone, which is a cloud storage tool.
Not sure how they tie together.
hi, took a very quick read of google documentation.
https://cloud.google.com/iam/docs/workload-identity-federation
The token exchange flow returns a federated access token. You can use this token to impersonate a service account and obtain a short-lived OAuth 2.0 access token. The short-lived access token lets you call any Google Cloud APIs that the service account has access to.
this looks like the same issue i deal with AWS S3 when using MFA.
rclone does not support Multi Factor Authentication.
so i need to call a function using AWS S3 api, not with rclone.
that function returns a short-lived access token that i feed that to rclone.
so i think that you need to do something similar
short-lived access token
using the gcloud api.tho i am using AWS S3 api,
i can share the python function that gets the token and creates that on-the-fly remote.
Hello @asdffdsa thank you very much for the help. Don't we have any env variable or some config from rclone end directly to make use of this short-lived access token without writing custom code in between to handle this ?
yes, rclone can use env variables and standard .json service account file.
https://rclone.org/googlecloudstorage/#gcs-service-account-credentials
for example, here rclone is using a service account file, as downloaded direct from google website.
rclone lsd "gdrive,service_account_file='service.account.file.json':"
-1 2022-03-03 09:33:10 -1 zork
Does the above( standard .json service account file) work when doing auth using WIF from gcloud ? or to use WIF do I need to create custom code mandatory to handle with WIF ?
as far as i know, rclone has no concept of WIF.
once you have the token, should be able to use
--gcs-token
beyond that and the official gcloud detailed examples, i do not know.
hopefully, someone will stop by to assist further.
You can use the oauth flow directly with google cloud storage - did you try that @Magesh ? Just run through rclone config
. I know nothing about WIF though, so maybe that is barking up the wrong tree!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.