trident icon indicating copy to clipboard operation
trident copied to clipboard
verified publisher icon NetApp

GCP Workload Identity partially implemented — still requires SA key

Open Anantha-Kandrapu opened this issue 1 month ago • 2 comments

Currently Workload identity feature for GCP is not working, because when I use SA keys it works.

Going through the code, the feature seems to be partially implemented (only the validation part). But the actual storage driver still looks for private key

https://github.com/NetApp/trident/blob/cc51e6bb0b061d0d8676ec4a00365f2f2732cd85/storage_drivers/gcp/gcp_gcnv.go#L530

I could also see for Azure WI there's a flag identityLabel = true which i can't find for GCP .

https://github.com/NetApp/trident/blob/cc51e6bb0b061d0d8676ec4a00365f2f2732cd85/cli/cmd/install.go#L499

Anantha-Kandrapu avatar Nov 03 '25 20:11 Anantha-Kandrapu

I can raise a PR. Please let me know. Thanks!!

Anantha-Kandrapu avatar Nov 03 '25 20:11 Anantha-Kandrapu

Hello, @Anantha-Kandrapu. We're working on this and expect to optionally accept WIF JSON in place of the API Key.

clintonk avatar Nov 12 '25 04:11 clintonk