Emmanuel Gomez
Emmanuel Gomez
@CookieCookson — howdy! Just checking in. Is this tracking towards landing? And is there anything further you'd like to see done on this PR?
I can't speak to the intent of the existing implementation. However, the fact that AWS & GCP's workload identity mechanisms only apply in their respective environments seems implied. I'm not...
Regarding (1): supporting specifying the `ServiceAccount` of the importer pod better aligns KubeVirt with the security infrastructure of Kubernetes overall. Is there an argument against that as a goal?
Ahh, I read your comment too hastily. I now see that you are pointing out that the current implementation supports _pulling from_ cloud storage without _running on_ cloud compute. I...
As @awels mentioned, once the importer spec supports specifying the `ServiceAccount`, the importer code would be updated to branch, and utilize the cloud provider client library's default credential chain if...
I should mention that if the proposed change is welcome, I'm happy to PR the code changes in the importer for the AWS SDK. I _may_ even be able to...
I'm also happy to PR the change to the DV spec, but I'll need a little guidance about how to do so.
Great, glad to hear the change would be welcomed. I hear you about the testing; I will look around for some references/example tests where the AWS/GCP SDKs are in play....
@CookieCookson Great! I'm glad this looks like a useful contribution. And thanks for the encouragement! I rebased and tests still pass locally.
Actually, regarding the tests: I dropped the mocking of time in the statement tests, which mostly works, but occasionally fails. IOW, I introduced a flaky test. I have a thought...