salrashid123
salrashid123
requires upstream `go-tpm` fixes for hmac https://github.com/google/go-tpm/issues/249
got it, yeah adding the Signer capability is what i meant (vs breaking change) fwiw, if i'm not mistaken, even the privatekeys implements Singer too so there maybe a path...
hi- i'm not at all familiar with how the API is composed is used in practice (i just used it for a pretty odd [reason](https://github.com/salrashid123/mcbn)) but maybe able help in...
atleast in my case, i'll use [kaniko](https://github.com/GoogleContainerTools/kaniko#flag---reproducible) or since the primary app is in go, the DIY approach with `buildah`. I'll leave this open incase anyone wants to implement. thanks
fwiw, a go version of alpha quality here to do this conversion [https://github.com/salrashid123/tpm2genkey](https://github.com/salrashid123/tpm2genkey)
generating a signedurl requires direct or indirect access to a private key. the direct access is if you have the private key onhand. indirect access is through [iam .signBlob()](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob) API...
ok, found it through [google.oauth2.credentials.Credentials](https://google-auth.readthedocs.io/en/stable/reference/google.oauth2.credentials.html#google.oauth2.credentials.Credentials) ```python import google.oauth2.credentials credentials = google.oauth2.credentials.Credentials("thetoken") storage_client = storage.Client(credentials=credentials) for b in storage_client.list_buckets(): print(b.name) ``` Would be fine to close this out...my 2c is to...
sorry, i think i added in some confusion by adding the other reference. I do think this issue is a bug where the `pubsub` client's handling of the delegated credentials...
I'm an owner now of the target GCP project and saw the sidecars didn't get installed though the other components did ```bash $ kubectl get namespace -L istio-injection NAME STATUS...
hm. i just verified it works with the following ``` $ ./envoy --version ./envoy version: d1d6be37c00e0be95b3a1c4cbfea441f1af88559/1.29.0-dev/Clean/RELEASE/BoringSSL $ go version go version go1.21.0 linux/amd64 ```