tikv TiKV BR GCS backend gets credential by strategy ADC (application default credential)

TiKV BR GCS backend gets credential by strategy ADC (application default credential)

Open ken8203 opened this issue 1 year ago • 4 comments

Feature Request

Is your feature request related to a problem? Please describe:

Even though TiKV pods have attached the service account, it's not authorized to access GCS while backup.

Error: error happen in store 4 at test-tikv-1.test-tikv-peer.default.svc:20160: Io(Custom { kind: PermissionDenied, error: "GCS OAuth: https://www.googleapis.com/upload/storage/v1/b/test/o?uploadType=multipart&prettyPrint=false: 401 Unauthorized" }): [BR:KV:ErrKVStorage]tikv storage occur I/O error

Describe the feature you'd like:

Get the credential by strategy ADC^1. It only accepts JSON file^2 from disk for now .

Describe alternatives you've considered:

Teachability, Documentation, Adoption, Migration Strategy:

I am not familiar with Rust, but google-cloud-auth might help. :D

May 04 '23 15:05 ken8203

/components backup-restore

Dec 18 '23 10:12 BornChanger

/severity major

Dec 18 '23 10:12 BornChanger

@jebter it's a rqurement instead of bug.

Apr 02 '24 00:04 BornChanger

@jebter Shall we remove affects-8.1 here?

Apr 28 '24 12:04 kennedy8312

tikv tikv copied to clipboard

TiKV BR GCS backend gets credential by strategy ADC (application default credential)

Feature Request

Is your feature request related to a problem? Please describe:

Describe the feature you'd like:

Describe alternatives you've considered:

Teachability, Documentation, Adoption, Migration Strategy:

tikv
tikv copied to clipboard