Skip to content

Default Credentials fail under GKE/Workload Identity #1396

New issue
New issue
Closed
Closed
Default Credentials fail under GKE/Workload Identity#1396
Assignees
erkolson
Labels
needs more infoThis issue needs more information from the customer to proceed.type: questionRequest for information or clarification. Not an issue.
@erkolson

Description

@erkolson
erkolson
opened on Oct 21, 2019

Environment details

  1. Auth Oauth2
  2. OS type and version: linux container in GKE with workload identity configured on the pod service account
  3. Java version: 7/8
  4. google-api-client version(s): latest

Steps to reproduce

  1. Invoke the application default credential

Code example

GoogleCredential credential = GoogleCredential.getApplicationDefault();

Stack trace

WARNING: Failed to detect whether we are running on Google Compute Engine.
com.google.api.client.http.HttpResponseException: 403 Forbidden
GKE Metadata Server encountered an error: Missing required header "Metadata-Flavor": "Google"
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1070)
at com.google.api.client.googleapis.auth.oauth2.OAuth2Utils.runningOnComputeEngine(OAuth2Utils.java:86)

Metadata

Metadata

Assignees

Labels

needs more infoThis issue needs more information from the customer to proceed.type: questionRequest for information or clarification. Not an issue.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions