Feature search
Which component would this feature affect?
Prowler UI
Related to specific cloud provider?
GCP
New feature motivation
Self-hosted prowler deployed in GKE currently has no UI option to use Workload Identity Federation (WIF), only offering:
- Service account key
- Application default credentials
Both of which require long-lived credentials.
Solution Proposed
Add a third auth option for GCP providers to allow for configuration of Workload Identity Federation.
Use case and benefits
This removes the need for long-lived static credentials to access the GCP environments to perform scans, instead relying on OIDC and short-lived credentials.
Describe alternatives you've considered
Use either the two existing auth offerings, with the trade-offs being
- Long-lived static credentials
- Tedious to configure and manage static credentials across many GCP projects
Additional context
I also intend to open a related feature request around configuring GCP scanning at an org level (rather than a project level), something which appears to be supported in the CLI, but not the UI/self-hosted offering.
Feature search
Which component would this feature affect?
Prowler UI
Related to specific cloud provider?
GCP
New feature motivation
Self-hosted prowler deployed in GKE currently has no UI option to use Workload Identity Federation (WIF), only offering:
Both of which require long-lived credentials.
Solution Proposed
Add a third auth option for GCP providers to allow for configuration of Workload Identity Federation.
Use case and benefits
This removes the need for long-lived static credentials to access the GCP environments to perform scans, instead relying on OIDC and short-lived credentials.
Describe alternatives you've considered
Use either the two existing auth offerings, with the trade-offs being
Additional context
I also intend to open a related feature request around configuring GCP scanning at an org level (rather than a project level), something which appears to be supported in the CLI, but not the UI/self-hosted offering.