Commit a5e7fb66 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat(oidc): OIDC authentication support now requires explicit configuration (see doc) 

Due to CI_JOB_JWT-* variables discontinued, TBC now switches
to ID tokens for GCP authentication support.

BREAKING CHANGE: OIDC authentication support now requires explicit configuration (see doc)
parent f6e1b0ad

templates/gitlab-ci-dbt-gcp.yml

+5 −1
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 
variables:

  # variabilized gcp-auth-provider image

  TBC_GCP_PROVIDER_IMAGE: $CI_REGISTRY/to-be-continuous/tools/gcp-auth-provider:main

  GCP_OIDC_AUD: "$CI_SERVER_URL"



.dbt-base:

  services:
@@ -13,5 +14,8 @@ variables: 
      alias: "gcp-auth-provider"

  variables:

    #  have to be explicitly declared in the YAML to be exported to the service

    CI_JOB_JWT_V2: $CI_JOB_JWT_V2

    GCP_JWT: $GCP_JWT

    GOOGLE_OAUTH_ACCESS_TOKEN: "@url@http://gcp-auth-provider/token"

  id_tokens:

    GCP_JWT:

      aud: "$GCP_OIDC_AUD"