Skip to content

Skip Authorized Party check for GCP joining #55236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 29, 2025
Merged

Skip Authorized Party check for GCP joining #55236

merged 3 commits into from
May 29, 2025

Conversation

@Joerger
Copy link
Contributor

@Joerger Joerger commented May 28, 2025
edited
Loading

In #54939, we migrated from github.com/coreos/go-oidc/v3 to github.com/zitadel/oidc/v3. The zitadel library includes a strict check for the oidc Authorized Party claim by default, which is not compatible with GCP. According to the OIDC spec, this should in fact be an optional check.

While we wait for the upstream PR to make this check optional, this PR fixes the GCP regression by skipping the check utilizing zitadel's exported function.

Closes #55238

@Joerger Joerger added test-plan-problem Issues which have been surfaced by running the manual release test plan regression no-changelog Indicates that a PR does not require a changelog entry backport/branch/v18 labels May 28, 2025
@Joerger Joerger requested a review from strideynet May 28, 2025 21:59
@zmb3
Copy link
Collaborator

zmb3 commented May 28, 2025

Please file an issue with test-plan-problem and then link this PR to that issue.

@Joerger Joerger removed the test-plan-problem Issues which have been surfaced by running the manual release test plan label May 28, 2025
strideynet
strideynet approved these changes May 29, 2025
View reviewed changes
Copy link
Contributor

@strideynet strideynet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed gcp joining in my development cluster. Thank you!

@Joerger Joerger added this pull request to the merge queue May 29, 2025
Merged via the queue into master with commit 418bc30 May 29, 2025
40 checks passed
@Joerger Joerger deleted the joerger/skip-azp-check-gcp branch May 29, 2025 17:41
@backport-bot-workflows
Copy link
Contributor

backport-bot-workflows bot commented May 29, 2025

@Joerger See the table below for backport results.

Branch Result
branch/v18 Create PR

@Joerger Joerger mentioned this pull request May 29, 2025
Merged
@Joerger Joerger mentioned this pull request Jul 31, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strideynet strideynet strideynet approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

backport/branch/v18 no-changelog Indicates that a PR does not require a changelog entry regression size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GCP join method fails due to strict Authorized Party check

5 participants

@Joerger @zmb3 @strideynet @rosstimothy