[Disk Manager]: Add separate certificate for IAM (#1467)

* [Disk Manager]: Add separate certificate for IAM AuthConfig.CertFile is intended as a certificate for verifying TLS for access service, not for token signing. Fix the semantic. * Rename ServiceAccount.CertFile to TokenPrivateKeyFile * RenameTokenPrivateKeyFile to TokenSigningCertFile for consistency with helm
ydb-platform · Jun 20, 2024 · 4edd26c · 4edd26c
1 parent 3904d29
commit 4edd26c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/cloud/disk_manager/internal/pkg/auth/config/config.proto b/cloud/disk_manager/internal/pkg/auth/config/config.proto
@@ -12,6 +12,7 @@ message ServiceAccount {
     required string Id = 1;
     required string KeyId = 2;
     required string Audience = 3;
+    required string TokenSigningCertFile = 4;
 }
 
 message AuthConfig {

diff --git a/cloud/disk_manager/internal/pkg/auth/credentials.go b/cloud/disk_manager/internal/pkg/auth/credentials.go
@@ -39,7 +39,7 @@ func NewCredentials(
 			credentials.WithJWTSubjectToken(
 				credentials.WithSigningMethod(jwt.SigningMethodRS256),
 				credentials.WithKeyID(config.GetServiceAccount().GetKeyId()),
-				credentials.WithRSAPrivateKeyPEMFile(config.GetCertFile()),
+				credentials.WithRSAPrivateKeyPEMFile(config.GetServiceAccount().GetTokenSigningCertFile()),
 				credentials.WithIssuer(config.GetServiceAccount().GetId()),
 				credentials.WithSubject(config.GetServiceAccount().GetId()),
 				credentials.WithAudience(config.GetServiceAccount().GetAudience()),