feat(cubestore): GCS Workload Identity Federation (WIF/ADC) support by KrishnaRMaddikara · Pull Request #10498 · cube-js/cube
…ote storage Replace cloud_storage crate with object_store crate for GCS remote filesystem. Problem: - cloud_storage crate requires SERVICE_ACCOUNT or SERVICE_ACCOUNT_JSON env vars - Panics without them on GKE with Workload Identity (WIF) configured - Affects all GKE users running CubeStore with Workload Identity Fix: - Switch to object_store crate (already a transitive dep via Arrow/DataFusion) - GoogleCloudStorageBuilder::from_env() supports full ADC credential chain: 1. CUBESTORE_GCP_KEY_FILE (backward compat) 2. CUBESTORE_GCP_CREDENTIALS (backward compat) 3. GKE Workload Identity via metadata server (the main fix) 4. GOOGLE_APPLICATION_CREDENTIALS file 5. gcloud CLI credentials (dev machines) Backward compatible: existing SA key file deployments continue to work unchanged. Closes cube-js#9837 Closes cube-js#7279
…nt, comments - Upload: replace fs::read() full-buffer with streaming PutPayload::from_stream() - Download: replace bytes().await full-buffer with chunked stream to disk - Add legacy mapping for SERVICE_ACCOUNT_JSON, GOOGLE_APPLICATION_CREDENTIALS_JSON - Fix page count ceiling division: (len + 999) / 1000 - Fix head() comment: workaround is for object_store path handling, not GCS consistency
…tResult - Remove leftover second store.put(data) call in upload_file (data undefined) - Remove get_result.bytes().await before into_stream() — both consume GetResult - Fix misleading 'GCS consistency error' wording in check_upload_file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters