'A signed GCS URL got 'SignatureDoesNotMatch'. the URL signed by a service with workload identity

In a workload identity enabled GKE cluster, a service signed a GCS file but got: 'SignatureDoesNotMatch' after about 10 days.

Does the system-managed private key rotation cause it?

What should I do to resolve it?

identityworkloadgcs


Solution 1:[1]

You could review your expiration days assigned at your URL, in the following example is set to 3 days (days signurl -d 3d) also if you are using the flag -u in your command to generate the URL you could try to remove it as a workaround

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Table expiration in GCS to BQ Airflow task

Where do I find my Google Cloud Storage Bucket access key?

What are the correct permissions to give Argo workflows given googleapi: Error 403?

.net core API controller does not process identity authentication and authorization

Teradata identity column and "Duplicate unique prime key error in dbname.tablename"

AWS Cognito in place of Keycloak [closed]

How to change error message in ASP.NET Identity

Sharing common database between .Net core and .Net standard Identity framework

Sharing common database between .Net core and .Net standard Identity framework

Problems using Microsoft Identity Web App and Microsoft.AspNetCore.Identity in the same Web Project

How to customize ASP.NET Identity Core Username to allow special characters and space

I got this error "Unable to resolve service for type AspNetCore.Identity.SignInManager" when I use ApplicationUser instead IdentityUser

identity test game of life

404 error after scaffolding identity library of an ASP.NET Core 6 MVC project

How to get unique client/device id