GCP Secrets Manager native support: OIDC Configuration

Per &11739 (comment 1606287503):

Dive deeper on the OIDC configuration to link GitLab and GCP (weight 3). We need to do this so we can determine the right set of configuration needed. It would involve manual configuration in the target GCP project where the secrets reside, identifying the right access roles and policies to set up in GCP, deciding on the OIDC token payload that GitLab will generate, configuring GCP to accept this OIDC token payload. Much of the native secrets integration depend on the OIDC authentication flow so we need to get this right. GitLab users will also need this documented clearly in order to set up the integration in their own projects. In this issue, we should do a POC where we can validate:

a working set of configuration in GCP
a working ID token payload
a working sample GCP client that is able to authenticate and retrieves secret from GCP using the ID token above. This is critical as we need this in Runner.

References:

OIDC set up to GCP: https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/

Edited Nov 09, 2023 by Albert