Story

As a user of OpenShift, running in 'manual' credentials mode (sts), on GCP
I want to be able to configure my vector googleCloudLogging logforwarder
So that I can authenticate using a GCP role

Acceptance Criteria

• Can successfully forward logs to gcloud logging using a secret containing a gcp 'external_account', rather than a long-lived 'service_account' credentials key.
• CLO repo documentation describing how to utilize this feature

Notes

• Current long-lived key authentication (create google service_account key) – https://docs.openshift.com/container-platform/4.11//logging/cluster-logging-external.html#cluster-logging-collector-log-forward-gcp_cluster-logging-external
• Short lived credentials with GCP Workload Identity Federation (external_account token) - https://github.com/openshift/cloud-credential-operator/blob/master/docs/gcp_workload_identity.md
• created via:

  apiVersion: cloudcredential.openshift.io/v1
  kind: CredentialsRequest
  metadata:
    name: my-gcl-secret-credrequest
    namespace: openshift-cloud-credential-operator
  spec:
    providerSpec:
      apiVersion: cloudcredential.openshift.io/v1
      kind: GCPProviderSpec
      predefinedRoles:
        - roles/logging.admin
      skipServiceCheck: true
    secretRef:
      name: my-gcl-secret
      namespace: openshift-logging
    serviceAccountNames:
      - logcollector

• Initially opened the following discussion with vector upstream, to inquire on any plans of implementing GCP WIF authentication.  https://github.com/vectordotdev/vector/discussions/16278

• Now feature request has been created:  https://github.com/vectordotdev/vector/issues/16387