GCP PubSub Trigger with Workload Identity not working

### Report

I followed the example to scale on `PubSub` metrics using `Workload Identity` as authentication method following theses pages:
- https://keda.sh/docs/2.11/scalers/gcp-pub-sub/#example-using-triggerauthentication-with-gcp-identity
- https://keda.sh/docs/2.11/authentication-providers/gcp-workload-identity/

I have this 2 resources:

```yaml
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: keda
  namespace: instances
spec:
  podIdentity:
    provider: gcp
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
  name: nifikop
  namespace: instances
spec:
  scaleTargetRef:
    apiVersion: nifi.konpyutaika.com/v1alpha1
    kind: NifiNodeGroupAutoscale
    name: nifinodegroupautoscaler-sample
    envSourceContainerName: nifi
  pollingInterval: 30
  cooldownPeriod: 300
  minReplicaCount: 1
  maxReplicaCount: 2
  triggers:toMonitor",counter_name=~"squidflow-mapping-enrichment2\\.streaming\\.input\\.flowfiles.items"})
    - type: gcp-pubsub
      authenticationRef:
        name: keda
      metadata:
        subscriptionName: "keda"
        mode: "SubscriptionSize"
        value: "5"
```

And the `Service Account`, `keda-operator`, has the annotation: `iam.gke.io/gcp-service-account`.
I tested that the `Workload Identity` was working on the `Service Account`.

### Expected Behavior

The `ScaledObject` should be active.

### Actual Behavior

The `ScaledObject` is inactive and logging: `error parsing PubSub metadata: google application credentials not found`.

### Steps to Reproduce the Problem

Follow the example: https://keda.sh/docs/2.11/scalers/gcp-pub-sub/#example-using-triggerauthentication-with-gcp-identity

### Logs from KEDA operator

```
"level":"error","ts":"2023-09-27T16:16:23+02:00","msg":"failed to ensure HPA is correctly created for ScaledObject","controller":"scaledobject","controllerGroup":"keda.sh","controllerKind":"ScaledObject","ScaledObject":{"name":"nifikop","namespace":"instances"},"namespace":"instances","name":"nifikop","reconcileID":"ee8134bf-092f-4548-acf5-6e1ddfa4e484","error":"error parsing PubSub metadata: google application credentials not found","stacktrace":"github.com/kedacore/keda/v2/controllers/keda.(*ScaledObjectReconciler).Reconcile\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/controllers/keda/scaledobject_controller.go:179\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:118\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:314\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:226"}
{"level":"error","ts":"2023-09-27T16:16:23+02:00","msg":"Reconciler error","controller":"scaledobject","controllerGroup":"keda.sh","controllerKind":"ScaledObject","ScaledObject":{"name":"nifikop","namespace":"instances"},"namespace":"instances","name":"nifikop","reconcileID":"ee8134bf-092f-4548-acf5-6e1ddfa4e484","error":"error parsing PubSub metadata: google application credentials not found","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/juguitton/Documents/sandbox/k8s_resources/keda/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:226"}
```


### KEDA Version

2.11.2

### Kubernetes Version

1.27

### Platform

Google Cloud

### Scaler Details

GCP PubSub

### Anything else?

For me the issue is [here ](https://github.com/kedacore/keda/blob/main/pkg/scaling/resolver/scale_resolvers.go#L209C1-L210C1).
Because it should retrieve the `providerIdentity` but it's not returned (and the `authParams` is empty).

Therefore the `config.PodIdentity` [here](https://github.com/kedacore/keda/blob/main/pkg/scaling/scalers_builder.go#L75) is set to `none`.
And then when we get the credentials, we get nothing [here](https://github.com/kedacore/keda/blob/main/pkg/scalers/gcp_common.go#L75) and we make the scaler erroring [here](https://github.com/kedacore/keda/blob/main/pkg/scalers/gcp_pubsub_scaler.go#L117).

Either the documentation is wrong, or there's something missing in the code (or I'm missing something).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

GCP PubSub Trigger with Workload Identity not working #5011

Report

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Logs from KEDA operator

KEDA Version

Kubernetes Version

Platform

Scaler Details

Anything else?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

GCP PubSub Trigger with Workload Identity not working #5011

Description

Report

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Logs from KEDA operator

KEDA Version

Kubernetes Version

Platform

Scaler Details

Anything else?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions