Does the sink support automatic credential ?

[RenGeng]

The readme says that :
https://github.com/aiven/gcs-connector-for-apache-kafka/blob/1a96864ff0e7a03589e6a435f84a81b7d1cdf26e/README.md?plain=1#L490-L495

and I've deployed the sink with strimzi into GKE where I've enabled the workload identity

But I still got 403 forbidden:

Caused by: com.google.api.client.http.HttpResponseException: 403 Forbidden
{
  "error": {
    "code": 403,
    "message": "Caller does not have storage.objects.create access to the Google Cloud Storage bucket.",
    "errors": [
      {
        "message": "Caller does not have storage.objects.create access to the Google Cloud Storage bucket.",
        "domain": "global",
        "reason": "forbidden"
      }
    ]
  }
}

I'm using v0.9.0 and here's my config:

file.name.prefix: kafka/
file.name.template: '{{topic}}/{{timestamp:unit=yyyy}}{{timestamp:unit=MM}}{{timestamp:unit=dd}}/{{partition}}_{{start_offset}}.json'
file.name.timestamp.timezone: UTC
format.output.type: jsonl
gcs.bucket.name: xxxxxx-xxxxxx-xxxxxx
topics: topic1,topic2

[RenGeng]

This problem comes from strimzi where I can't patch the service account used by kafka connect to send file to gcs. Better to add annotations directly in the template instead of patching: strimzi/strimzi-kafka-operator#6938