https://pulumi.com logo
Join Slack
Powered by
Hi, When we authentication gcp using a service acc...
# general
e
Hi, When we authentication gcp using a service account ( actually I'm doing this on a docker container ) is there a way to change the service account later. I'm asking this because let's say I have two services, one is storage other one is cloud build. Storage related service account and cloud build related service accounts are separated. So far what I did was I auth t storage service account as default and change it when it's hitting the cloudbuild endpoint like this
Copy code
cmd := exec.Command("gcloud", "auth", "activate-service-account", "--key-file", fullPath)
err = os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fullPath)
but it seems like this is not a really good solution. is there anyway i can achieve this using pulumi ? or any other way ?4
f
not 100% sure this is what you're trying to do but you can explicitly create and use multiple GCP providers: https://www.pulumi.com/registry/packages/gcp/api-docs/provider/ You would specify the 
credentials
property which should be "Contents of a file (or path to a file) that contains your service account private key in JSON format."
e
I just want to have separate service accounts for separate services create and delete
@future-hairdresser-70637 when I do this to gcp storage or cloud run it's working really fine. but when it's come to compute or k8
Copy code
@ Updating....
    pulumi:pulumi:Stack pulumi-compute-project-test-dev running warning: failed to get regions list: failed to create compute service: google: could not find default credentials. See <https://cloud.google.com/docs/authentication/external/set-up-adc> for more information
it'll output this error. I don't want to use the gcloud auth commands to authenticate google
f
would you be able to share a snippet of the Pulumi program that is creating the compute or k8 resource(s)
e
Copy code
func CreateCompute(ctx *pulumi.Context, cmnLogs []zapcore.Field, proivder *gcp.Provider, config config.Config) (err error) {
    log.Logger.Debug(log.TraceMsgFuncStart(CreateComputeMethod), log.TraceMethodInputs(cmnLogs, config)...)
    defer log.Logger.Debug(log.TraceMsgFuncEnd(CreateComputeMethod), log.TraceError(cmnLogs, err)...)

    // Declare variables
    var instance *compute.Instance

    instance, err = compute.NewInstance(ctx, config.ComputeInstanceName, &compute.InstanceArgs{
        MachineType: pulumi.String(config.MachineType),
        Zone:        pulumi.String(config.Zone),
        BootDisk: &compute.InstanceBootDiskArgs{
            InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
                Image: pulumi.String(config.Image),
            },
        },
        NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
            &compute.InstanceNetworkInterfaceArgs{
                Network: pulumi.String(config.Network),
            },
        },
    }, pulumi.Provider(proivder))
    if err != nil {
        log.Logger.Error(log.TraceMsgErrorOccurredFrom(NewInstanceMethod), log.TraceError(cmnLogs, err)...)
        return err
    }

    // Export the instance details
    exportComputeInstanceDetails(ctx, instance)

    return nil
}
f
hm I can't reproduce that error. couple things: • are you disabling the default gcp provider in your 
Pulumi.yaml
(at least temporarily, so you know you're getting the explicit provider) • your 
proivder
- did you provide a path to a file that contains the service account private key in JSON format via `Credentials`; you'll need to provide 
Project
as well
e
this is how i created the provider
It's working for cloudbuild and storage bucket
image.png
f
would you be able to set 
Credentials
to a file path to the JSON file? I'm not 100% sure having that be the content of the JSON keyfile from GCP is accepted
10 Views
Open in Slack
PreviousNext
Powered by