alert-planet-55552
11/05/2021, 10:05 AMgcp:impersonateServiceAccount: <mailto:res-admin@REDACTED-PROJECT.iam.gserviceaccount.com|res-admin@REDACTED-PROJECT.iam.gserviceaccount.com>
google-native:impersonateServiceAccount: <mailto:res-admin@REDACTED-PROJECT.iam.gserviceaccount.com|res-admin@REDACTED-PROJECT.iam.gserviceaccount.com>
but it is unable to retrieve the access token:
error: Native: rpc error: code = Unknown desc = invocation of google-native:cloudresourcemanager/v3:getFolder returned an error: error sending request: impersonate: unable to generate access token: Post "https:// <http://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/res-admin@REDACTED-PROJECT.iam.gserviceaccount.com:generateAccessToken|iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/res-admin@REDACTED-PROJECT.iam.gserviceaccount.com:generateAccessToken>": context canceled
# debug log shows it's a reset but this is not a networking issue because it is repeatable (and works via gcloud)
... eventsink.go:86] eventSink::Error(<{%reset%}>
However, this works with the Classic provider and also using gcloud:
❯ gcloud resource-manager folders describe 163783803528 --impersonate-service-account=res-admin@REDACTED-PROJECT.iam.gserviceaccount.com
WARNING: This command is using service account impersonation. All API calls will be executed as [res-admin@REDACTED-PROJECT.iam.gserviceaccount.com].
WARNING: This command is using service account impersonation. All API calls will be executed as [res-admin@REDACTED-PROJECT.iam.gserviceaccount.com].
createTime: '2021-06-16T13:59:02.491Z'
...
Minimal Go code attached. Any ideas as to what's going wrong?tall-librarian-49374
11/05/2021, 11:12 AMalert-planet-55552
11/05/2021, 11:15 AM