https://pulumi.com logo
Join Slack
Powered by
Is there any way to get the current `gcloud` accou...
# general
f
Is there any way to get the current 
gcloud
account used by pulumi ? Either the one from 
gcloud auth
or the one from 
export GOOGLE_APPLICATION_CREDENTIALS
(which drives me crazy to have both btw) ? 
gcp.config.credentials
returns 
undefined
; 
gcp.serviceAccount.getAccount()
or 
gcp.serviceAccount.Account.get()
wants an id while I only can know the email of the account.. I’m kind of out of options from what I can think of.
w
You can get the project via 
gcp.organizations.getClientConfig()
. And you can get the org detals via 
gcp.organizations.getOrganization({ domain: "<http://pulumi.com|pulumi.com>" })
. Do those help?
f
Thanks @white-balloon-205 Unfortunately it does not give me what I want. But good to know those exist. Maybe I’m doing it wrong but I would like to assign a 
ClusterRoleBinding
to the current account running pulumi (kind of a project master) which then in turns would be able to assign roles to dedicated service accounts with lesser privileges. That’s why I wanted to “guess” what was the current account, since I need its email as an argument to grant the role but it looks like I can’t do that, unless you got a clue here ?
w
Just so I understand - what exactly is the "account" you need here? There is a notion of "billing account", but other than that I believe there are only "organizations" and "projects"? Are you actually looking for a user credential of some kind?
f
Yeah sorry, I was not clear about what I was looking for. So since I’m using 
gcp
to create a cluster, the first run of pulumi is supposed to use the service account selected by 
gcloud auth
or the exported credentials in 
GOOGLE_APPLICATION_CREDENTIALS
(if I understand well, the 
env
value is the right one it seems, 
@pulumi/gcp
does not use the 
gcloud
tool for that ?). That’s what I called the account, or to be more precise : the current active gcloud service account in my shell pulumi is using to take actions in gcp. This service account has all the permissions in 
gcp
to create and manage clusters and other service accounts. I would like to give it some roles in the cluster it just created and I was looking for a way to “guess” this service account (or even just the email) instead of having to put it explicitly in the config. That’s not a big deal since I can definitely reference it somewhere, but I’m used to make things as much reusable as possible with the least amount of configuration changes.
2 Views
Open in Slack
PreviousNext
Powered by