orange-tailor-85423
03/22/2019, 7:01 PMimportant-leather-28796
03/22/2019, 7:18 PMwhite-balloon-205
Because the formatting differs between each method, it's easiest to generate a key using the same method you plan to use when making future API calls. For example, if you're using gcloud, also generate your key using gcloud. To use a key for one method that's been generated using a different method (such as using a REST-generated key with gcloud), you'll need to edit the key to match the appropriate format.You can of course shell out to the CLI as part of a DyanmicProvider if really needed. It may actually be easier to post-process the data programmatically to turn it into the other format. (the description above makes it seem like all the required data is there - it's just in the wrong format).
important-leather-28796
03/26/2019, 8:34 PMUnable to read the credential file specified by GOOGLE_APPLICATION_CREDENTIALS: the json is missing the 'type' field
. Seems to be the same thing, I verified the json in-cluster looks like the one you referenced https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-rest
did you end up modifying this with code? It’s feasible for me since I have to turn around and store it as a k8s secret. Got any code that works to convert it?orange-tailor-85423
03/26/2019, 8:44 PMimportant-leather-28796
03/26/2019, 8:44 PMorange-tailor-85423
03/26/2019, 8:45 PM/**
* Create a Key for aan IAM Service account
*
* @export
* @param {string} name Name of the pulumi resource to create
* @param {gcp.serviceAccount.Account} serviceAccountId IAM Service Account to create the key for.
* @returns
*/
export function createKey(
name: string,
serviceAccountId: gcp.serviceAccount.Account
) {
return new gcp.serviceAccount.Key(`${name}-key`, {
serviceAccountId: serviceAccountId.name
});
}
/**
* Create a secret from an account key
*
* @export
* @param {gcp.serviceAccount.Key} key The service account key to create a secret from.
* @returns {pulumi.Output<string>}
*/
export function getPrivateKey(
key: gcp.serviceAccount.Key
): pulumi.Output<string> {
return key.privateKey.apply(k =>
JSON.parse(Buffer.from(k, 'base64').toString('ascii'))
) as pulumi.Output<string>;
}
important-leather-28796
03/26/2019, 8:46 PMorange-tailor-85423
03/26/2019, 8:47 PMimportant-leather-28796
03/26/2019, 8:48 PMIdentity
component, I was just using the wrong one.orange-tailor-85423
03/26/2019, 8:48 PM