https://pulumi.com logo
v

victorious-helmet-11068

04/28/2020, 3:49 PM
hi all. is it possible to run a pulumi command and impersonate a service account in GCP?
g

green-school-95910

04/28/2020, 3:50 PM
It is possible with Google Auth services, but I don't think the provider allows that
But since its normal code you could make the impersonation yourself using the auth service inside a apply
v

victorious-helmet-11068

04/28/2020, 3:52 PM
hmhm.. sounds good. I have a try.
g

green-school-95910

04/28/2020, 3:52 PM
Take the token from the provider, the email of another service account from somewhere (a resource or config) get the new token and make a new provider with that token
v

victorious-helmet-11068

04/28/2020, 3:54 PM
ok for getting the token but I miss something on the provider. Maybe I can tell pulumi to use the token?
g

green-school-95910

04/28/2020, 4:18 PM
You need to create a provider passing the access token
3 Views