hi all. is it possible to run a pulumi command and impersonate a service account in GCP?
g
green-school-95910
04/28/2020, 3:50 PM
It is possible with Google Auth services, but I don't think the provider allows that
But since its normal code you could make the impersonation yourself using the auth service inside a apply
v
victorious-helmet-11068
04/28/2020, 3:52 PM
hmhm.. sounds good. I have a try.
g
green-school-95910
04/28/2020, 3:52 PM
Take the token from the provider, the email of another service account from somewhere (a resource or config) get the new token and make a new provider with that token
v
victorious-helmet-11068
04/28/2020, 3:54 PM
ok for getting the token but I miss something on the provider. Maybe I can tell pulumi to use the token?
g
green-school-95910
04/28/2020, 4:18 PM
You need to create a provider passing the access token