This message was deleted.
# google-clouds
sparse-intern-71089
11/02/2022, 11:30 AMThis message was deleted.
a
adventurous-apartment-93389
11/07/2022, 8:59 AMHi Niklas, the easiest and recommended solution here is to use a service account for interactions with the api's - this isn't a issue on the Pulumi side but a restriction in auth scopes on the Google Cloud side (working as intended).
One thing you can try - some services just require you to tack on the additional oauth scopes to your gcloud authentication
gcloud auth application-default login --scopes=<https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/firebase>g
gorgeous-country-43026
11/07/2022, 9:00 AMCheers! Yeah, I have already figured that this is not a Pulumi issue but I was just looking for information how to tackle this problem since there obviously is a way to do that. Otherwise there would be no Firebase module in Pulumi
gorgeous-country-43026
11/07/2022, 9:01 AMI appreciate this info, I'll try it out! Just now googling on this problem
a
adventurous-apartment-93389
11/07/2022, 9:01 AMWell the solution really is to use a service account - then you can use all the functions in pulumi for interacting with FB 🙂
g
gorgeous-country-43026
11/07/2022, 9:01 AMYeah. But that is a weird solution
a
adventurous-apartment-93389
11/07/2022, 9:01 AM*^ideal solution
g
gorgeous-country-43026
11/07/2022, 9:02 AMFrom google's side
a
adventurous-apartment-93389
11/07/2022, 9:02 AMIn an ideal world, infra stacks are brought up by automation rather than end user accounts which can change
adventurous-apartment-93389
11/07/2022, 9:02 AMwhich would be backed by svc accounts
g
gorgeous-country-43026
11/07/2022, 9:02 AMSure. In an ideal world. But not in a team of two 😄
gorgeous-country-43026
11/07/2022, 9:02 AM(hopefully this team will grow in the near future but right now)
a
adventurous-apartment-93389
11/07/2022, 9:02 AMoh believe me it's a pain
adventurous-apartment-93389
11/07/2022, 9:03 AMbut good to set up from the start nice and clean, makes scaling easier
g
gorgeous-country-43026
11/07/2022, 9:03 AMI know. But the only thing I can see as a benefit from service account is the fact that then one can push the infrastructure updates into CD
gorgeous-country-43026
11/07/2022, 9:04 AMIn order to get same level of granularity and security one would have to create a separate service account for every developer
gorgeous-country-43026
11/07/2022, 9:04 AMSharing a joint service account for all devs is just a horrible idea
a
adventurous-apartment-93389
11/07/2022, 9:04 AMyou can use service account impersonation to achieve the transparency https://cloud.google.com/iam/docs/impersonating-service-accounts
adventurous-apartment-93389
11/07/2022, 9:04 AMoops
g
gorgeous-country-43026
11/07/2022, 9:05 AMRight. Guess I'll take a look at that
gorgeous-country-43026
11/07/2022, 9:05 AMSounds a reasonable way to do it
a
adventurous-apartment-93389
11/07/2022, 9:05 AMgive the oauth scopes a try first though - hopefully that gives you what you need!
g
gorgeous-country-43026
11/07/2022, 9:05 AMIt didn't "gcloud crashed" 😄
gorgeous-country-43026
11/07/2022, 9:05 AMIt looked promising though
a
adventurous-apartment-93389
11/07/2022, 9:06 AMugh i blame python
g
gorgeous-country-43026
11/07/2022, 9:06 AMLikewise
🤣 1
gorgeous-country-43026
11/07/2022, 9:06 AMNot gonna derail all of this but I still don't understand why python is so popular...
a
adventurous-apartment-93389
11/07/2022, 9:07 AMi have particular views on this topic which i won't go into in here 🤣
g
gorgeous-country-43026
11/07/2022, 9:07 AMI love you already
😂 1
9 Views