This message was deleted.
# google-cloud
s
This message was deleted.
a
Hi Niklas, the easiest and recommended solution here is to use a service account for interactions with the api's - this isn't a issue on the Pulumi side but a restriction in auth scopes on the Google Cloud side (working as intended). One thing you can try - some services just require you to tack on the additional oauth scopes to your gcloud authentication
gcloud auth application-default login --scopes=<https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/firebase>
may or may not give you what you require.
g
Cheers! Yeah, I have already figured that this is not a Pulumi issue but I was just looking for information how to tackle this problem since there obviously is a way to do that. Otherwise there would be no Firebase module in Pulumi
I appreciate this info, I'll try it out! Just now googling on this problem
a
Well the solution really is to use a service account - then you can use all the functions in pulumi for interacting with FB 🙂
g
Yeah. But that is a weird solution
a
*^ideal solution
g
From google's side
a
In an ideal world, infra stacks are brought up by automation rather than end user accounts which can change
which would be backed by svc accounts
g
Sure. In an ideal world. But not in a team of two 😄
(hopefully this team will grow in the near future but right now)
a
oh believe me it's a pain
but good to set up from the start nice and clean, makes scaling easier
g
I know. But the only thing I can see as a benefit from service account is the fact that then one can push the infrastructure updates into CD
In order to get same level of granularity and security one would have to create a separate service account for every developer
Sharing a joint service account for all devs is just a horrible idea
a
you can use service account impersonation to achieve the transparency https://cloud.google.com/iam/docs/impersonating-service-accounts
oops
g
Right. Guess I'll take a look at that
Sounds a reasonable way to do it
a
give the oauth scopes a try first though - hopefully that gives you what you need!
g
It didn't "gcloud crashed" 😄
It looked promising though
a
ugh i blame python
g
Likewise
🤣 1
Not gonna derail all of this but I still don't understand why python is so popular...
a
i have particular views on this topic which i won't go into in here 🤣
g
I love you already
😂 1