hi guys, I am using GCP provider with a service ac...
# google-cloud
hi guys, I am using GCP provider with a service account. Instead of setting the
env variable, I am trying to use gcloud configurations. However, I realised that pulumi is not respecting the active configuration and using default credentials. gcloud configurations looking like this:
Copy code
➜  ~ gcloud config configurations list
NAME                IS_ACTIVE  ACCOUNT                       
default             False      ...
staging             True       staging..@...<http://iam.gserviceaccount.com|iam.gserviceaccount.com>
and i was expecting pulumi to use staging service account to communicate to the provider. Is it something possible? ps. i disabled the default providers and using NewProvider method.
you need
gcloud auth application-default login
this has nothing to do with pulumi it is how GCP SDK works
thanks for your answer, but that command works for user accounts. I am trying to achieve same functionality using service accounts. I can achieve this by setting
right now according to the GCP docs, but I am looking for a way to handle it by switching between gcloud configurations.
There is no such a thing in GCP yet, But you have 3 another options: 1. impersonate other SAs 2. Store application default credentials 3. Use key files for SAs and handle this with direnv In CI CD environment you'll want to use ODIC provider together with SA impersonation
thanks for your help, Jan. I will check the methods you mentioned.sparkles purple