hi guys I am using GCP provider with a service account Inste Pulumi Community #google-cloud

hi guys, I am using GCP provider with a service ac...

bitter-winter-22829

12/09/2022, 2:48 PM

hi guys, I am using GCP provider with a service account. Instead of setting the

GOOGLE_CREDENTIALS

env variable, I am trying to use gcloud configurations. However, I realised that pulumi is not respecting the active configuration and using default credentials. gcloud configurations looking like this:

Copy code

➜  ~ gcloud config configurations list
NAME                IS_ACTIVE  ACCOUNT                       
default             False      ...
staging             True       staging..@...<http://iam.gserviceaccount.com|iam.gserviceaccount.com>

and i was expecting pulumi to use staging service account to communicate to the provider. Is it something possible? ps. i disabled the default providers and using NewProvider method.

great-sunset-355

12/12/2022, 12:23 PM

you need

gcloud auth application-default login

great-sunset-355

12/12/2022, 12:23 PM

this has nothing to do with pulumi it is how GCP SDK works

bitter-winter-22829

12/12/2022, 1:31 PM

thanks for your answer, but that command works for user accounts. I am trying to achieve same functionality using service accounts. I can achieve this by setting

GOOGLE_APPLICATION_CREDENTIALS

right now according to the GCP docs, but I am looking for a way to handle it by switching between gcloud configurations.

great-sunset-355

12/12/2022, 6:17 PM

There is no such a thing in GCP yet, But you have 3 another options: 1. impersonate other SAs 2. Store application default credentials 3. Use key files for SAs and handle this with direnv In CI CD environment you'll want to use ODIC provider together with SA impersonation

bitter-winter-22829

12/13/2022, 9:12 AM

thanks for your help, Jan. I will check the methods you mentioned.sparkles purple

5 Views

Open in Slack

Previous Next