https://pulumi.com logo
Title
b

bitter-winter-22829

12/09/2022, 2:48 PM
hi guys, I am using GCP provider with a service account. Instead of setting the
GOOGLE_CREDENTIALS
env variable, I am trying to use gcloud configurations. However, I realised that pulumi is not respecting the active configuration and using default credentials. gcloud configurations looking like this:
➜  ~ gcloud config configurations list
NAME                IS_ACTIVE  ACCOUNT                       
default             False      ...
staging             True       staging..@...<http://iam.gserviceaccount.com|iam.gserviceaccount.com>
and i was expecting pulumi to use staging service account to communicate to the provider. Is it something possible? ps. i disabled the default providers and using NewProvider method.
g

great-sunset-355

12/12/2022, 12:23 PM
you need
gcloud auth application-default login
this has nothing to do with pulumi it is how GCP SDK works
b

bitter-winter-22829

12/12/2022, 1:31 PM
thanks for your answer, but that command works for user accounts. I am trying to achieve same functionality using service accounts. I can achieve this by setting
GOOGLE_APPLICATION_CREDENTIALS
right now according to the GCP docs, but I am looking for a way to handle it by switching between gcloud configurations.
g

great-sunset-355

12/12/2022, 6:17 PM
There is no such a thing in GCP yet, But you have 3 another options: 1. impersonate other SAs 2. Store application default credentials 3. Use key files for SAs and handle this with direnv In CI CD environment you'll want to use ODIC provider together with SA impersonation
b

bitter-winter-22829

12/13/2022, 9:12 AM
thanks for your help, Jan. I will check the methods you mentioned.😒parkles-purple: