hi guys, I am using GCP provider with a service account. Instead of setting the

GOOGLE_CREDENTIALS

env variable, I am trying to use gcloud configurations. However, I realised that pulumi is not respecting the active configuration and using default credentials. gcloud configurations looking like this:

➜  ~ gcloud config configurations list
NAME                IS_ACTIVE  ACCOUNT                       
default             False      ...
staging             True       staging..@...<http://iam.gserviceaccount.com|iam.gserviceaccount.com>

and i was expecting pulumi to use staging service account to communicate to the provider. Is it something possible? ps. i disabled the default providers and using NewProvider method.

you need

gcloud auth application-default login

thanks for your answer, but that command works for user accounts. I am trying to achieve same functionality using service accounts. I can achieve this by setting

GOOGLE_APPLICATION_CREDENTIALS

right now according to the GCP docs, but I am looking for a way to handle it by switching between gcloud configurations.

There is no such a thing in GCP yet, But you have 3 another options: 1. impersonate other SAs 2. Store application default credentials 3. Use key files for SAs and handle this with direnv In CI CD environment you'll want to use ODIC provider together with SA impersonation

thanks for your help, Jan. I will check the methods you mentioned.😒parkles-purple: