admin管理员组文章数量:1388046
I am developing a cloud run service on google cloud and want to run it locally for testing using the service account I have configured cloud run to run the service as. My user has permission to impersonate the service account so to do this I am running
gcloud auth application-default login --impersonate-service-account
which works but now all the gcloud commands I run are as that service account as well!
Is there a way to run the app as a service account and gcloud as my regular user? In addition, what if I want to run multiple apps locally at the same time as different service accounts, is this possible? If it is relevant, I am using the official Go SDK for my app.
EDIT: I know this is possible with service account keys but I understand them to be bad practice so am looking for a way that doesn't use any long lived credentials.
I am coming from mostly AWS experience where I would achieve this by adding profiles to my ~/.aws/config or ~/.aws/credentials files and then specify the AWS_PROFILE environment variable when running the app and a different AWS_PROFILE when running commands using the CLI.
Thanks in advance for any help!
I am developing a cloud run service on google cloud and want to run it locally for testing using the service account I have configured cloud run to run the service as. My user has permission to impersonate the service account so to do this I am running
gcloud auth application-default login --impersonate-service-account
which works but now all the gcloud commands I run are as that service account as well!
Is there a way to run the app as a service account and gcloud as my regular user? In addition, what if I want to run multiple apps locally at the same time as different service accounts, is this possible? If it is relevant, I am using the official Go SDK for my app.
EDIT: I know this is possible with service account keys but I understand them to be bad practice so am looking for a way that doesn't use any long lived credentials.
I am coming from mostly AWS experience where I would achieve this by adding profiles to my ~/.aws/config or ~/.aws/credentials files and then specify the AWS_PROFILE environment variable when running the app and a different AWS_PROFILE when running commands using the CLI.
Thanks in advance for any help!
Share Improve this question asked Mar 17 at 19:04 MichaelMichael 4451 gold badge5 silver badges12 bronze badges 1- 1 gcloud auth login is the login for the CLI. gcloud auth application-default login is the login for the code that use API (Google SDK). Revalidate your context with this rule in mind. If it still not work, share with us the command that you try – guillaume blaquiere Commented Mar 17 at 20:13
1 Answer
Reset to default 0You can authenticate your regular user for gcloud commands using :
gcloud auth login
The --impersonate-service-account flag for your service account only affects the application, not your gcloud CLI authentication context. It configures the application to use the service account, but gcloud will still be running as your regular user.
To authenticate with a service account for the application, use:
gcloud auth application-default login --impersonate-service-account=SERVICE_ACCOUNT_EMAIL
As long as you haven't run the gcloud auth application-default login --impersonate-service-account command, gcloud commands will execute under your regular user account. If you've already run it, you can revoke the credentials with:
gcloud auth application-default revoke
Yes, it is possible. To run multiple apps locally with different service accounts, you can use different terminal sessions or set different GOOGLE_APPLICATION_CREDENTIALS and auth activate-service-account for each app.
本文标签:
版权声明:本文标题:Google cloud: run app locally as service account whilst still running gcloud commands as my user - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744540230a2611564.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论