question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add Impersonated Service Account as a trusted type in application_default_credentials.json

See original GitHub issue

Description

Currently, the #C implementation of Google Application Credentials only supports (from application_default_credentials.json file) the following types:

  • authorized_user
  • service_acccount
  • external_account

In order to be aligned with other language implementation (eg. python, golang, etc.) it would be nice to add support to impersonated_service_account type.

Why?

Currently, if a developper want to act as a service account locally (without updating the code base), he needs to use a service account key which is a critical resource (see more below).

image.

If the DefaultCredentialsProvider.cs supported this feature, it would be a perfect balance between usability & security.

Issue Analytics

  • State:closed
  • Created 6 months ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
amanda-tarafacommented, Mar 23, 2023

Any workaround to authenticate using a service account key that doesn’t involve setting environment variables?

@eyadmba I’m not sure how that question relates to this issue. I’ll reply here for simplicity, but if you have related follow up questions, please create a new issue.

You can use Google.Apis.Auth.OAuth2.GoogleCredential to create service account credentials from the service account key.

  • FromFileAsync where you pass the path to a JSON file containing the service account key generated by Cloud Console.
  • FromJson where you pass a string containing the JSON representation of the service account key generated by Cloud Console.
  • FromStreamAsync where you pass a stream containing the JSON representatoin of the service account key generated by Cloud Console.

None of these require environment variables to be set. Again, if you have follow up questions do create a new issue.

1reaction
amanda-tarafacommented, Mar 15, 2023

Yes, thanks for the request. We know this is a missing feature on the .NET Auth library and have been looking at prioritizing for a while now. I’ll leave this issue open and I’ll post progress here.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to impersonate a GCP service account from ...
For impersonating a service Account you need the role of Service account token creator. here is an article that explaines this impersonation ......
Read more >
How Application Default Credentials works | Authentication
... Authenticate for using REST · Authenticate by using service account impersonation · Authenticate by using API keys. Application Default Credentials.
Read more >
Set up Application Default Credentials | Authentication
... Authenticate for using REST · Authenticate by using service account impersonation · Authenticate by using API keys. Application Default Credentials.
Read more >
impersonated_service_account do not take into account
When you set up you user Application Default Credential with the gcloud SDK and you add a impersonated service account (command line gcloud ......
Read more >
Google Cloud Application Default Credentials - PHP
This file is a Google Cloud Service Account credentials file in JSON format. The previous P12 (PFX) certificates are deprecated.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found