Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow credential impersonation
See original GitHub issueWould like to use service account impersonation.
I’ve executed gcloud auth application-default login --impersonate-service-account=<name>@<project>.iam.gserviceaccount.com.
Currently, using the library throws:
raise exceptions.DefaultCredentialsError(
google.auth.exceptions.DefaultCredentialsError: The file /home/gcg/.config/gcloud/application_default_credentials.json does not have a valid type. Type is impersonated_service_account, expected one of ('authorized_user', 'service_account', 'external_account').
Issue Analytics
- State:
- Created 2 years ago
- Comments:5
Top Results From Across the Web
Impersonate a client after authentication (Windows 10)
This policy setting determines which programs are allowed to impersonate a user or another specified account and act on behalf of the user....
Read more >Managing service account impersonation - IAM
This page describes how to allow principals and resources to impersonate, or act as, an Identity and Access Management (IAM) service account.
Read more >Credentials and User Impersonation
In CloudBees CD, a "credential" is an object that stores a user name and password for later use. Two credential types are available,...
Read more >Managing Impersonation
Enabling Impersonation · 1. Go to Security > Authentication. · 2. For Authentication Method, select either "Domain" or "Local" as an external user...
Read more >google.auth.impersonated_credentials module
Impersonated Credentials allows credentials issued to a user or service account to impersonate another. The target service account must grant the ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@gunar The gcloud command you stated above should now work with the connector to support impersonated credentials. The latest version of the
google-authpackage added support for this feature.To get access to the latest version of the connector with the new change prior to an official release run:
pip install git+https://github.com/GoogleCloudPlatform/cloud-sql-python-connectorOr you can use the version of the connector you already have installed and just update the
google-authpackage directly.pip install google-auth==2.6.0Hope this helps! Thanks for raising this issue and have a great day.
@gunar Not fully no. You can now pass in a credentials object to a custom
connector.Connector()object that will use the specified credentials to authenticate instead of default credentials. So theoretically yes you could pass in an impersonated credentials using the following method google.auth.impersonated_credentials.I will be adding support for the gcloud command that you mentioned above to work natively with the connector in the coming weeks. Hope that clarifies it! Thanks for asking 😃
All the best.