Feature request to support service account impersonation provided by
iamcredentials.generateAccessToken()
This will allow one set of credentials to assume another set for use in the coud libraries:
sample usage:
String cred_env = "/path/to/svc_account.json";
ServiceAccountCredentials source_credentials = ServiceAccountCredentials
.fromStream(new FileInputStream(cred_env));
source_credentials = (ServiceAccountCredentials) source_credentials
.createScoped(Arrays.asList("https://www.googleapis.com/auth/iam"));
ImpersonatedCredentials target_credentials = ImpersonatedCredentials.create(
source_credentials,
"[email protected]",
null,
Arrays.asList("https://www.googleapis.com/auth/devstorage.read_only"), 3600);
Storage storage_service = StorageOptions.newBuilder().setProjectId("project-id")
.setCredentials(target_credentials).build().getService();
for (Bucket b : storage_service.list().iterateAll())
System.out.println(b);
ref:
in python: googleapis/google-auth-library-python#299
in golang: golang/oauth2#335
Feature request to support service account impersonation provided by
iamcredentials.generateAccessToken()This will allow one set of credentials to assume another set for use in the coud libraries:
sample usage:
ref:
in python: googleapis/google-auth-library-python#299
in golang: golang/oauth2#335