authentication does not work with application default credentials when using service account impersonation

[aaron-tillekeratne]

Reproduce Steps:

1. Authenticate ADC with SAI gcloud auth application-default login --impersonate-service-account

2. Run the sample code or below

   fn main() -> Result((), Box<dyn std:error::Error>> {
   let db = firestore::FirestoreDb::new(&"your-project-id").await?; 
   println!("success");
   }

Expected result

"success"

Seen result

Error: SystemError(FirestoreSystemError { public: FirestoreErrorPublicGenericDetails { code: "CredentialsJson(Error(\"data did not match any variant of untagged enum Credentials\", line: 0, column: 0))" }, message: "GCloud system error: credentials json error: data did not match any variant of untagged enum Credentials" })

[abdolence]

Hey, thanks reporting it!

It was a limitation in gcloud-sdk crate, not firestore. I was for some reason convinced it was implemented before, apparently it was missing in gcloud-sdk. Now I think I've added it to the master branch of https://github.com/abdolence/gcloud-sdk-rs.

You can try to override the version for now using [patch.crates-io] in your Cargo.toml. Appreciate if you can verify and confirm if it works for you as well before I release the new gcloud-sdk crate.

[aaron-tillekeratne]

Hey @abdolence thanks for that.

Confirmed, using the [patch.crates-io] is resolving the issue.

[patch.crates-io]
gcloud-sdk = {git = "https://github.com/abdolence/gcloud-sdk-rs"}

will you be updating the dependency chain for firestore-rs ?

[abdolence]

I'm going to release it around next week.

[aaron-tillekeratne]

No worries, I'll close this down next week.