jonathanelscpt
commented
2 years ago @junpeng-jp will test after merge
Open jonathanelscpt opened 2 years ago
jonathanelscpt
commented
2 years ago @junpeng-jp will test after merge
jonathanelscpt
commented
2 years ago Fixing this should also support:
from google.oauth2.service_account import Credentials
credentials = Credentials.from_service_account_file(key_file, scopes)A working alternative until this is implemented is to use this after reading key from env:
oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_dict()
junpeng-jp
commented
2 years ago hey @jonathanelscpt, the GoogleAuth in this library supports file-based service auth through:
service_config > client_json_file_path or specifying the GOOGLE_APPLICATION_CREDENTIALS environment variable and setting service_config > use_default = Truefrom_service_account_file class method (see here) to create the service account credentialsjunpeng-jp
commented
2 years ago At least, this is how it would be after my pull request above has been merged. Because the entire library's google auth is driven by the .yaml config file, I've kept to the same design whilst I was working to migrate from oauth2client -> google-auth
shcheklein
commented
1 year ago For the record, current implementation supports reading from a dict, from ENV, etc. I'm not sure about the default credentials. It depends on the underlying implementation for them.
To support CI workflows building off gh actions, I'd like to use the recommended auth method using
google.auth.defaultwithgoogle-github-actions/auth@v0.4.0- https://github.com/google-github-actions/auth.This would (hopefully) allow the following, using the more modern
google.authlib:This is defined here: https://google-auth.readthedocs.io/en/master/user-guide.html
Unfortunately forcing auth with a local service account key file is a poor security implementation, and not really acceptable for cloud CI.