Open jonathanelscpt opened 2 years ago
@junpeng-jp will test after merge
Fixing this should also support:
from google.oauth2.service_account import Credentials
credentials = Credentials.from_service_account_file(key_file, scopes)
A working alternative until this is implemented is to use this after reading key from env:
oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_dict()
hey @jonathanelscpt, the GoogleAuth in this library supports file-based service auth through:
service_config > client_json_file_path
or specifying the GOOGLE_APPLICATION_CREDENTIALS
environment variable and setting service_config > use_default
= True
from_service_account_file
class method (see here) to create the service account credentialsAt least, this is how it would be after my pull request above has been merged. Because the entire library's google auth is driven by the .yaml config file, I've kept to the same design whilst I was working to migrate from oauth2client -> google-auth
For the record, current implementation supports reading from a dict, from ENV, etc. I'm not sure about the default credentials. It depends on the underlying implementation for them.
To support CI workflows building off gh actions, I'd like to use the recommended auth method using
google.auth.default
withgoogle-github-actions/auth@v0.4.0
- https://github.com/google-github-actions/auth.This would (hopefully) allow the following, using the more modern
google.auth
lib:This is defined here: https://google-auth.readthedocs.io/en/master/user-guide.html
Unfortunately forcing auth with a local service account key file is a poor security implementation, and not really acceptable for cloud CI.