Closed julienguarino closed 2 weeks ago
It seems that when using ChatVertexAI and passing a proper GCP Service Account, the associated identity is never used.
Instead, the implicit Google identity is always used.
from google.oauth2 import service_account from langchain_core.messages import HumanMessage from langchain_google_vertexai import ChatVertexAI text_message = { "type": "text", "text": "Hi, what kind of skills do you have ?"} message = HumanMessage(content=[text_message, image_message]) # Load service account credentials # saCredentials = service_account.Credentials.from_service_account_file(filename="./IAM_SA_CREDENTIALS.json") myChat = \ ChatVertexAI( model_name="gemini-1.5-flash-preview-0514", max_output_tokens=8192, project=GEN_AI_GCP_PROJECT_ID, location="europe-west1", credentials=saCredentials) output = myChat.invoke([message]) print(output.content)
The example above will always use my implicit identity, the GCP audit logs will show that:
audit_log, method: "google.cloud.aiplatform.v1beta1.PredictionService.GenerateContent", principal_email: "MY_PERSONNAL_ID@company.com"
The example above, if deployed in a Cloud Run for example, will always use the underlying Cloud Run Service Account identity.
I'm not sure but I guess this is related to #290 ?
it's fixed on main already, could you install from main and try again, please?
Hi, great it does work perfectly now.
Thanx a lot.
Description
It seems that when using ChatVertexAI and passing a proper GCP Service Account, the associated identity is never used.
Instead, the implicit Google identity is always used.
Steps to reproduce
Comments
The example above will always use my implicit identity, the GCP audit logs will show that:
audit_log, method: "google.cloud.aiplatform.v1beta1.PredictionService.GenerateContent", principal_email: "MY_PERSONNAL_ID@company.com"
The example above, if deployed in a Cloud Run for example, will always use the underlying Cloud Run Service Account identity.
I'm not sure but I guess this is related to #290 ?