Open and3rson opened 7 months ago
We currently support impersonation via the target_principal
and delegates
Token arguments (see docs), but I'm not familiar offhand with the workflow which leads to the service_data
containing the impersonation details. Would you be able to upload a (redacted, of course) copy of the SA json key file you're attempting to load? I suspect we'll just need to parse out a few different fields in that case.
I need to impersonate a SA in order to be able to sign GCS URLs locally as follows:
However, instantiating
gcloud.aio.storage.Client
with such credentials fails: