Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compute should expose serviceAccountEmail #1386

Closed
alamothe opened this issue Mar 25, 2022 · 2 comments · Fixed by #1656
Closed

Compute should expose serviceAccountEmail #1386

alamothe opened this issue Mar 25, 2022 · 2 comments · Fixed by #1656
Assignees
@danielbankhead
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@alamothe
Copy link

Currently, in class Compute: https://github.com/googleapis/google-auth-library-nodejs/blob/main/src/auth/computeclient.ts

The field serviceAccountEmail is private and there is no getter.

This prevents finding the service account for the default credentials when executing on CE:

const googleCredentials = await auth.getApplicationDefault()
if (googleCredentials.credential instanceof Compute) {
	// Doesn't compile
	return googleCredentials.credential.serviceAccountEmail
}

This is needed to authenticate to PostgreSQL using the service account.
@alamothe alamothe added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Mar 25, 2022
@alamothe
Copy link
Author

alamothe commented Mar 29, 2022
edited

Actually, this field returns simply "default" (!)

This is inconsistent with google-auth-library-java, which returns the actual email.

How can we get the email?

@yoshi-automation yoshi-automation added 🚨 This issue needs some love. and removed 🚨 This issue needs some love. labels Jun 27, 2022
@danielbankhead danielbankhead added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. priority: p3 Desirable enhancement or fix. May not be included in next release. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p2 Moderately-important priority. Fix may not be included in next release. labels Nov 29, 2022
@danielbankhead danielbankhead mentioned this issue Sep 29, 2023
Merged
@danielbankhead
Copy link
Member

Great question - if you're looking to retrieve the email I would recommend calling via gcp-metadata:

const email = await gcpMetadata.instance('service-accounts/default/email');

Additionally, 'default' is sufficient for calling the metadata server rather than first requesting it from the metadata server:

google-auth-library-nodejs/samples/compute.js

Lines 24 to 28 in 7030314

const client = new Compute({
// Specifying the serviceAccountEmail is optional. It will use the default
// service account if one is not defined.
serviceAccountEmail: 'some-service-account@example.com',
});

However:

@danielbankhead danielbankhead self-assigned this Sep 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielbankhead danielbankhead

Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Expose Compute's Service Account Email googleapis/google-auth-library-nodejs
3 participants
@alamothe @danielbankhead @yoshi-automation