Update the gcloud auth commands.

docs/how-to/connecting-robot.md

@@ -29,7 +29,7 @@ Once you've done this, you can:
 > gcloud iam service-accounts add-iam-policy-binding "${SA}" \
 >   --role=roles/iam.serviceAccountTokenCreator \
 >   --project="${PROJECT_ID}" --member="user:${YOUR_EMAIL_ADDRESS:?}"
-> gcloud auth print-access-token --impersonate-service-account="${SA}"
+> gcloud auth application-default print-access-token --impersonate-service-account="${SA}"
 > ```
 >
 > If you see `ERROR: Failed to impersonate ...`, wait a few minutes for the IAM

src/bootstrap/cloud/terraform/service-account.tf

@@ -106,7 +106,7 @@ resource "google_service_account_iam_member" "human-acl-act-as-self" {
 
 # Grant permissions to generate tokens for registering new workcell clusters.
 # This lets users run:
-#   gcloud auth print-access-token \
+#   gcloud auth application-default print-access-token \
 #     --impersonate-service-account=human-acl@${PROJECT_ID}.iam.gserviceaccount.com
 # so they can register new workcell clusters without passing their own tokens
 # (which aren't limited to a single GCP project) into the cluster.

src/go/cmd/token-vendor/README.md

@@ -168,31 +168,31 @@ PROJECT=testproject
 Publish a key for the device `robot-dev-testuser`:
 
 ```bash
-curl -D - --max-time 3 --data-binary "@api/v1/testdata/rsa_cert.pem" -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-type: application/x-pem-file" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/public-key.publish?device-id=robot-dev-testuser
+curl -D - --max-time 3 --data-binary "@api/v1/testdata/rsa_cert.pem" -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" -H "Content-type: application/x-pem-file" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/public-key.publish?device-id=robot-dev-testuser
 ```
 
 Optionally set extra options for the device:
 
 ```bash
-curl -D - --max-time 3 -d '{"service-account":"svc@${PROJECT}.iam.gserviceaccount.com"}' -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-type: application/x-pem-file" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/public-key.configure?device-id=robot-dev-testuser
+curl -D - --max-time 3 -d '{"service-account":"svc@${PROJECT}.iam.gserviceaccount.com"}' -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" -H "Content-type: application/x-pem-file" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/public-key.configure?device-id=robot-dev-testuser
 ```
 
 Read the key again:
 
 ```bash
-curl -D - --max-time 3 -H "Authorization: Bearer $(gcloud auth print-access-token)" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/public-key.read?device-id=robot-dev-testuser
+curl -D - --max-time 3 -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/public-key.read?device-id=robot-dev-testuser
 ```
 
 Verify if your local user account has access to the human and robot ACL:
 
 ```bash
-curl -D - --max-time 3 -H "Authorization: Bearer $(gcloud auth print-access-token)" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/token.verify
+curl -D - --max-time 3 -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/token.verify
 ```
 
 and
 
 ```bash
-curl -D - --max-time 3 -H "Authorization: Bearer $(gcloud auth print-access-token)" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/token.verify?robots=true
+curl -D - --max-time 3 -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" https://www.endpoints.${PROJECT}.cloud.goog/apis/core.token-vendor/v1/token.verify?robots=true
 ```
 
 Request a cloud access token for the robot. First generate a valid JWT using the intstructions at [testdata/README.md](api/v1/testdata/README.md). Afterwards use it to request the cloud token: