Reputation: 7170
Authenticate gcloud service account in automated fashion
Overall objective:
We want to be able to upload artifacts from with a Docker container in our Circle CI jobs to a bucket in Google Cloud. Ideally, we'd be able to accomplish this with gsutil cp <artifact> <bucket>
The issue:
I'm having the hardest time authenticating a gcloud service account in an automated fashion, and I cannot find documentation for this anywhere. Just about every article I've read has you following one of these two variants:
Configuring with
gsutil$ gsutil config -aHowever, this prompts a series of questions that require interaction with the shell:
Backing up existing config file "/Users/<user>/.boto" to "/Users/<user>/.boto.bak"... This command will create a boto config file at /Users/<user>/.boto containing your credentials, based on your responses to the following questions. What is your google access key ID?Logging in with
gcloud:$ gcloud auth login Your browser has been opened to visit: https://accounts.google.com/o/oauth2/auth?....
As the end outcome here is that a Docker container would be authenticating a service account to perform gsutil cp, the interactive sign-in is not very favorable...
I have the credentials JSON setup in this example, but setting the environment variable GOOGLE_APPLICATION_CREDENTIALS still prompts a Are you sure? [Y/n] message that cannot be bypassed automatically. Any ideas?
Upvotes: 1
Views: 875
Answers (1)
Reputation: 81366
The command to configure the Google Cloud SDK CLI from service account Json file:
gcloud auth activate-service-account [email protected] --key-file=service_account.json
Replace the email address test@... with your service account email address.
Replace the Json filename service_account.json with the filename that you are using for your service account credentials.
The service account email address is inside the service account json file as client_email.
If you would like more information I wrote a number of articles on Google Credentials and OAuth:
Google Cloud – Setting up Gcloud with Service Account Credentials
Upvotes: 3
Related Questions
- How to invoke gcloud with service account impersonation
- GCP - Impersonate Service Account from Local Machine
- Can I automate `gcloud auth login`?
- Generate service account credentials from gcloud utility
- Issues getting gsutil to use the gcloud activated service account
- Gcloud auth for all users on a server
- Configuring gsutil with service account credentials from a script
- Auth gsutil as service account
- Authentication to google cloud storage from GSUtil
- Is it possible to automate Gsutil login?