I am trying to automate a postman collection, in GitLab, using a google service account. How do I authenticate the service account and send a request?

Question

Backgroud: I have a Google pub/sub topic that I can publish to using Postman. I would like to put this postman collection into GitLab and use a gcloud service account to run the collection without any manual intervention (e.g having to generate a bearer token and copying into the Postman collection).

Problem: My Dev created and gave me a .JSON key file (screenshot below) for a service account that has the permissions to publish messages to my topic.

I have hit a road block where I don't know how to pass the bearer token from bash into my collection. This is what my .yaml file, in GitLab, looks like so far:

stages:
    - test

postman_tests:
    stage: test
    image: 
        name: postman/newman_alpine33
        entrypoint: [""]
    script:
        - newman --version
        - npm config set unsafe-perm true
        - GOOGLE_APPLICATION_CREDENTIALS=~/path-to-my-serviceaccount-key.json gcloud auth application-default print-access-token
        - newman run name-of-my-collection.json -e name-of-my-postman-environment.json

the GOOGLE_APPLICATION_CREDENTIALS=~/path-to-my-serviceaccount-key.json gcloud auth application-default print-access-token prints out a token but I don't know how to pass it to the collection. Am I doing this right?

Answer 1

I think you can use the following code:

gcloud auth activate-service-account --key-file=KEY_FILE

After that you can print your identity token using:

gcloud auth print-identity-token 

After that pass this as auth header:

curl -H "Authorization: bearer $(gcloud auth print-identity-token)" <your usual curl params>

Hope this helps.

1. gcloud auth activate-service-account