iap_curl
iap_curl copied to clipboard
Is it possible to use default service accounts?
Source code demonstrates that we must have a JSON private key for a service account in order to complete the IAP authentication flow.
It's actually not clear if this is supported by Google from this page, but if it is, it would be nice to have the option to instead use default service account instead if it's available. The reason is that it's a best practice not to generate service account keys if we can simply associate them with a workload or instance.
You can change the service account by env GOOGLE_APPLICATION_CREDENTIALS
: https://github.com/b4b4r07/iap_curl/blob/bf3cfbd702ab20c6e08711ba3ce5c248605506a5/config.go#L38-L43
Because newIAP function can accept Google service account: https://github.com/b4b4r07/iap_curl/blob/bf3cfbd702ab20c6e08711ba3ce5c248605506a5/main.go#L149