dataform icon indicating copy to clipboard operation
dataform copied to clipboard
verified publisher icon dataform-co

Add Impersonate Service Account argument

Open wintermi opened this issue 4 months ago • 4 comments

This PR adds an --impersonate-service-account argument to the run and test commands, along with the required changes to allow for the impersonation of service accounts without the need to change ADC or call gcloud

This would resolve issue #2000 and would be an alternative to solution than PR #2001

Impersonation could then be achieved by executing:

dataform run --impersonate-service-account=<sSERVICE_ACCT_EMAIL>

wintermi avatar Sep 11 '25 06:09 wintermi

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Sep 11 '25 06:09 google-cla[bot]

+1, this would enable to use impersonation in CI rather than giving the rights directly to the CI service account. There is no way to workaround that currently.

camilleAmaury avatar Oct 30 '25 10:10 camilleAmaury

/gcbrun

kolina avatar Nov 11 '25 11:11 kolina

Sorry for the late review. A couple of things:

  • Integration tests are failing, can you take a look at fixing them? Now we have a guide of running them locally
  • Let's resolve conflicts

kolina avatar Nov 13 '25 23:11 kolina