google-auth-library-nodejs

google-auth-library-nodejs copied to clipboard

Currently, in class Compute: https://github.com/googleapis/google-auth-library-nodejs/blob/main/src/auth/computeclient.ts

The field serviceAccountEmail is private and there is no getter.

This prevents finding the service account for the default credentials when executing on CE:

const googleCredentials = await auth.getApplicationDefault()
if (googleCredentials.credential instanceof Compute) {
	// Doesn't compile
	return googleCredentials.credential.serviceAccountEmail
}

This is needed to authenticate to PostgreSQL using the service account.

Actually, this field returns simply "default" (!)

This is inconsistent with google-auth-library-java, which returns the actual email.

How can we get the email?

Great question - if you're looking to retrieve the email I would recommend calling via gcp-metadata:

const email = await gcpMetadata.instance('service-accounts/default/email');

Additionally, 'default' is sufficient for calling the metadata server rather than first requesting it from the metadata server:

https://github.com/googleapis/google-auth-library-nodejs/blob/7030314c55c369acbda1873f649579b395ad07c8/samples/compute.js#L24-L28

However:

• I think we should expose the serviceAccountEmail to align with the Java library:
  • #1656
• We should expose the gcp-metadata library to allow to allow folks to conveniently make calls to the metadata service (which goes hand-in-hand with this library):
  • https://github.com/googleapis/google-auth-library-nodejs/pull/1655