discover account associated with token provider credentials
Opened this issue · 1 comments
danburkert commented
google-cloud-auth
provides a mechanism to get a token (presumably) from the application default credentials. Is there a way to determine the account associated with the token, either a user email address or the service account email address?
yoshidan commented
Currently, there is no API to directly retrieve the associated service account from the token.
In GCE, GKE and Cloud, Run the service account corresponding to the IAM role applied to the Node or Pod is used.
This service account can be obtained at.
let service_account_email = google_cloud_metadata::email(“default”).await?
In the case of using the credentials file, it is held in the DefaultTokenSourceProvider
. However, there is no API to obtain these from each component client (storage, pubsub, etc.), so they must be added.