Expand description
Impersonated service account credentials.
When the principal you are using doesn’t have the permissions you need to accomplish your task, or you want to use a service account in a development environment, you can use service account impersonation. The typical principals used to impersonate a service account are User Account or another Service Account.
The principal that is trying to impersonate a target service account should have Service Account Token Creator Role on the target service account.
§Example: Creating credentials from a JSON object
let source_credentials = json!({
"type": "authorized_user",
"client_id": "test-client-id",
"client_secret": "test-client-secret",
"refresh_token": "test-refresh-token"
});
let impersonated_credential = json!({
"type": "impersonated_service_account",
"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/test-principal:generateAccessToken",
"source_credentials": source_credentials,
});
let credentials = impersonated::Builder::new(impersonated_credential)
.with_lifetime(Duration::from_secs(500))
.build()?;
let headers = credentials.headers(Extensions::new()).await?;
println!("Headers: {headers:?}");§Example: Creating credentials with custom retry behavior
use google_cloud_gax::retry_policy::{AlwaysRetry, RetryPolicyExt};
use google_cloud_gax::exponential_backoff::ExponentialBackoff;
let backoff = ExponentialBackoff::default();
let credentials = impersonated::Builder::new(impersonated_credential)
.with_retry_policy(AlwaysRetry.with_attempt_limit(3))
.with_backoff_policy(backoff)
.build()?;
let headers = credentials.headers(Extensions::new()).await?;
println!("Headers: {headers:?}");Structs§
- Builder
- A builder for constructing Impersonated Service Account Credentials instance.