From f52a190f955a1525850f1430d0d33f8d230ade67 Mon Sep 17 00:00:00 2001 From: VarunChillara <19792111+varun27896@users.noreply.github.com> Date: Thu, 9 Jan 2025 18:55:50 -0600 Subject: [PATCH] docs(readme): add example for service_account_impersonation_url in clientOptions (#1902) * docs(readme): add service_account_impersonation_url example for AwsSupplier The service_account_impersonation_url must be passed in the clientOptions when using a custom AwsSupplier to avoid permissions errors. Updated the README to include this information. * docs(config): add service_account_impersonation_url example to .partials.yml Updated the .partials.yml file to include the service_account_impersonation_url configuration example, ensuring consistency with the README file. --- .readme-partials.yaml | 1 + README.md | 1 + 2 files changed, 2 insertions(+) diff --git a/.readme-partials.yaml b/.readme-partials.yaml index d39f3b1a..151dd1dd 100644 --- a/.readme-partials.yaml +++ b/.readme-partials.yaml @@ -434,6 +434,7 @@ body: |- audience: '//iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$WORKLOAD_POOL_ID/providers/$PROVIDER_ID', // Set the GCP audience. subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request', // Set the subject token type. aws_security_credentials_supplier: new AwsSupplier("AWS_REGION") // Set the custom supplier. + service_account_impersonation_url: 'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/$EMAIL:generateAccessToken', // Set the service account impersonation url. } // Create a new Auth client and use it to create service client, i.e. storage. diff --git a/README.md b/README.md index 7873cb27..1da188e4 100644 --- a/README.md +++ b/README.md @@ -478,6 +478,7 @@ const clientOptions = { audience: '//iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$WORKLOAD_POOL_ID/providers/$PROVIDER_ID', // Set the GCP audience. subject_token_type: 'urn:ietf:params:aws:token-type:aws4_request', // Set the subject token type. aws_security_credentials_supplier: new AwsSupplier("AWS_REGION") // Set the custom supplier. + service_account_impersonation_url: 'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/$EMAIL:generateAccessToken', // Set the service account impersonation url. } // Create a new Auth client and use it to create service client, i.e. storage.