TechQA.

GCP ADC Impersonated Service Account Not Recognized

137 views Asked by At

I am using ADC with service account impersonation. When attempting to do so with a spring-cloud-gcp-pubsub project, I receive the following exception: "Error reading credentials from stream, 'type' value 'impersonated_service_account' not recognized. Expecting 'authorized_user' or 'service_account'.".

This is odd as https://github.com/googleapis/google-auth-library-java/blob/8cf273815f197a8b6b3d08043151005456824cbc/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java#L164-L179 seems to show that "type": "impersonated_service_account" should be recognized.

Stack Trace

Caused by: java.io.IOException: Error reading credential file from location C:\Users\<my_user>\AppData\Roaming\gcloud\application_default_credentials.json: Error reading credentials from stream, 'type' value 'impersonated_service_account' not recognized. Expecting 'authorized_user' or 'service_account'.
        at com.google.auth.oauth2.DefaultCredentialsProvider.getDefaultCredentialsUnsynchronized(DefaultCredentialsProvider.java:186) ~[google-auth-library-oauth2-http-0.21.1.jar:na]
        at com.google.auth.oauth2.DefaultCredentialsProvider.getDefaultCredentials(DefaultCredentialsProvider.java:126) ~[google-auth-library-oauth2-http-0.21.1.jar:na]
        at com.google.auth.oauth2.GoogleCredentials.getApplicationDefault(GoogleCredentials.java:119) ~[google-auth-library-oauth2-http-0.21.1.jar:na]
        at com.google.auth.oauth2.GoogleCredentials.getApplicationDefault(GoogleCredentials.java:91) ~[google-auth-library-oauth2-http-0.21.1.jar:na]
        at com.google.api.gax.core.GoogleCredentialsProvider.getCredentials(GoogleCredentialsProvider.java:67) ~[gax-1.57.1.jar:1.57.1]
        at org.springframework.cloud.gcp.core.DefaultCredentialsProvider.getCredentials(DefaultCredentialsProvider.java:67) ~[spring-cloud-gcp-core-1.2.5.RELEASE.jar:1.2.5.RELEASE]
        at com.google.api.gax.rpc.ClientContext.create(ClientContext.java:136) ~[gax-1.57.1.jar:1.57.1]
        at com.google.cloud.pubsub.v1.stub.GrpcSubscriberStub.create(GrpcSubscriberStub.java:272) ~[google-cloud-pubsub-1.108.0.jar:1.108.0]
        at org.springframework.cloud.gcp.pubsub.support.DefaultSubscriberFactory.createSubscriberStub(DefaultSubscriberFactory.java:278) ~[spring-cloud-gcp-pubsub-1.2.5.RELEASE.jar:1.2.5.RELEASE]
google-oauth google-cloud-pubsub spring-cloud-gcp
Original Q&A
1

There are 1 answers

0
HendPro12 On

The failure was occurring when running this reference project: https://spring.io/guides/gs/messaging-gcp-pubsub/ Updating to Java17 and SpringBoot 3.x and updating dependencies to account for spring-cloud-gcp project now falling under com.google.cloud instead of org.springframework.cloud as referenced here https://spring.io/projects/spring-cloud-gcp resolved the issues.

Related Questions in GOOGLE-OAUTH

Related Questions in GOOGLE-CLOUD-PUBSUB

Related Questions in SPRING-CLOUD-GCP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions