dataform icon indicating copy to clipboard operation
dataform copied to clipboard
verified publisher icon dataform-co

Dataform CLI ignores impersonation

Open wintermi opened this issue 5 months ago • 2 comments

Rather than use the --credentials and provide JSON keys, I was looking to use service account impersonation. Executing as follows:

gcloud config set auth/impersonate_service_account <sa>
dataform run
gcloud config unset auth/impersonate_service_account

However the Dataform CLI ignores the impersonation and executes using your core account.

Could we get an option to specify an impersonation account as part of the run command?

wintermi avatar Aug 06 '25 03:08 wintermi

A similar error was raised in google-api-nodejs-client. The issue was fixed in a subsequent release by this MR.

I went on a hunch that @google-cloud/bigquery might be using a much older version of google-api-nodejs-client which seems to be the case.

I have created an MR to update to a newer version of @google-cloud/bigquery (7.1.1) which still is in line with the minimum Node JS requirement (v16.16.0) of Dataform. This change seems to fix the issue from the testing I did.

ashish10alex avatar Aug 06 '25 15:08 ashish10alex

Thanks @ashish10alex

wintermi avatar Aug 06 '25 23:08 wintermi