dataform icon indicating copy to clipboard operation
dataform copied to clipboard
verified publisher icon dataform-co

feat: add support for service account impersonation

Open ashish10alex opened this issue 5 months ago • 2 comments

Fixes: https://github.com/dataform-co/dataform/issues/2000

Solution:

Update @google-cloud/bigquery to a newer version which supports service account impersonation. The version number (~7.1.1) was set from finding the maximum version of @google-cloud/bigquery such that current minimum Node JS version (16.6.0) does not need to be changed.

Tests

  1. Able to create .df-credentials.json after authenticating to service account to impersonate by running the following. Earlier to would throw an error: The incoming JSON object does not contain a client_email field 
gcloud auth application-default login --impersonate-service-account=<service-account-here>
CleanShot 2025-08-06 at 16 15 31@2x
  1. Able to do dataform run with the impersonated service account
CleanShot 2025-08-06 at 16 17 02@2x CleanShot 2025-08-06 at 16 18 09@2x
  1. bazel test //core/... & ./scripts/lint passes

ashish10alex avatar Aug 06 '25 15:08 ashish10alex

Any further updates on when this will be merged?

wintermi avatar Sep 03 '25 09:09 wintermi

Unfortunately, we cannot merge this right now. It is required some additional work on build toolchain upgrade, which allows us to upgrade all the dependencies. This work will most likely be done in Q4'2025.

Ceridan avatar Sep 05 '25 14:09 Ceridan