We have multiple GCP Service account keys from different environment such as DEV,STAGING,..PROD.
I would like to run a command in my jenkins box which is there in Dev environment to create access DEV and Staging environments,
I don't want to run gcloud auth command every time, instead i'm expecting something like,
gcloud compute instances list --key-file=dev-sa.json
or
gsutil ls -l --key-file=dev-sa.json
Do we have anyways like this?
Best Answer
Approach the solution differently.
Instead of trying to use different service accounts, use one service account that has access (privileges) to each project.
Create a service account (or use the one that you created). Make note of the service account email address (this is its ID).
Go to IAM for each project and add this email address as a member. Assign the roles/ permissions that you want for this service account. Repeat for each project.
Now you can use this service account json file to setup gcloud, software applications, etc. All you need to do is specify the project when using the credentials.
You can set the default project with
gcloud config set project PROJECT_ID
. Or use the environment variableCLOUDSDK_CORE_PROJECT
.You can specify the project on the command line with
--project PROJECT_ID