[Bug]: PubsubIO/PubsubLiteIO is not using the gcp credential set in the PipelineOption #28286
Comments
|
@dpcollins-google any clue? |
|
PubsubIO is replaced by dataflow internally and may not respect this. PubsubLiteIO likely just doesn't support this option. |
|
@dpcollins-google was there any other options to read from other projects pubsub topic using service credentials..? |
|
Not a question for me, its a question for dataflow people since PubsubIO is replaced internally. @aaltay may know |
|
It does appear that PubsubJsonClient uses the credential here However as Daniel notes the PubsubIO implementation is overridden for dataflow. However couldn't you instead grant Service account A viewer/subscriber permissions to read from the topic/sub owned by account B? |
|
Please reopen above if granting permission to the service account used by Dataflow is not sufficient to fix the issue. |
What happened?
My dataflow job is running in Project A, and it needs to use service account which belongs to Project B to read the Pubsub message from Project B. So in the DataflowPipelineOption, I use options.setGcpCredential to set it to use that service account. But when the PubsubIO.readString() tries to read the message, it is still using the GCP credential when launching the dataflow job, not the one I set in the option.
I tried to dive into the code and found when creating PubsubJsonClient, the option doesn't have the gcpCredential field from the pipeline option. Can anyone help on this please? Thanks.
Issue Priority
Priority: 2 (default / most bugs should be filed as P2)
Issue Components
The text was updated successfully, but these errors were encountered: