In the documentation for the Cloud Run container contract, the endpoints are listed to include those to get the email and token:
/computeMetadata/v1/instance/service-accounts/default/email
/computeMetadata/v1/instance/service-accounts/default/token
Descriptions are "Email for the runtime service account of this Cloud Run service or job" and "Generates an OAuth2 access token for the service account of this Cloud Run service or job."
But, the (presumably RESTful) endpoint includes the path service-accounts/default/... And a default service account is a real thing.
My Question
Does the metadata server for Cloud Run return email / token generated for the currently active service account despite the endpoint suggesting that it's for the default service account, or should the endpoints be parameterised by the name of the service account, eg
/computeMetadata/v1/instance/service-accounts/<service-account-name>/email
/computeMetadata/v1/instance/service-accounts/<service-account-name>/token
?
No comments:
Post a Comment