Does this Cloud Run Metadata Server endpoint provide the default service account, or the one attached?

In the documentation for the Cloud Run container contract, the endpoints are listed to include those to get the email and token:

/computeMetadata/v1/instance/service-accounts/default/email
/computeMetadata/v1/instance/service-accounts/default/token

Descriptions are "Email for the runtime service account of this Cloud Run service or job" and "Generates an OAuth2 access token for the service account of this Cloud Run service or job."

But, the (presumably RESTful) endpoint includes the path service-accounts/default/... And a default service account is a real thing.

My Question

Does the metadata server for Cloud Run return email / token generated for the currently active service account despite the endpoint suggesting that it's for the default service account, or should the endpoints be parameterised by the name of the service account, eg

/computeMetadata/v1/instance/service-accounts/<service-account-name>/email
/computeMetadata/v1/instance/service-accounts/<service-account-name>/token

?



Comments

Popular posts from this blog

Today Walkin 14th-Sept

Spring Elasticsearch Operations

Hibernate Search - Elasticsearch with JSON manipulation