Background
Consider the function func NewApp(ctx context.Context, config *Config, opts ...option.ClientOption) (*App, error)
.
Theoretically it should be possible to override the project ID via the config
parameter.
However, the problem is that when the credentials are fetched, the project ID is also determined, and this happens before the override via config
(or via GOOGLE_CLOUD_PROJECT
/GCLOUD_PROJECT
env. variables for that matter.)
As a result, the token will be for the "default" project ID, not the overridden one.
Detailed steps
Suppose we use the "default service account" as per here:
- If the environment variable isn't set, ADC uses the default service account that Compute Engine, Kubernetes Engine, App Engine, and Cloud Functions provide, for applications that run on those services.
So this is what will happen in that case:
creds, err := transport.Creds(ctx, o...)
return internal.Creds(ctx, &ds)
cred, err := google.FindDefaultCredentials(ctx, ds.Scopes...)
id, _ := metadata.ProjectID() // (x) at this point we get the default project ID
func ProjectID() (string, error) { return defaultClient.ProjectID() }
func (c *Client) ProjectID() (string, error) { return projID.get(c) }
val, _, err := c.getETag(suffix)
In short, we get the credentials with the default project ID.
Question: Am I missing something, or is there really no way to override the project ID, when using the default service account?
Addendum: Maybe the problem is not the projectID
in the credentials, but getting the bearer token with the default project ID configured there. The base question ("how to override the project") is still valid, though.