How to get gcloud auth activate-service-account persist

Question

I am using the bq command line tool to query from a Bigquery table. Is there a way to get the service account authentication to persist when I logged in and out of the box that the query process is running on?

Steps I did:

1. I logged into the linux box

2. Authenticate service account by running:

   gcloud auth activate-service-account --key-file /somekeyFile.p12 someServiceAccount.gserviceaccount.com 
   

3. Query from bigquery table, this works fine:

   bq --project_id=formal-cascade-571 query "select * from dw_test.clokTest"
   

But then I logged out from the box, and logged back in. When I query the Bigquery table again:

bq --project_id=formal-cascade-571 query "select * from dw_test.clokTest"

It gives me the error:

Your current active account [someServiceAccount.gserviceaccount.com] does not have any valid credentials.

Even when I pass in the private key file:

bq --service_account=someServiceAccount.gserviceaccount.com --service_account_credential_file=~/clok_cred.txt --service_account_private_key_file=/somekeyFile.p12 --project_id=formal-cascade-571 query "select * from dw_test.clokTest"

It gives the same error:

Your current active account [someServiceAccount.gserviceaccount.com] does not have any valid credentials.

So every time I need to re-authenticate my service account by:

gcloud auth activate-service-account

Is there a way to have the authenticated service account credential persist?

Thank you for your help.

Answer 1

I asked the GCloud devs and they mention a known bug where service accounts don't show up unless the environment variable CLOUDSDK_PYTHON_SITEPACKAGES is set.

Hopefully this will be fixed soon, but in the meantime, when you log in again, can you try running

export CLOUDSDK_PYTHON_SITEPACKAGES=1

and seeing if it then works?

You can run

gcloud auth list

to see what accounts there are credentials for; it should list your service account.