Skip to content

Issue with Workload Identity Federation through a Service Account #6

New issue
New issue
Open
Open
Issue with Workload Identity Federation through a Service Account#6
@thekester

Description

@thekester
thekester
opened on Nov 3, 2024

Issue: Improvements Needed for Workload Identity Federation Tutorial (WIF) through a Service Account

Related Issue: gee-community/ee-initialize-github-actions#5

Hello there, I've been working on improving the tutorial for Workload Identity Federation (WIF) through a Service Account, as described here. I identified a few missing pieces in the tutorial that might be causing issues for other users as well, and I wanted to share my progress and some challenges I'm facing.

Improvements Made to Tutorial
  • I extended the tutorial to include additional steps that were not explicitly mentioned, such as the requirement of having a billing account to use the Secret Manager. This was not clearly documented in the initial guide and could cause confusion for those trying to follow along.
  • My extended version of the tutorial can be found here.
  • I also created a workflow file for the tutorial, which can be viewed here.
Current Issue: Authentication Error

However, I'm currently facing an authentication issue when trying to initialize Earth Engine using the Python script.

The error I'm receiving is as follows:

ee.ee_exception.EEException: Please authorize access to your Earth Engine account by running earthengine authenticate

Here are the details of my last workflow failure:
Workflow Run Log

I tried to automate the authentication process by adding the following to the Python script:

import ee
from google.oauth2 import service_account
import os

ee.Authenticate(quiet=True)

credentials_path = os.getenv('GOOGLE_APPLICATION_CREDENTIALS')
credentials = service_account.Credentials.from_service_account_file(credentials_path)
# Initialize Earth Engine with the credentials
ee.Initialize(credentials)

However, I got the following error indicating an issue with the credentials file format:

google.auth.exceptions.MalformedError: Service account info was not in the expected format, missing fields token_uri, client_email.

My question is how to solve the ee authentication issue in the python script?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions