Description
The GCP project we (are? were?) using to test the to_gbq and read_gbq is scheduled to get a policy applied to it that prevents the use of service account key files. https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#disable_service_account_key_creation
In anticipation of this change:
-
Are the
to_gbqandread_gbqtests still running in the CI for this project? It's been a while since I've last looked and I've forgotten where they would be running. -
If they are running somewhere and we want to continue running them, we need to do something about this upcoming restriction.
a. Ideally we'd migrate these tests to a service that doesn't require a GCP service account key file to connect to BigQuery. Cloud Build could be a good candidate, as it has a service account associated with it that doesn't require a key file. I could help migrate these tests if that's what we choose to do.
b. We continue to use a key file, but it'd have to be a project not associated with Google. This may be more difficult to get billing figured out (not that the tests actually cost that much to run, but there's overhead in getting the billing accounts setup plus whomever sets them up is a bit at risk if someone abuses the credentials)
I'd appreciate your thoughts so that we can continue to ensure these methods work well.