Question: is there a way to work with service account impersonation and docker connection ?

[ginolegigot]

Hello!
Using this way https://cloud.google.com/artifact-registry/docs/docker/authentication#token, i can use the python docker sdk to use service account impersonation with docker, is there a way like a google cloud patform connection to use service account impersonation and use the mechanism i linked in the aforementionned doc within a docker connection ? So i can use it with a docker operator

[ginolegigot]

or would it be possible to modify the docker connection dynamically, affect it a password in a first task and then using it in the docker operator ?

[ginolegigot]

That code is not working

        import google.auth.transport.requests
        from airflow.hooks.base_hook import BaseHook

        # retrieve service account email to impersonate and create an impersonated credentials object, (works great with python docker sdk)
        credential = get_gcp_credentials_with_impersonation(
            "docker_connection_registry_impersonation",
        )
        # need this to expose the token within the credentials object
        auth_req = google.auth.transport.requests.Request()
        credential.refresh(auth_req)

        # retrieve the docker connection where the password is None, the user of the docker connection is "oauth2accesstoken" following the doc i linked above
        docker_images_git_project_connection: object = BaseHook.get_connection("test_docker")
        # set the password of the test docker connection with the gotten token from the credential
        docker_images_git_project_connection.set_password(credential.token)

My docker operator can't log to GCP registry

[ginolegigot]

any hint other than dropping docker operator for a task written with python docker sdk would be appreciated :)

[potiuk]

Thanks @ginolegigot. @Thelma345 your account and this hidden message has been reported to Github as inauthentic activity. Stop doing it unless you want your account to be blocked by GitHub.