ERROR] Failed to execute goal io.apigee.build-tools.enterprise4g:apigee-edge-maven-plugin:2.3.1:deploy (deploy-bundle) on project HTTPBin: : MojoExecutionException: Service Account file or bearer token is missing -> [Help 1]
So I’m missing something clearly. Does anyone have some pointers on to configure the plugin to use a service account?
The way that works: the maven plugin uses the SA key file to obtain a token, then uses that token to authenticate to apigee.googleapis.com for the purposes of the admin calls to import and deploy a proxy.
Alternatively you could obtain the token from gcloud auth, before you run the maven plugin, and then specify the token like this:
-Dbearer=c912eu1201c
Either way, the maven deploy plugin will use the token to authenticate as it invokes apigee APIs.
The “googleTokenEmail” option lets you specify the SA account that is used by the proxy. For this feature. That is not used when the maven plugin authenticates to apigee.googleapis.com. That email is used by the proxy itself, if and when it connects to upstream systems within GCP.
From a security point of view, I know that having the key file stored what our CI machine isn’t the best option… What’s your advice regarding a safer approach on this?
