lwyszomi commented on a change in pull request #19518:
URL: https://github.com/apache/airflow/pull/19518#discussion_r749314776
##########
File path: docs/apache-airflow-providers-google/connections/gcp.rst
##########
@@ -160,10 +160,13 @@ access token, which will allow to act on its behalf using
its permissions. ``imp
does not even need to have a generated key.
.. warning::
-
:class:`~airflow.providers.google.cloud.operators.kubernetes_engine.GKEStartPodOperator`,
:class:`~airflow.providers.google.cloud.operators.dataflow.DataflowCreateJavaJobOperator`
and
:class:`~airflow.providers.google.cloud.operators.dataflow.DataflowCreatePythonJobOperator`
- do not support direct impersonation as of now.
+ do not support direct impersonation as of now. Both are deprecated and new
operators
+
:class:`~airflow.providers.apache.beam.operators.beam.BeamRunJavaPipelineOperator`
and
Review comment:
@mik-laj I assumed that if we using that configuration and we don't have
any warnings or information then 'impersonation_chain' is used inside the
operators and not only this but all other parameters from
DataflowConfiguration. I didn't run beam operators to verify that works or not.
I only verified GKEStartPodOperator.
in the `provide_authorization_gcloud` we only set up the gcloud connection
and we don't need there `--impersonate-service-account`, this parameter is only
needed in the execution process. Authorization process still should use the
orginal SA, please let me know if I'm wrong.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
