jaketf commented on issue #9461: URL: https://github.com/apache/airflow/issues/9461#issuecomment-670188547
Taking a look at the code now it seems we have this common [GoogleBaseHook](https://github.com/apache/airflow/blob/d79e7221de76f01b5cd36c15224b59e8bb451c90/airflow/providers/google/common/hooks/base_google.py#L125) used by hooks for gsuite and cloud. This `delegate_to` seems not really not useful for cloud, and I don't think the scenario 2 of delegating to a human user to impersonate a service account is an advisable pattern / one worth supporting in airflow core. I think `delegate_to` should be removed / deprecated from the Google Cloud Hooks / Operators to avoid confusion. To play devil's advocate: There may be use cases where users expect `delegate_to` to attribute API calls (e.g. a BQ Query) to the delegated human user. Again, I don't think I'd recommend this as an auditing posture as anyone could throw [email protected] into the `delegate_to` and bootstrap my IAM permissions. IMO This seems like something we shouldn't support. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
