Google Cloud's IAM allows you to activate/deactivate service account keys, so you can safely deactivate and remove a key once you're sure it hasn't broken anything in your systems. In my case, I'm working on a project that implements an API that allows our clients to provision repositories in Google Artifact Registry automatically, and handle their credentials (service accounts and keys). The service is implemented in go and we are using the GCP API clients for golang to interact with the GCP services. The problem I'm facing is that the cloud.google.com/go/iam/admin/apiv1.IamClient we're using for interacting with the IAM service, doesn't exposes the methods for activating/deactivating keys, but the cloud.google.com/go/iam/admin/apiv1/adminpb.IAMClient which it internally uses (see the constructor below) does have them, so I don't really understand the reason for this and I don't know what should I do. Should I use cloud.google.com/go/iam/admin/apiv1/adminpb.IAMClient just for the keys activating/deactivating operations or use it for everything and get rid of the dependency of cloud.google.com/go/iam/admin/apiv1.IamClient in my code base?
Here you can see the constructor function for cloud.google.com/go/iam/admin/apiv1.IamClient:
func NewIamClient(ctx context.Context, opts ...option.ClientOption) (*IamClient, error) {
connPool, err := gtransport.DialPool(ctx, append(defaultIamClientOptions(), opts...)...)
if err != nil {
return nil, err
}
c := &IamClient{
connPool: connPool,
CallOptions: defaultIamCallOptions(),
iamClient: adminpb.NewIAMClient(connPool),
}
c.setGoogleClientInfo()
return c, nil
}
I guess I could replicate this code my self and directly use cloud.google.com/go/iam/admin/apiv1/adminpb.IAMClient as per my convenience. Do you see any issue on that approach? Can you suggest me a better one? Maybe a different API client I'm not aware of...
By the way, I'm following these docs and using the go clients from cloud.google.com. I'm using the libraries from clould.google.com instead of those from google.golang.org for historical reasons (they were already using those libraries when I joined the project), but it would be also nice to know why should I use ones over the others because I don't quite understand the difference between them.