This document describes how to authenticate to Cloud Data Fusion programmatically.
For more information about Google Cloud authentication, see the
Cloud Data Fusion supports programmatic access. How you authenticate to
Cloud Data Fusion depends on how you access the API. You can access the API in the
Google Cloud CLI
When you use the gcloud CLI to access
Cloud Data Fusion, you
log in to the gcloud CLI with a Google Account,
which provides the credentials used by the gcloud CLI commands.
If your organization's security policies prevent user accounts from having the required
permissions, you can impersonate a service account, either by using the
or by using the
which affects only the command for which you use it.
For more information about using the gcloud CLI with Cloud Data Fusion, see
the gcloud CLI reference pages.
You can authenticate to Cloud Data Fusion
from the command line by using
Application Default Credentials.
For more information, see Authenticate using REST.
If you want to use the API without using a client library, you can use
Google's authentication library
for your programming language. Alternatively, you can
implement authentication in your code.
Access control in Cloud Data Fusion
When you grant roles to a principal, always grant
roles with only the required permissions; granting broader roles, such as basic roles, violates
the principle of least privilege.
For more information about the roles for Cloud Data Fusion, see
Access control with IAM.
For more information about Identity and Access Management (IAM) and authorization, see