Support 'role-assumption' with multiple credentials #164
Description
Just putting this in writing from a discussion with @yuvipanda yesterday.
I have the following usecase in https://github.com/leap-stc/cmip6-leap-feedstock
I want to cache, run dataflow, and write on some project with service account A, but then as a final step of my pipeline I would like to move the files written to another bucket using service account B and do all of that in a single beam pipeline.
It would be nice if I could just provide both service account keys and this would just work, but Yuvi said this would require some changes (specifically supporting 'role-assumption'). I have gotten around this by just giving service account B the same permissions as A for now, but it would be nicer to keep them completely separated.
Just a pin for the future, no rush on my end.