We are in a situation where only our k8s pods have been given the permission to access Datastore. No other user account or service account has the necessary permissions to modify datastore.
I am required to create indexes on datastore. Since I do not have the necessary permissions to do so, I was wondering if there is a mechanism to run gcloud datastore indexes create indexes.yaml from the authorized pods.
There is no difference between a simple Compute engine + gcloud and a Workload identity + gcloud
You can see this description here
Workload Identity intercepts calls to the Compute Engine metadata server to exchange workload identity pool credentials for credentials from the associated GSAs
Thereby, the default authentication mechanism of Gcloud, based on metadata server, is exactly the same.