I'm trying to understand how gcloud manages to work with APIs that require service account to access them, e.g. accessing Speech API using your user (not svcacc) credentials will result in "403 Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the speech.googleapis.com".
However when I run gcloud ml speech recognize gs://cloud-samples-tests/speech/brooklyn.flac --language-code=en-US
it works just fine even-though I didn't set any dedidcated svcacc keys as described in the quick start [1], and even disabled all service accounts in the project just to be sure.
So again,
gcloud ml speech recognize gs://cloud-samples-tests/speech/brooklyn.flac --language-code=en-US
- workscurl -s -H "Content-Type: application/json" -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://speech.googleapis.com/v1/speech:recognize -d @sync-request.json
as per [2] fails with 403 error above
Question: how gcloud manages to work without me providing it with a dedicated service account?
[1] https://cloud.google.com/speech-to-text/docs/quickstart-gcloud