serviceAccountEmail property

String? get serviceAccountEmail

client_email field extracted from the configured service-account JSON, or null when no key file is configured / readable / valid.

Used by the wizard to render targeted IAM-page instructions (grant these roles to {email}) before any step that needs serviceusage.services.enable or similar project-level permissions. A returned value is the canonical principal string for gcloud projects add-iam-policy-binding --member="serviceAccount:...".

Implementation

String? get serviceAccountEmail {
  final String? path = _resolvedServiceAccountPath;
  if (path == null) {
    return null;
  }
  try {
    final String body = File(path).readAsStringSync();
    final dynamic decoded = jsonDecode(body);
    if (decoded is Map<String, dynamic>) {
      final dynamic email = decoded['client_email'];
      if (email is String && email.trim().isNotEmpty) {
        return email.trim();
      }
    }
  } catch (_) {
    // Malformed key file → caller treats this as "no SA email available"
    // and falls back to the path-only message.
  }
  return null;
}