dataflow: simplify authentication instructions (#7198)

* dataflow: simplify authentication instructions

* Made HTML span less lines

* add note on permissions

Author: davidcavazos

Diff for: dataflow/README.md

@@ -12,17 +12,20 @@ This guides you through all the steps needed to run an Apache Beam pipeline in t
 The following instructions help you prepare your Google Cloud project.
 
 1. Install the [Cloud SDK](https://cloud.google.com/sdk/docs/).
-   > *Note:* This is not required in
+
+   > ℹ️ This is not required in
    > [Cloud Shell](https://console.cloud.google.com/cloudshell/editor)
    > since it already has the Cloud SDK pre-installed.
 
-1. Create a new Google Cloud project via the
-   [*New Project* page](https://console.cloud.google.com/projectcreate),
-   or via the `gcloud` command line tool.
+1. Create a new Google Cloud project and save the project ID in an environment variable.
+
+   <button><a href="https://console.cloud.google.com/projectcreate">
+      Click here to create a new project
+   </a></button>
 
    ```sh
+   # Save your project ID in an environment variable for ease of use later on.
    export PROJECT=your-google-cloud-project-id
-   gcloud projects create $PROJECT
    ```
 
 1. Setup the Cloud SDK to your GCP project.
@@ -33,53 +36,23 @@ The following instructions help you prepare your Google Cloud project.
 
 1. [Enable billing](https://cloud.google.com/billing/docs/how-to/modify-project).
 
-1. [Enable the Dataflow API](https://console.cloud.google.com/flows/enableapi?apiid=dataflow).
-
-1. Create a service account JSON key via the
-   [*Create service account key* page](https://console.cloud.google.com/apis/credentials/serviceaccountkey),
-   or via the `gcloud` command line tool.
-   Here is how to do it through the *Create service account key* page.
+1. Enable the Dataflow API.
 
-   * From the **Service account** list, select **New service account**.
-   * In the **Service account name** field, enter a name.
-   * From the **Role** list, select **Project > Owner** **(*)**.
-   * Click **Create**. A JSON file that contains your key downloads to your computer.
+   <button><a href="https://console.cloud.google.com/flows/enableapi?apiid=dataflow">
+      Click here to enable the API
+   </a></button>
 
-   Alternatively, you can use `gcloud` through the command line.
+1. Authenticate to your Google Cloud project.
 
    ```sh
-   export PROJECT=$(gcloud config get-value project)
-   export SA_NAME=samples
-   export IAM_ACCOUNT=$SA_NAME@$PROJECT.iam.gserviceaccount.com
-
-   # Create the service account.
-   gcloud iam service-accounts create $SA_NAME --display-name $SA_NAME
-
-   # Set the role to Project Owner (*).
-   gcloud projects add-iam-policy-binding $PROJECT \
-     --member serviceAccount:$IAM_ACCOUNT \
-     --role roles/owner
-
-   # Create a JSON file with the service account credentials.
-   gcloud iam service-accounts keys create path/to/your/credentials.json \
-     --iam-account=$IAM_ACCOUNT
+   gcloud auth application-default login
    ```
 
-   > **(*)** *Note:* The **Role** field authorizes your service account to access resources.
-   > You can view and change this field later by using the
-   > [GCP Console IAM page](https://console.cloud.google.com/iam-admin/iam).
-   > If you are developing a production app, specify more granular permissions than **Project > Owner**.
-   > For more information, see
-   > [Granting roles to service accounts](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts).
-
-   For more information, see
-   [Creating and managing service accounts](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
-
-1. Set your `GOOGLE_APPLICATION_CREDENTIALS` environment variable to point to your service account key file.
-
-   ```sh
-   export GOOGLE_APPLICATION_CREDENTIALS=path/to/your/credentials.json
-   ```
+   > ℹ️ For more information on authentication, see the
+   > [Authentication overview](https://googleapis.dev/python/google-api-core/latest/auth.html) page.
+   >
+   > To learn more about the permissions needed for Dataflow, see the
+   > [Dataflow security and permissions](https://cloud.google.com/dataflow/docs/concepts/security-and-permissions) page.
 
 ## Setting up a Python development environment