Troubleshooting issues with defining service account for Vertex AI endpoint

I’m trying to use a Vertex AI endpoint I’ve wrapped in a Cloud Function, but keep running into issues when trying to make a BigQuery external connection to use it. Basically, I want to define the service account so everything (Vertex AI, Cloud Function, BQ) are running the same common service account. However, the only way I know how to define the actual service account is via gcloud bigquery connections, which doesn’t seem like it works at this point. What next steps should I take? Otherwise, I continue to get issues when running a statement similar to:

CREATE OR REPLACE FUNCTION `project_id.output_dataset_us_central1.predict_label`(text STRING) RETURNS STRING REMOTE WITH CONNECTION `projects/project_id/locations/us-central1/connections/predict_label` OPTIONS ( endpoint = '<https://us-central1-project_id.cloudfunctions.net/predict_label>' );

just looking at the API it may not be possible to define a service account to be used for the connection itself? it seems like google controls that SA and you have to give permissions to it https://cloud.google.com/bigquery/docs/reference/bigqueryconnection/rest/v1/projects.locations.connections#CloudResourceProperties

i havent used that functionality in BQ yet but I assume you need to grant the SA it uses for the external connection the ability to invoke your cloud function, at least

You can give the service account you intend to use Connection user permission. It should work.