New issue
Advanced search Search tips

Issue 912673 link

Starred by 1 user
Status: Assigned
Owner:
vadimsh@chromium.org
Cc:
mar...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

'bq' tool from gcloud SDK doesn't use task accounts credentials

Project Member Reported by vadimsh@chromium.org, Dec 6 
bq '--project_id=dart-ci' insert results.results_v1)
ERROR: (bq) Your current active account [dart-luci-try-builder@dart-ci.iam.gserviceaccount.com] does not have any valid credentials

https://chromium-swarm.appspot.com/task?id=419d92857ffee110&refresh=10

More info in https://groups.google.com/a/google.com/d/msg/luci-eng/N8RD-Doyn5c/SDy8ccTHBgAJ

Comment 1 by vadimsh@chromium.org, Dec 6 

Looks like authentication from within devshell (aka Cloud SSH) now happens via GCE metadata mechanism, rather than via DEVSHELL_CLIENT_PORT env var (that LUCI emulates). It means there's a chance more and more gcloud tools will stop working on LUCI unless we find a way to emulate GCE metadata :(

Comment 2 by vadimsh@chromium.org, Dec 6 

Looks like we replace GCE metadata URL with GCE_METADATA_ROOT env var (for tools that use googlecloudsdk.core.credentials). We should probably add GCE metadata server emulation to kitchen, so it can supply credentials. This will also have a nice side effect of abstracting tasks from GCE environment.

Sign in to add a comment