-
Notifications
You must be signed in to change notification settings - Fork 592
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
App default credentials do not work on App Engine Managed VMs. #513
Comments
Have you tried against master? We just started using google-auth-library, but haven't made a release yet. |
Yes, this is against master. It's possible that managed VMs does not expose the service account from the underlying VM. |
I think it should... I just came across this library which appears to provide that functionality (getting a token) from within Managed VMs. |
This might be that the service account associated with the managed VM doesn't have the datastore scope. Investigating and will update. |
Yeah they seem to be hitting the same endpoint as long as it's working as it should. |
Okay. That is exactly the problem.
Once the settings are documented, we should add some documentation here around adding scopes to MVMs/GCE to allow access. |
@jonparrott Thanks for investigating! Can you open a new issue and point to the docs that helped you resolve this issue so we know how to document it for our users? |
It's not currently documented :( I'll create a new issue here once I get the docs published. |
Okey doke! I'll reopen this to keep tracking the issue. |
@jonparrott if that's documented now (?), that's probably good enough. Maybe a simple line could be added to https://github.com/GoogleCloudPlatform/gcloud-common/tree/master/authentication with something like "To enable the scopes on a managed VM, see ..." |
This is a non-issue now, as all the requisite scopes for GCP APIs are now defaulted in MVMs. Users should never have to change the scopes. If they do, I consider that that's a bug on our end. |
Oh, great. Thanks again! |
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/000b31a7-d841-4bba-9f39-9c136bef31bc/targets - [ ] To automatically regenerate this PR, check this box.
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/000b31a7-d841-4bba-9f39-9c136bef31bc/targets - [ ] To automatically regenerate this PR, check this box.
Note that this not a breaking change for any other language, and the C# library for this has not been published by Google. PiperOrigin-RevId: 375638678 Source-Link: googleapis/googleapis@d4d6443 Source-Link: googleapis/googleapis-gen@8fb1ab6
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/18b0a4f0-1600-404c-b007-4183fa7fccbb/targets - [ ] To automatically regenerate this PR, check this box. (May take up to 24 hours.) Source-Link: googleapis/synthtool@c6706ee Source-Link: googleapis/synthtool@b33b0e2 Source-Link: googleapis/synthtool@898b38a
- [ ] Regenerate this pull request now. Committer: @summer-ji-eng PiperOrigin-RevId: 424244721 Source-Link: googleapis/googleapis@4b6b01f Source-Link: googleapis/googleapis-gen@8ac83fb Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiOGFjODNmYmE2MDZkMDA4YzdlOGE0MmU3ZDU1YjY1OTZlYzRiZTM1ZiJ9
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/8b7e3986-c966-4325-9ced-bdd850176095/targets - [ ] To automatically regenerate this PR, check this box.
🤖 I have created a release \*beep\* \*boop\* --- ## [2.2.0](https://www.github.com/googleapis/nodejs-monitoring/compare/v2.1.5...v2.2.0) (2021-01-09) ### Features * adds style enumeration ([#513](https://www.github.com/googleapis/nodejs-monitoring/issues/513)) ([2ca2169](https://www.github.com/googleapis/nodejs-monitoring/commit/2ca2169553c90a588cc8c7374d4790da3bf122f2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
[![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [sinon](https://sinonjs.org/) ([source](https://togithub.com/sinonjs/sinon)) | [`^11.0.0` -> `^12.0.0`](https://renovatebot.com/diffs/npm/sinon/11.1.2/12.0.1) | [![age](https://badges.renovateapi.com/packages/npm/sinon/12.0.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/sinon/12.0.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/sinon/12.0.1/compatibility-slim/11.1.2)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/sinon/12.0.1/confidence-slim/11.1.2)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>sinonjs/sinon</summary> ### [`v12.0.1`](https://togithub.com/sinonjs/sinon/blob/master/CHANGES.md#​1201) [Compare Source](https://togithub.com/sinonjs/sinon/compare/v12.0.0...v12.0.1) - [`3f598221`](https://togithub.com/sinonjs/sinon/commit/3f598221045904681f2b3b3ba1df617ed5e230e3) Fix issue with npm unlink for npm version > 6 (Carl-Erik Kopseng) > 'npm unlink' would implicitly unlink the current dir > until version 7, which requires an argument - [`51417a38`](https://togithub.com/sinonjs/sinon/commit/51417a38111eeeb7cd14338bfb762cc2df487e1b) Fix bundling of cjs module ([#​2412](https://togithub.com/sinonjs/sinon/issues/2412)) (Julian Grinblat) > - Fix bundling of cjs module > > - Run prettier *Released by [Carl-Erik Kopseng](https://togithub.com/fatso83) on 2021-11-04.* #### 12.0.0 ### [`v12.0.0`](https://togithub.com/sinonjs/sinon/compare/v11.1.2...v12.0.0) [Compare Source](https://togithub.com/sinonjs/sinon/compare/v11.1.2...v12.0.0) </details> --- ### Configuration 📅 **Schedule**: "after 9am and before 3pm" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/nodejs-kms).
* test: use fully qualified request type name in tests PiperOrigin-RevId: 475685359 Source-Link: googleapis/googleapis@7a12973 Source-Link: googleapis/googleapis-gen@370c729 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMzcwYzcyOWUyYmEwNjJhMTY3NDQ5YzI3ODgyYmE1ZjM3OWM1YzM0ZCJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
[PR](googleapis/gapic-generator-typescript#878) within updated gapic-generator-typescript version 1.4.0 Committer: @summer-ji-eng PiperOrigin-RevId: 375759421 Source-Link: googleapis/googleapis@95fa72f Source-Link: googleapis/googleapis-gen@f40a343
🤖 I have created a release \*beep\* \*boop\* --- ### [2.4.3](https://www.github.com/googleapis/nodejs-automl/compare/v2.4.2...v2.4.3) (2021-07-21) ### Bug Fixes * **deps:** google-gax v2.17.1 ([#526](https://www.github.com/googleapis/nodejs-automl/issues/526)) ([8911d45](https://www.github.com/googleapis/nodejs-automl/commit/8911d457513f2c0c9cca6d2b7473b314ac3a4efd)) * **deps:** require google-gax v2.17.0 ([#524](https://www.github.com/googleapis/nodejs-automl/issues/524)) ([5863c54](https://www.github.com/googleapis/nodejs-automl/commit/5863c5440bf94fa2fd986b5c8f5265b86fd4497e)) * make request optional in all cases ([#521](https://www.github.com/googleapis/nodejs-automl/issues/521)) ([a45622a](https://www.github.com/googleapis/nodejs-automl/commit/a45622a9f53683a73fd2057ef5a2ccf22e7da946)) * REST fallback client header ([#513](https://www.github.com/googleapis/nodejs-automl/issues/513)) ([833d2d7](https://www.github.com/googleapis/nodejs-automl/commit/833d2d70ff1828a69e7f9482f58189f5d484751f)) * Updating WORKSPACE files to use the newest version of the Typescript generator. ([#527](https://www.github.com/googleapis/nodejs-automl/issues/527)) ([dfb504e](https://www.github.com/googleapis/nodejs-automl/commit/dfb504e12075136707e5915b1db6f65ed72d5aa9)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
When running locally or on Google Compute Engine, app default credentials are used to provide authentication without needed to provide a private key. However, this does not work when deployed to Managed VMs.
The text was updated successfully, but these errors were encountered: