App default credentials do not work on App Engine Managed VMs. #513
Assignees
Labels
status: blocked
Resolving the issue is dependent on other work.
Comments
|
Have you tried against master? We just started using google-auth-library, but haven't made a release yet. |
|
Yes, this is against master. It's possible that managed VMs does not expose the service account from the underlying VM. |
|
I think it should... I just came across this library which appears to provide that functionality (getting a token) from within Managed VMs. |
|
This might be that the service account associated with the managed VM doesn't have the datastore scope. Investigating and will update. |
|
Yeah they seem to be hitting the same endpoint as long as it's working as it should. |
|
Okay. That is exactly the problem.
Once the settings are documented, we should add some documentation here around adding scopes to MVMs/GCE to allow access. |
|
@jonparrott Thanks for investigating! Can you open a new issue and point to the docs that helped you resolve this issue so we know how to document it for our users? |
|
It's not currently documented :( I'll create a new issue here once I get the docs published. |
|
Okey doke! I'll reopen this to keep tracking the issue. |
stephenplusplus
added
the
status: blocked
@jonparrott if that's documented now (?), that's probably good enough. Maybe a simple line could be added to https://github.com/GoogleCloudPlatform/gcloud-common/tree/master/authentication with something like "To enable the scopes on a managed VM, see ..." |
|
This is a non-issue now, as all the requisite scopes for GCP APIs are now defaulted in MVMs. Users should never have to change the scopes. If they do, I consider that that's a bug on our end. |
|
Oh, great. Thanks again! |
4 tasks
sofisl
pushed a commit
that referenced
this issue
Sep 15, 2022
sofisl
pushed a commit
that referenced
this issue
Sep 27, 2022
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/000b31a7-d841-4bba-9f39-9c136bef31bc/targets - [ ] To automatically regenerate this PR, check this box.
4 tasks
sofisl
pushed a commit
that referenced
this issue
Nov 9, 2022
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/000b31a7-d841-4bba-9f39-9c136bef31bc/targets - [ ] To automatically regenerate this PR, check this box.
This was referenced Nov 9, 2022
sofisl
pushed a commit
that referenced
this issue
Nov 10, 2022
4 tasks
sofisl
pushed a commit
that referenced
this issue
Nov 10, 2022
Note that this not a breaking change for any other language, and the C# library for this has not been published by Google. PiperOrigin-RevId: 375638678 Source-Link: googleapis/googleapis@d4d6443 Source-Link: googleapis/googleapis-gen@8fb1ab6
4 tasks
sofisl
pushed a commit
that referenced
this issue
Nov 10, 2022
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/18b0a4f0-1600-404c-b007-4183fa7fccbb/targets - [ ] To automatically regenerate this PR, check this box. (May take up to 24 hours.) Source-Link: googleapis/synthtool@c6706ee Source-Link: googleapis/synthtool@b33b0e2 Source-Link: googleapis/synthtool@898b38a
4 tasks
sofisl
pushed a commit
that referenced
this issue
Nov 11, 2022
- [ ] Regenerate this pull request now. Committer: @summer-ji-eng PiperOrigin-RevId: 424244721 Source-Link: googleapis/googleapis@4b6b01f Source-Link: googleapis/googleapis-gen@8ac83fb Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiOGFjODNmYmE2MDZkMDA4YzdlOGE0MmU3ZDU1YjY1OTZlYzRiZTM1ZiJ9
4 tasks
sofisl
pushed a commit
that referenced
this issue
Nov 11, 2022
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/8b7e3986-c966-4325-9ced-bdd850176095/targets - [ ] To automatically regenerate this PR, check this box.
sofisl
pushed a commit
that referenced
this issue
Nov 11, 2022
🤖 I have created a release \*beep\* \*boop\* --- ## [2.2.0](https://github.com/googleapis/nodejs-monitoring/compare/v2.1.5...v2.2.0) (2021-01-09) ### Features * adds style enumeration ([#513](https://github.com/googleapis/nodejs-monitoring/issues/513)) ([2ca2169](https://github.com/googleapis/nodejs-monitoring/commit/2ca2169553c90a588cc8c7374d4790da3bf122f2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
4 tasks
sofisl
pushed a commit
that referenced
this issue
Nov 11, 2022
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [sinon](https://sinonjs.org/) ([source](https://github.com/sinonjs/sinon)) | [`^11.0.0` -> `^12.0.0`](https://renovatebot.com/diffs/npm/sinon/11.1.2/12.0.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>sinonjs/sinon</summary> ### [`v12.0.1`](https://github.com/sinonjs/sinon/blob/master/CHANGES.md#​1201) [Compare Source](https://github.com/sinonjs/sinon/compare/v12.0.0...v12.0.1) - [`3f598221`](https://github.com/sinonjs/sinon/commit/3f598221045904681f2b3b3ba1df617ed5e230e3) Fix issue with npm unlink for npm version > 6 (Carl-Erik Kopseng) > 'npm unlink' would implicitly unlink the current dir > until version 7, which requires an argument - [`51417a38`](https://github.com/sinonjs/sinon/commit/51417a38111eeeb7cd14338bfb762cc2df487e1b) Fix bundling of cjs module ([#​2412](https://github.com/sinonjs/sinon/issues/2412)) (Julian Grinblat) > - Fix bundling of cjs module > > - Run prettier *Released by [Carl-Erik Kopseng](https://github.com/fatso83) on 2021-11-04.* #### 12.0.0 ### [`v12.0.0`](https://github.com/sinonjs/sinon/compare/v11.1.2...v12.0.0) [Compare Source](https://github.com/sinonjs/sinon/compare/v11.1.2...v12.0.0) </details> --- ### Configuration 📅 **Schedule**: "after 9am and before 3pm" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/nodejs-kms).
4 tasks
sofisl
pushed a commit
that referenced
this issue
Nov 18, 2022
* test: use fully qualified request type name in tests PiperOrigin-RevId: 475685359 Source-Link: googleapis/googleapis@7a12973 Source-Link: googleapis/googleapis-gen@370c729 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMzcwYzcyOWUyYmEwNjJhMTY3NDQ5YzI3ODgyYmE1ZjM3OWM1YzM0ZCJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
4 tasks
sofisl
pushed a commit
that referenced
this issue
Jan 10, 2023
](https://renovatebot.com){kind=link}
4 tasks
sofisl
pushed a commit
that referenced
this issue
Sep 13, 2023
[PR](googleapis/gapic-generator-typescript#878) within updated gapic-generator-typescript version 1.4.0 Committer: @summer-ji-eng PiperOrigin-RevId: 375759421 Source-Link: googleapis/googleapis@95fa72f Source-Link: googleapis/googleapis-gen@f40a343
sofisl
pushed a commit
that referenced
this issue
Sep 13, 2023
🤖 I have created a release \*beep\* \*boop\* --- ### [2.4.3](https://github.com/googleapis/nodejs-automl/compare/v2.4.2...v2.4.3) (2021-07-21) ### Bug Fixes * **deps:** google-gax v2.17.1 ([#526](https://github.com/googleapis/nodejs-automl/issues/526)) ([8911d45](https://github.com/googleapis/nodejs-automl/commit/8911d457513f2c0c9cca6d2b7473b314ac3a4efd)) * **deps:** require google-gax v2.17.0 ([#524](https://github.com/googleapis/nodejs-automl/issues/524)) ([5863c54](https://github.com/googleapis/nodejs-automl/commit/5863c5440bf94fa2fd986b5c8f5265b86fd4497e)) * make request optional in all cases ([#521](https://github.com/googleapis/nodejs-automl/issues/521)) ([a45622a](https://github.com/googleapis/nodejs-automl/commit/a45622a9f53683a73fd2057ef5a2ccf22e7da946)) * REST fallback client header ([#513](https://github.com/googleapis/nodejs-automl/issues/513)) ([833d2d7](https://github.com/googleapis/nodejs-automl/commit/833d2d70ff1828a69e7f9482f58189f5d484751f)) * Updating WORKSPACE files to use the newest version of the Typescript generator. ([#527](https://github.com/googleapis/nodejs-automl/issues/527)) ([dfb504e](https://github.com/googleapis/nodejs-automl/commit/dfb504e12075136707e5915b1db6f65ed72d5aa9)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When running locally or on Google Compute Engine, app default credentials are used to provide authentication without needed to provide a private key. However, this does not work when deployed to Managed VMs.
The text was updated successfully, but these errors were encountered: