-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version 0.17 breaks GCS blob signing #1964
Comments
Are you on GCE(Compute Engine)? If so then it seems this would apply... |
@daspecster we are actually using a JSON credentials file for a service account. I wonder if there's anything in particular about these credentials that might cause the issue. |
I was just able to reproduce the issue locally. >>> import time
>>> from gcloud import storage
>>> from gcloud.storage import Blob
>>> client = storage.Client()
>>> bucket = client.get_bucket('my-test-bucket')
<Bucket: my-test-bucket>
>>> blob = Blob('ewfwefwefwef', bucket)
>>> blob.generate_signed_url(int(time.time()+5), method='GET')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "gcloud/storage/blob.py", line 239, in generate_signed_url
generation=generation)
File "gcloud/credentials.py", line 223, in generate_signed_url
string_to_sign)
File "gcloud/credentials.py", line 102, in _get_signed_query_params
_, signature_bytes = credentials.sign_blob(string_to_sign)
AttributeError: 'GoogleCredentials' object has no attribute 'sign_blob' It looks like it's not detecting that it's a service account and then using |
@daspecster your local environment likely has |
http://gcloud-python.readthedocs.io/en/latest/gcloud-auth.html#credential-discovery-precedence In theory the env. var. takes precedence over the CLI settings, but maybe something in |
@dhermes, that makes sense. It is picking up my JSON credentials, but shouldn't that end up still being an instance of |
This seems like a pretty bad error though... If it's picking up credentials that aren't capable of signing (ie, it just has a token and not a private key) we should say that... not an AttributeError.... Can we update this to check and then spit out "you need a private key to sign credentials. the credentials you're currently using (insert pointer to those here) just include a token. see (insert link here) for more details." ? |
I'm not sure about the changes in oauth2client but there's an updated error message now per #1966. Let me know if we should close this now. |
This should no longer be an issue:
|
When trying to update our project to use gcloud 0.17, we found one of our tests which uses the
generate_signed_url
for GCS blobs started failing with the following error:The text was updated successfully, but these errors were encountered: