[gce-quota-sync] Unclear how to authenticate from docker container

[palladius]

I'm compiling the docjer container and passing it a .env vfile containing my project id

$ docker build -t ricc-gce-quota-sync  .
$ docker run -it --env-file=.env ricc-gce-quota-sync printenv

CRONSPEC=13 * * * *
HOSTNAME=836f7eb0fd26
SHLVL=1
HOME=/root
LOGFILE=/var/log/app.log
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
OPT_PROJECT=ric-cccwiki
CRONTAB=/etc/crontabs/root

$ docker run -it --env-file=.env ricc-gce-quota-sync /bin/ash

I'm in!

Now calling file
$ python gce-quota-sync.py

Traceback (most recent call last):
File "gce-quota-sync.py", line 178, in
main(auto_envvar_prefix='OPT')
File "/usr/lib/python2.7/site-packages/click/core.py", line 764, in call
return self.main(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python2.7/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python2.7/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "gce-quota-sync.py", line 160, in main
'compute', 'v1', cache_discovery=False)
File "/usr/lib/python2.7/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/googleapiclient/discovery.py", line 225, in build
credentials=credentials)
File "/usr/lib/python2.7/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/googleapiclient/discovery.py", line 358, in build_from_document
credentials = _auth.default_credentials()
File "/usr/lib/python2.7/site-packages/googleapiclient/_auth.py", line 42, in default_credentials
credentials, _ = google.auth.default()
File "/usr/lib/python2.7/site-packages/google/auth/_default.py", line 356, in default
raise exceptions.DefaultCredentialsError(_HELP_MESSAGE)
google.auth.exceptions.DefaultCredentialsError: Could not automatically determine credentials. Please set GOOGLE_APPLICATION_CREDENTIALS or explicitly create credentials and re-run the application. For more information, please see https://cloud.google.com/docs/authentication/getting-started

Note this part isn't documented. So the question is:

1. If I run it from GCE will it magically work? Awesome! -> document.
2. IF not(1), can I just set up GOOGLE_APPLICATION_CREDENTIALS and it works?
3. If not(2), should I inject a service account? Can you explain how to?

Minor nit - maybe we should have a policy to ask questions with repo in square brackets like I did. The issues part is quite confusing.

[agold-rh]

@ludoo Do you want to take a look at this, or should this issue be closed as stale?

[ludoo]

Hey! There's a new and improved version of this, together with Terraform code for deploying it, in our Fabric repo

https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/blueprints/cloud-operations/quota-monitoring

I will send a PR to replace the code with a link that points to the new home for the tool.