Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes workload identity to GCS does not work, defaulting to anonymous user #848

Closed
VytautasRuk opened this issue Feb 22, 2024 · 1 comment
Closed

Kubernetes workload identity to GCS does not work, defaulting to anonymous user #848

VytautasRuk opened this issue Feb 22, 2024 · 1 comment
Assignees
@Slach
Milestone
2.4.33

Comments

@VytautasRuk
Copy link

New improvements for custom GCS endpoint have broken backup jobs.
https://github.com/Altinity/clickhouse-backup/blob/v2.4.32/pkg/storage/gcs.go#L104

This logic adds new function, which forces anonymous user to be used for authorization (if CredentialsJSON is null) and it fails on GCP side.
can\'t upload: googleapi: Error 401: Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object. Permission \'storage.objects.get\' denied on resource

And we only have token, so it does not meet json format reqs.
Before this change has been introduced, Kubernetes workload identity worked with default settings to GCS, now it's defaulting to anonymous user.
@Slach
Copy link
Collaborator

Slach commented Feb 22, 2024
edited

thanks for reporting
look #847
will fix ASAP in 2.4.33

@Slach Slach added this to the 2.4.33 milestone Feb 22, 2024
@Slach Slach self-assigned this Feb 22, 2024
@Slach Slach closed this as completed in 40029a6 Feb 22, 2024
Slach added a commit that referenced this issue Feb 22, 2024
@Slach
fix cli.py.cli.snapshot after added GCS_SKIP_CREDENTIALS fix #848, fix
0530494 
…#847
Slach added a commit that referenced this issue Feb 22, 2024
@Slach
fix config-gcs-custom-endpoint.yml after added GCS_SKIP_CREDENTIALS fix
25e80e4 
#848, fix #847
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Slach Slach

Labels
None yet
Projects
None yet
Milestone
2.4.33
Development

No branches or pull requests
2 participants
@Slach @VytautasRuk