[google|compute] auth needs additional scope to insert images #2533

merged 1 commit into from Mar 6, 2014


None yet
4 participants

kevin-bockman commented Dec 31, 2013

No description provided.

Coverage Status

Coverage remained the same when pulling f520495 on kbockmanrs:gce_image_scope into 742c65b on fog:master.


icco commented Jan 1, 2014

What request are you sending that needed this additional auth? Are there docs somewhere that are wrong?

@ghost ghost assigned icco Jan 1, 2014


kevin-bockman commented Jan 2, 2014

@icco The additional scope was needed to be able to use insert image call, at least when using a service account (which is required for fog). Without this, you would get a permission denied or such error (I forget exactly).


kevin-bockman commented Mar 5, 2014

@icco Here's the error:

/usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/compute.rb:102:in `build_excon_response': Required 'read' permission for 'rawDisk.source' (Fog::Errors::Error)
        from /usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/compute.rb:900:in `build_response'
        from /usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/requests/compute/get_global_operation.rb:24:in `get_global_operation'
        from bin/bundle:129
        from /root/rightimage_rebundle/lib/common.rb:214:in `call'
        from /root/rightimage_rebundle/lib/common.rb:214:in `retry_errors'
        from bin/bundle:129

This is the call:

This is what we do to create the image:

    image_opts = {
      'rawDisk' => { 'containerType' => "TAR", 'source' => "http://storage.googleapis.com/#{bucket}/#{image_name}.tar.gz" }

    response = fog.insert_image(image_name,image_opts)
    operation_id = response.body["name"]
    image_id = "projects/#{project}/images/#{image_name}"

  puts "Waiting for image to be ready.  ID: #{image_id}"
  puts "OPERATION: #{operation_id}"


  status = ""
  until $i > $retries do
    # Fog::Errors::Error exception will be thrown if get_global_operation returns a failure status
    details = retry_errors { fog.get_global_operation(operation_id).body }
    progress = details["progress"]
    status = details["status"]

    $i += 1;
    puts "[#$i/#$retries] Status: #{status} Progress: #{progress}"
    if status == "DONE"
      sleep $wait unless $i > $retries

  unless status == "DONE"
    raise "Timed out waiting for reply"

I tried following the example at:
which is much simpler (and calls the same stuff internally), but it doesn't throw an error that it can't find the image. That must be a bug somewhere..?
Also the example says "connection.image.create" and it should be "connection.images.create"

Can this PR be merged? According to the Google README:
image creation isn't supported yet but with this merged, it would work if you use the alternate route that we are using for image creation (or just hope it worked when using the example).

There isn't a doc wrong, as far as the reason for needing this change. You just need to launch the instance with the proper scope to be able to image the instance.

icco added a commit that referenced this pull request Mar 6, 2014

Merge pull request #2533 from kbockmanrs/gce_image_scope
[google|compute] auth needs additional scope to insert images into GCS

@icco icco merged commit b76f85f into fog:master Mar 6, 2014

1 check failed

default The Travis CI build could not complete due to an error

geemus commented Mar 7, 2014


On Thu, Mar 6, 2014 at 4:23 PM, Nat Welch notifications@github.com wrote:

Merged #2533 #2533.

Reply to this email directly or view it on GitHubhttps://github.com/fog/fog/pull/2533

@kevin-bockman kevin-bockman deleted the kevin-bockman:gce_image_scope branch Mar 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment