[google|compute] auth needs additional scope to insert images #2533

Merged
merged 1 commit into from Mar 6, 2014

Conversation

Projects
None yet
4 participants
Contributor

kevin-bockman commented Dec 31, 2013

No description provided.

Coverage Status

Coverage remained the same when pulling f520495 on kbockmanrs:gce_image_scope into 742c65b on fog:master.

Member

icco commented Jan 1, 2014

What request are you sending that needed this additional auth? Are there docs somewhere that are wrong?

@ghost ghost assigned icco Jan 1, 2014

Contributor

kevin-bockman commented Jan 2, 2014

@icco The additional scope was needed to be able to use insert image call, at least when using a service account (which is required for fog). Without this, you would get a permission denied or such error (I forget exactly).

Contributor

kevin-bockman commented Mar 5, 2014

@icco Here's the error:

/usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/compute.rb:102:in `build_excon_response': Required 'read' permission for 'rawDisk.source' (Fog::Errors::Error)
        from /usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/compute.rb:900:in `build_response'
        from /usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/requests/compute/get_global_operation.rb:24:in `get_global_operation'
        from bin/bundle:129
        from /root/rightimage_rebundle/lib/common.rb:214:in `call'
        from /root/rightimage_rebundle/lib/common.rb:214:in `retry_errors'
        from bin/bundle:129

This is the call:
fog.get_global_operation(operation_id).body

This is what we do to create the image:

    image_opts = {
      'rawDisk' => { 'containerType' => "TAR", 'source' => "http://storage.googleapis.com/#{bucket}/#{image_name}.tar.gz" }
    }

    response = fog.insert_image(image_name,image_opts)
    operation_id = response.body["name"]
    image_id = "projects/#{project}/images/#{image_name}"

  puts "Waiting for image to be ready.  ID: #{image_id}"
  puts "OPERATION: #{operation_id}"

  $i=0
  $retries=30
  $wait=30

  status = ""
  until $i > $retries do
    # Fog::Errors::Error exception will be thrown if get_global_operation returns a failure status
    details = retry_errors { fog.get_global_operation(operation_id).body }
    progress = details["progress"]
    status = details["status"]

    $i += 1;
    puts "[#$i/#$retries] Status: #{status} Progress: #{progress}"
    if status == "DONE"
      break
    else
      sleep $wait unless $i > $retries
    end
  end

  unless status == "DONE"
    raise "Timed out waiting for reply"
  end

I tried following the example at:
https://github.com/fog/fog/blob/master/lib/fog/google/examples/image_create.rb
which is much simpler (and calls the same stuff internally), but it doesn't throw an error that it can't find the image. That must be a bug somewhere..?
Also the example says "connection.image.create" and it should be "connection.images.create"

Can this PR be merged? According to the Google README:
https://github.com/fog/fog/blob/master/lib/fog/google/README.md
image creation isn't supported yet but with this merged, it would work if you use the alternate route that we are using for image creation (or just hope it worked when using the example).

There isn't a doc wrong, as far as the reason for needing this change. You just need to launch the instance with the proper scope to be able to image the instance.

icco added a commit that referenced this pull request Mar 6, 2014

Merge pull request #2533 from kbockmanrs/gce_image_scope
[google|compute] auth needs additional scope to insert images into GCS

@icco icco merged commit b76f85f into fog:master Mar 6, 2014

1 check failed

default The Travis CI build could not complete due to an error
Details
Owner

geemus commented Mar 7, 2014

Thanks!

On Thu, Mar 6, 2014 at 4:23 PM, Nat Welch notifications@github.com wrote:

Merged #2533 #2533.

Reply to this email directly or view it on GitHubhttps://github.com/fog/fog/pull/2533
.

@kevin-bockman kevin-bockman deleted the kevin-bockman:gce_image_scope branch Mar 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment