Skip to content


Subversion checkout URL

You can clone with
Download ZIP


[google|compute] auth needs additional scope to insert images #2533

merged 1 commit into from

4 participants


No description provided.


Coverage Status

Coverage remained the same when pulling f520495 on kbockmanrs:gce_image_scope into 742c65b on fog:master.


What request are you sending that needed this additional auth? Are there docs somewhere that are wrong?

@icco icco was assigned

@icco The additional scope was needed to be able to use insert image call, at least when using a service account (which is required for fog). Without this, you would get a permission denied or such error (I forget exactly).


@icco Here's the error:

/usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/compute.rb:102:in `build_excon_response': Required 'read' permission for 'rawDisk.source' (Fog::Errors::Error)
        from /usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/compute.rb:900:in `build_response'
        from /usr/local/rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/bundler/gems/fog-155e5a3755a5/lib/fog/google/requests/compute/get_global_operation.rb:24:in `get_global_operation'
        from bin/bundle:129
        from /root/rightimage_rebundle/lib/common.rb:214:in `call'
        from /root/rightimage_rebundle/lib/common.rb:214:in `retry_errors'
        from bin/bundle:129

This is the call:

This is what we do to create the image:

    image_opts = {
      'rawDisk' => { 'containerType' => "TAR", 'source' => "{bucket}/#{image_name}.tar.gz" }

    response = fog.insert_image(image_name,image_opts)
    operation_id = response.body["name"]
    image_id = "projects/#{project}/images/#{image_name}"

  puts "Waiting for image to be ready.  ID: #{image_id}"
  puts "OPERATION: #{operation_id}"


  status = ""
  until $i > $retries do
    # Fog::Errors::Error exception will be thrown if get_global_operation returns a failure status
    details = retry_errors { fog.get_global_operation(operation_id).body }
    progress = details["progress"]
    status = details["status"]

    $i += 1;
    puts "[#$i/#$retries] Status: #{status} Progress: #{progress}"
    if status == "DONE"
      sleep $wait unless $i > $retries

  unless status == "DONE"
    raise "Timed out waiting for reply"

I tried following the example at:
which is much simpler (and calls the same stuff internally), but it doesn't throw an error that it can't find the image. That must be a bug somewhere..?
Also the example says "connection.image.create" and it should be "connection.images.create"

Can this PR be merged? According to the Google README:
image creation isn't supported yet but with this merged, it would work if you use the alternate route that we are using for image creation (or just hope it worked when using the example).

There isn't a doc wrong, as far as the reason for needing this change. You just need to launch the instance with the proper scope to be able to image the instance.

@icco icco merged commit b76f85f into fog:master

1 check failed

Details default The Travis CI build could not complete due to an error
@kevin-bockman kevin-bockman deleted the kevin-bockman:gce_image_scope branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 3 additions and 1 deletion.
  1. +3 −1 lib/fog/google/compute.rb
4 lib/fog/google/compute.rb
@@ -843,7 +843,9 @@ class Real
def initialize(options)
base_url = ''
- api_scope_url = ''
+ # The devstorage scope is needed to be able to insert images
+ # devstorage.read_only scope is not sufficient like you'd hope
+ api_scope_url = ''
google_client_email = options[:google_client_email]
Something went wrong with that request. Please try again.