Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCE metadata server credentials cannot sign storage blob #141

Closed
neozwu opened this issue Nov 15, 2017 · 6 comments
Closed

GCE metadata server credentials cannot sign storage blob #141

neozwu opened this issue Nov 15, 2017 · 6 comments
Assignees
@chingor13
Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@neozwu
Copy link
Contributor

neozwu commented Nov 15, 2017

With GAE java 8 standard runtime, GCE metadata server is used to retrieve credentials. However, unlike google.appengine.api.app_identity.sign_blob(), metadata sever is not able to sign GCS blob (discussion captured here and here). It seems the timeline for metadata server to enable signing is not clear. This currently blocks java storage client library to run on GAE java 8 standard (googleapis/google-cloud-java#2629). Auth lib should implement IAM signer to provide workaround (as python auth lib did: googleapis/google-auth-library-python#108)
@phimar
Copy link

phimar commented Nov 21, 2017

Hi.
Can I do anything to push a fix for this issue? Like providing a PR?

@vchudnov-g vchudnov-g assigned lesv and unassigned vchudnov-g Jan 24, 2018
@vchudnov-g
Copy link
Contributor

@lesv , would you be able to address this or assign to someone who could?

@lesv
Copy link
Contributor

lesv commented Jan 25, 2018

I'll create an internal issue and cc all of you.

@lesv lesv removed their assignment Jan 25, 2018
@lesv
Copy link
Contributor

lesv commented Jan 25, 2018

Done. Googler's should see an email.

@dtretyakov
Copy link
Contributor

It will make configuration of our solution much easier without dealing with private json keys to produce signed urls for storage blobs.

@dtretyakov
Copy link
Contributor

@lesv, it was addressed in #150

@JustinBeckwith JustinBeckwith added 🚨 This issue needs some love. triage me I really want to be triaged. labels Jun 8, 2018
@JustinBeckwith JustinBeckwith added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. and removed triage me I really want to be triaged. 🚨 This issue needs some love. labels Jun 20, 2018
@chingor13 chingor13 self-assigned this Jul 3, 2018
@chingor13 chingor13 mentioned this issue Jul 12, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chingor13 chingor13

Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@chingor13 @JustinBeckwith @dtretyakov @lesv @phimar @vchudnov-g @neozwu