Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-goog-user-project header has gone in second request #1114

Closed
hideto0710 opened this issue Jan 13, 2021 · 3 comments · Fixed by #1116
Closed

x-goog-user-project header has gone in second request #1114

hideto0710 opened this issue Jan 13, 2021 · 3 comments · Fixed by #1116
Assignees
@sofisl
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. type: question Request for information or clarification. Not an issue.

Comments

@hideto0710
Copy link
Contributor

Environment details

  • OS: macOS BigSur 11.1
  • Node.js version: v14.15.3
  • npm version: 6.14.10
  • google-auth-library version: 6.1.4

Steps to reproduce

  1. gcloud auth application-default set-quota-project MY_PROJECT_ID
export const authTest = async () => {
  const auth = new GoogleAuth();
  const client = await auth.getClient();
  const headersFirst = await client.getRequestHeaders();
  console.log(headersFirst);
  const headersSecond = await client.getRequestHeaders();
  console.log(headersSecond);
}
authTest();

{
  Authorization: 'Bearer xxxx',
  'x-goog-user-project': 'MY_PROJECT_ID'
}
{
  Authorization: 'Bearer xxxx'
}

As a result, I got the following error in second request.

    7 PERMISSION_DENIED: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the datacatalog.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/.

Any help would be appreciated.
@yoshi-automation yoshi-automation added the triage me I really want to be triaged. label Jan 14, 2021
@sofisl
Copy link
Contributor

sofisl commented Jan 14, 2021

Hi @hideto0710,

Do you have a service account that you could use to test out this solution? If not, you can login to your console through APIs & Services>Credentials>Create Credentials>Service Account.

Then, instead of running gcloud auth application-default set-quota-project MY_PROJECT_ID, try the following:

  1. gcloud auth activate-service-account <service-account-email> --key-file=<path-to-JSON> where the service account email can be found in the JSON file for your service account credentials, and the path to your JSON file is just the path to wherever you downloaded your service account credentials.
  2. gcloud config set account <your-project-name>

Then give your code a try!

@sofisl sofisl added the needs more info This issue needs more information from the customer to proceed. label Jan 14, 2021
@hideto0710
Copy link
Contributor Author

Thanks for your reply!

Do you have a service account that you could use to test out this solution?

Yes, for now I use service account credential.
But I want to use end user ADC because I am developing CLI tool, and downloading service account credential per user is insecure I think.

Python SDK supports quota_project_id option. Also golang SDK.
Is there any way to configure quota project explicitly?

@sofisl sofisl added the type: question Request for information or clarification. Not an issue. label Jan 15, 2021
@yoshi-automation yoshi-automation removed the triage me I really want to be triaged. label Jan 15, 2021
@hideto0710
Copy link
Contributor Author

I think we have to call addSharedMetadataHeaders when isTokenExpiring is false.
hideto0710@699282f

I will try to write some tests.

@hideto0710 hideto0710 mentioned this issue Jan 17, 2021
Merged
4 tasks
@bcoe bcoe added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p2 Moderately-important priority. Fix may not be included in next release. and removed needs more info This issue needs more information from the customer to proceed. labels Jan 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sofisl sofisl

Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. type: question Request for information or clarification. Not an issue.
Projects
None yet
Milestone
No milestone
4 participants
@bcoe @hideto0710 @yoshi-automation @sofisl