Ubuntu can't download public gcs file when created in daisy #622
Comments
|
If I add the scopes (with the code below) in the daisy workflow it works. But when creating the instance in gcloud using |
|
I have a feeling this may be a bug in gcloud, would have to do some digging, you can check the instance after its created to see if --no-scopes actually works. That workflow looks like its working correctly, what you have there will create an instance with no scopes, maybe try the UI as well? |
|
@adjackura when using gcloud with |
|
Can you give me the startup-script metadata value for the daisy instance and the gcloud instance, I think this is a bug with the guest environment that has since been fixed. |
|
@adjackura you can use the same as the example above: |
|
I meant is there a difference when you start the instance? Does gcloud compute instances describe show any differences with metadata. |
|
I don't think is the difference in the metadata, but one interesting thing is that daisy adds a service account even if no scopes are provided, which doesn't happen with gcloud, even if I provide If I comment out this line (populateScopes) it works on Daisy: https://github.com/GoogleCloudPlatform/compute-image-tools/blob/master/daisy/instance.go#L111 I am still digging into the code, but I see that i.Scopes here is not nil, but i.ServiceAccounts is nil so it gets the default SA in the if statement. Full instance description: Daisy: https://paste.ee/p/kltg4, gcloud: https://paste.ee/p/y1voA |
Daisy adds default service account which doesn't seem to work well when no scopes are set. If no scopes are set but a service account is set, the instance can't read public gcs files. Fixes GoogleCloudPlatform#622
|
Adding an empty ServiceAccounts in the workflow fixes the bug [1]. But I was wondering if the best solution wouldn't be to check if i.Scopes is an empty list in this line [2]. @adjackura what do you think? [1] https://github.com/GoogleCloudPlatform/compute-image-tools/compare/master...collabora-gce:fix-metadata-script-test?expand=1 |
Daisy adds default service account which doesn't seem to work well when no scopes are set. If no scopes are set but a service account is set, the instance can't read public gcs files. Fixes GoogleCloudPlatform#622
Daisy adds default service account which doesn't seem to work well when no scopes are set. If no scopes are set but a service account is set, the instance can't read public gcs files. Fixes #622
Fix typo in key server terraform smoke test tab.
Hello,
I get the following error when executing this simple workflow: https://paste.ee/p/HFEoD
But I don't have this issue when I use gcloud with
--no-scopesand--no-service-account:where the file startup_file_public.ps1 is public.
I am not entirely sure what is the difference between the instances created by daisy and gcloud, I am still investigating, please let me know if you have already seen this before.
Thanks
The text was updated successfully, but these errors were encountered: