-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ubuntu can't download public gcs file when created in daisy #622
Comments
If I add the scopes (with the code below) in the daisy workflow it works.
But when creating the instance in gcloud using |
I have a feeling this may be a bug in gcloud, would have to do some digging, you can check the instance after its created to see if --no-scopes actually works. That workflow looks like its working correctly, what you have there will create an instance with no scopes, maybe try the UI as well? |
@adjackura when using gcloud with |
Can you give me the startup-script metadata value for the daisy instance and the gcloud instance, I think this is a bug with the guest environment that has since been fixed. |
@adjackura you can use the same as the example above: |
I meant is there a difference when you start the instance? Does gcloud compute instances describe show any differences with metadata. |
I don't think is the difference in the metadata, but one interesting thing is that daisy adds a service account even if no scopes are provided, which doesn't happen with gcloud, even if I provide If I comment out this line (populateScopes) it works on Daisy: https://github.com/GoogleCloudPlatform/compute-image-tools/blob/master/daisy/instance.go#L111 I am still digging into the code, but I see that i.Scopes here is not nil, but i.ServiceAccounts is nil so it gets the default SA in the if statement. Full instance description: Daisy: https://paste.ee/p/kltg4, gcloud: https://paste.ee/p/y1voA |
Daisy adds default service account which doesn't seem to work well when no scopes are set. If no scopes are set but a service account is set, the instance can't read public gcs files. Fixes GoogleCloudPlatform#622
Adding an empty ServiceAccounts in the workflow fixes the bug [1]. But I was wondering if the best solution wouldn't be to check if i.Scopes is an empty list in this line [2].
@adjackura what do you think? [1] https://github.com/GoogleCloudPlatform/compute-image-tools/compare/master...collabora-gce:fix-metadata-script-test?expand=1 |
Daisy adds default service account which doesn't seem to work well when no scopes are set. If no scopes are set but a service account is set, the instance can't read public gcs files. Fixes GoogleCloudPlatform#622
Daisy adds default service account which doesn't seem to work well when no scopes are set. If no scopes are set but a service account is set, the instance can't read public gcs files. Fixes #622
Fix typo in key server terraform smoke test tab.
Hello,
I get the following error when executing this simple workflow: https://paste.ee/p/HFEoD
But I don't have this issue when I use gcloud with
--no-scopes
and--no-service-account
:where the file startup_file_public.ps1 is public.
I am not entirely sure what is the difference between the instances created by daisy and gcloud, I am still investigating, please let me know if you have already seen this before.
Thanks
The text was updated successfully, but these errors were encountered: