-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication fails with a service account token #143
Comments
This does not immediately look like a gargle problem to me. It seems to be finding the token, recognizing it as a service account token, and sending that all off to httr as it should. FWIW I'm using several service account tokens locally and in CI and all is well. How persistent and reproducible is this? Do you have other service account tokens and are they working? Do you use service tokens in other context (so not this particular container)? |
Hi Jenny, sorry for the somewhat false alarm. I finally figured out what the problem is and it's been a hell of a ride. So I was executing the code inside a docker container on Windows and I am using the WSL2 docker backend. The WSL2 has this stupid behavior where its system clock can fall out of sync microsoft/WSL#4677. It looks like when this clock offset gets too big, authentication stops working. I assume it has to do with the expiry time that you submit with the request for a token or something. I don't know. Anyway restarting WSL2 fixes the problem for me. What a nasty nasty bug! |
Ah, we have seen that before then: #111 |
Docker has deployed a few fixes for this one (docker/for-win#4526), but unfortunately it keeps sticking 😩 It really is a difficult one! Looks like it affects both Hyper-V backend and WSL2 (probably because the WSL2 backend still uses parts of Hyper-V). I'd normally be happy to put in the PR, but I probably can't promise anything until I get my own package back on its legs 😅 |
@pofl Other current workarounds include:
|
I did eventually get to submitting a PR (#154) to document this! Sorry it took so long! 😅 |
No need to reopen this, just wanted to note that WSL2 is exhibiting this behaviour again, so you might see more reports of this from Windows users! |
This still worked yesterday. It might be that the error is new in 0.5.0
I have put a service account token in the location at $CLOUDSDK_CONFIG
I run this code in a container
The text was updated successfully, but these errors were encountered: