-
Notifications
You must be signed in to change notification settings - Fork 74.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a hook to skip checking for GCE credentials.
Currently, when attempting to fetch an object from GCS, TF will attempt to detect the GCE metadata service, and (if available) use the metadata service for fetching auth tokens. However, in many environments (such as Colab), all attempts to reach the metadata service will fail by timing out. TF will valiantly retry, leading to a situation where calling `tf.io.gfile.exists('gs://some-public-bucket')` will take almost 700s (!) to finish all retries. Once these retries complete, we attempt the request with an empty bearer token, and the request succeeds. Once the request succeeds, TF sets an indefinite expiration time, meaning that an interactive user can't (say) call `gcloud auth` and try again. This change addresses this problem by adding a new hook for completely skipping the GCE credential fetch, in the form of the `$NO_GCE_CHECK` environment variable. This already exists in other Google auth libraries, eg the Java client: https://github.com/googleapis/google-auth-library-java/blob/999de3b11de320354a8ff80a8dc906723d708cf4/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L79 When set to any value (even the empty string), the google auth provider completely skips attempts to talk to the GCE metadata service. In addition, we don't set an indefinite expiration time in this case, so that future attempts to fetch credentials aren't skipped. Fixes #25463. (At least, provides the hook for Colab to use.) Offers one potential solution to #25464. PiperOrigin-RevId: 232800897
- Loading branch information
1 parent
dd1d9f6
commit a252fe8
Showing
3 changed files
with
52 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters