You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by pquentin <gi...@git.apache.org> on 2016/10/24 07:09:46 UTC
[GitHub] libcloud pull request #921: google: Prevent GCE auth to hide S3 auth
GitHub user pquentin opened a pull request:
https://github.com/apache/libcloud/pull/921
google: Prevent GCE auth to hide S3 auth
## Prevent GCE auth to hide S3 auth
### Description
We currently authenticate to Google Cloud Storage using Amazon S3 compatibility auth. Our code runs in Kubernetes on Google Container Engine. We tried to upgrade libcloud recently but 3849f65 from @crunk1 prevented us to authenticate. (Interestingly, it's also the commit that made us want to upgrade, since we eventually want to use service accounts.)
The issue happened for two reasons:
* `GoogleAuthType._is_gce()` always returns True when the code is run on the Google Container Engine, regardless of the authentication provided (which makes the issue impossible to reproduce in a local Docker environment)
* `GoogleAuthType._is_gcs_s3()` is always checked *after* `_is_gce()`, so it could not be used on Google Container Engine
This pull request simply changes the order to give S3 higher priority. Note that Installed Applications auth has lower priority still, because it's the default auth when everything else fails. That's OK because I guess it's not possible on GCE. Still, I think the documentation should recommend to always specify the auth type, because explicit is better than implicit and it helps to avoid unclear errors.
### done, ready for review
### Checklist (tick everything that applies)
- [x] [Code linting](http://libcloud.readthedocs.org/en/latest/development.html#code-style-guide) (required, can be done after the PR checks)
- [x] [Tests](http://libcloud.readthedocs.org/en/latest/testing.html)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/pquentin/libcloud trunk
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/libcloud/pull/921.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #921
----
commit b7694bf145f6cd8d8827070866ffc4b0ad2d6705
Author: Quentin Pradet <qu...@clustree.com>
Date: 2016-10-21T12:46:11Z
google: Prevent GCE auth to hide S3 auth
GoogleAuthType._is_gce() is going to return True on any GCE instance,
but if there are S3 credentials, they should be used.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] libcloud pull request #921: google: Prevent GCE auth to hide S3 auth
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/libcloud/pull/921
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---