You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by GitBox <gi...@apache.org> on 2020/03/06 17:26:46 UTC
[GitHub] [libcloud] pmezard opened a new issue #1438: GoogleStorageDriver
does not handle service account HMAC credentials
pmezard opened a new issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438
Hello,
GoogleStorageDriver may use S3-compatibility layer credentials to connect to GCS. There are at least two ways to generate such credentials:
- As User Account HMAC keys. This is inconvenient for services configuration because it ties access to the existence of a user account.
- As Service Account HMAC keys. These should be used for long running services.
Unfortunately, GoogleStorageDriver does not identify the second type correctly. The problematic code is here:
https://github.com/apache/libcloud/blob/trunk/libcloud/common/google.py#L615
It checks the identifier starts with "GOOG" which is true in my case, but my identifier is 61 characters long, way above the 30 characters check.
Callers may force the driver to identify the credentials as GCS_S3, but it requires some digging in the class hierarchy. You need to:
- Override `_ex_connection_class_kwargs` to return `{"auth_type": "GCS_S3"}`, to pass it to connectionCls. But this is not enough.
- Pass `auth_type="GCS_S3"` to GoogleStorageDriver so that jsonConnectionCls is correctly instantiate.
I find the need for both fix a little weird, I would have expected the first one to be enough, but I do not know libcloud internals to have a relevant opinion.
I would just drop the max length check.
Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] MonsieurV commented on issue #1438: GoogleStorageDriver
does not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
MonsieurV commented on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-596093985
Yep, I also agree on dropping the length.
It made sense when we had a unique length for the keys - to ensure we were getting the right key format. Now that Google keeps updating the key length, it won't be maintainable as it. Checking the key prefix should be enough.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] MonsieurV commented on issue #1438: GoogleStorageDriver
does not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
MonsieurV commented on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-597027958
@Kami should be good :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] Kami commented on issue #1438: GoogleStorageDriver does
not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
Kami commented on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-597066045
Resolved via #1440.
Thanks again to everyone involved :+1:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] Kami commented on issue #1438: GoogleStorageDriver does
not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
Kami commented on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-596136074
@MonsieurV and if you get a chance to work it in the next couple of days, I'll also try to include in the upcoming v3.0.0 release.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] Kami closed issue #1438: GoogleStorageDriver does not
handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
Kami closed issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] Kami commented on issue #1438: GoogleStorageDriver does
not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
Kami commented on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-596135009
@MonsieurV Yeah, a PR with that change (+ tests) would be great.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] MonsieurV edited a comment on issue #1438:
GoogleStorageDriver does not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
MonsieurV edited a comment on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-596093985
Yep, I also agree on dropping the length.
It made sense when we had a unique length for the keys - to ensure we were getting the right key format. Now that Google keeps updating the key length, it won't be maintainable as it. Checking the key prefix should be enough.
Does you need a PR contribution for that?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] MonsieurV edited a comment on issue #1438:
GoogleStorageDriver does not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
MonsieurV edited a comment on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-596093985
Yep, I also agree on dropping the length.
It made sense when we had a unique length for the keys - to ensure we were getting the right key format. Now that Google keeps updating the key length, it won't be maintainable as it. Checking the key prefix should be enough.
Does you need a PR for that?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] pquentin commented on issue #1438: GoogleStorageDriver
does not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
pquentin commented on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-597064768
This issue can now be closed. Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] pquentin commented on issue #1438: GoogleStorageDriver
does not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
pquentin commented on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-596051446
The key length was [set to 20 in 2015](https://github.com/apache/libcloud/commit/3849f65fe5289f7d7160b7537afa930c7e2ea8a8) and [bumped to 20-30 in 2018](https://github.com/apache/libcloud/commit/9b9aae720d34698b6284f8b6800fd8ae569ecb82). I agree that dropping the length check altogether would be nice.
cc @crunk1 @MonsieurV @vdloo
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [libcloud] pquentin edited a comment on issue #1438:
GoogleStorageDriver does not handle service account HMAC credentials
Posted by GitBox <gi...@apache.org>.
pquentin edited a comment on issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
URL: https://github.com/apache/libcloud/issues/1438#issuecomment-596051446
The key length was [set to 20 in 2015](https://github.com/apache/libcloud/commit/3849f65fe5289f7d7160b7537afa930c7e2ea8a8) and [bumped to 20-30 in 2018](https://github.com/apache/libcloud/commit/9b9aae720d34698b6284f8b6800fd8ae569ecb82). I agree that dropping the length check altogether would be nice.
cc @crunk1 @erjohnso @MonsieurV @vdloo
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services