libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pquentin <>
Subject [GitHub] libcloud pull request #921: google: Prevent GCE auth to hide S3 auth
Date Mon, 24 Oct 2016 07:09:46 GMT
GitHub user pquentin opened a pull request:

    google: Prevent GCE auth to hide S3 auth

    ## Prevent GCE auth to hide S3 auth
    ### Description
    We currently authenticate to Google Cloud Storage using Amazon S3 compatibility auth.
Our code runs in Kubernetes on Google Container Engine. We tried to upgrade libcloud recently
but 3849f65 from @crunk1 prevented us to authenticate. (Interestingly, it's also the commit
that made us want to upgrade, since we eventually want to use service accounts.)
    The issue happened for two reasons:
     * `GoogleAuthType._is_gce()` always returns True when the code is run on the Google Container
Engine, regardless of the authentication provided (which makes the issue impossible to reproduce
in a local Docker environment)
     * `GoogleAuthType._is_gcs_s3()` is always checked *after* `_is_gce()`, so it could not
be used on Google Container Engine
    This pull request simply changes the order to give S3 higher priority. Note that Installed
Applications auth has lower priority still, because it's the default auth when everything
else fails. That's OK because I guess it's not possible on GCE. Still, I think the documentation
should recommend to always specify the auth type, because explicit is better than implicit
and it helps to avoid unclear errors.
    ### done, ready for review
    ### Checklist (tick everything that applies)
    - [x] [Code linting](
(required, can be done after the PR checks)
    - [x] [Tests](

You can merge this pull request into a Git repository by running:

    $ git pull trunk

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #921
commit b7694bf145f6cd8d8827070866ffc4b0ad2d6705
Author: Quentin Pradet <>
Date:   2016-10-21T12:46:11Z

    google: Prevent GCE auth to hide S3 auth
    GoogleAuthType._is_gce() is going to return True on any GCE instance,
    but if there are S3 credentials, they should be used.


If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message