libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [libcloud] pmezard opened a new issue #1438: GoogleStorageDriver does not handle service account HMAC credentials
Date Fri, 06 Mar 2020 17:26:46 GMT
pmezard opened a new issue #1438: GoogleStorageDriver does not handle service account HMAC
credentials
URL: https://github.com/apache/libcloud/issues/1438
 
 
   Hello,
   
   GoogleStorageDriver may use S3-compatibility layer credentials to connect to GCS. There
are at least two ways to generate such credentials:
   
   - As User Account HMAC keys. This is inconvenient for services configuration because it
ties access to the existence of a user account.
   - As Service Account HMAC keys. These should be used for long running services.
   
   Unfortunately, GoogleStorageDriver does not identify the second type correctly. The problematic
code is here:
   
     https://github.com/apache/libcloud/blob/trunk/libcloud/common/google.py#L615
   
   It checks the identifier starts with "GOOG" which is true in my case, but my identifier
is 61 characters long, way above the 30 characters check.
   
   Callers may force the driver to identify the credentials as GCS_S3, but it requires some
digging in the class hierarchy. You need to:
   
   - Override `_ex_connection_class_kwargs` to return `{"auth_type": "GCS_S3"}`, to pass it
to connectionCls. But this is not enough.
   - Pass `auth_type="GCS_S3"` to GoogleStorageDriver so that jsonConnectionCls is correctly
instantiate.
   
   I find the need for both fix a little weird, I would have expected the first one to be
enough, but I do not know libcloud internals to have a relevant opinion.
   
   I would just drop the max length check.
   
   Thanks.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message