Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-625

GCE: When used on a GCE instance, auth should use metadata tokens

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Compute
    • Labels:
      None
    • Environment:

      Google Compute Engine

      Description

      Currently, the GCE driver only supports authorization from a perspective that code is executed "outside" of the GCE environment. However, if code is executed on an instance running "inside" GCE, it is possible to handle authorization with GCE's internal metadata service for an access token.

      When an instance is created with appropriate service account scopes, this access token can be used to provide authorization to access the corresponding Google Cloud services.

      https://cloud.google.com/compute/docs/authentication

        Activity

        Hide
        githubbot ASF GitHub Bot added a comment -

        GitHub user erjohnso opened a pull request:

        https://github.com/apache/libcloud/pull/376

        LIBCLOUD-625: Allow for internal GCE authorization with metadata service

        This PR provides support for authorizing requests from within GCE directly by pulling an authorization token out of GCE's internal metadata services. This greatly simplifies using libcloud inside GCE since it does not require the user to copy around private auth files. The only parameter required for this method is the user's Project ID. See the included docs for a sample use-case.

        This PR also attempts to address https://issues.apache.org/jira/browse/LIBCLOUD-607 by appending the Project ID to the cached credential file.

        You can merge this pull request into a Git repository by running:

        $ git pull https://github.com/erjohnso/libcloud LIBCLOUD-625_gce_auth_internal

        Alternatively you can review and apply these changes as the patch at:

        https://github.com/apache/libcloud/pull/376.patch

        To close this pull request, make a commit to your master/trunk branch
        with (at least) the following in the commit message:

        This closes #376


        commit 0e024f4759f558483340d9548cff827052fc803f
        Author: Eric Johnson <erjohnso@google.com>
        Date: 2014-10-18T02:17:00Z

        LIBCLOUD-625: Allow for internal GCE authorization with metadata service


        Show
        githubbot ASF GitHub Bot added a comment - GitHub user erjohnso opened a pull request: https://github.com/apache/libcloud/pull/376 LIBCLOUD-625 : Allow for internal GCE authorization with metadata service This PR provides support for authorizing requests from within GCE directly by pulling an authorization token out of GCE's internal metadata services. This greatly simplifies using libcloud inside GCE since it does not require the user to copy around private auth files. The only parameter required for this method is the user's Project ID. See the included docs for a sample use-case. This PR also attempts to address https://issues.apache.org/jira/browse/LIBCLOUD-607 by appending the Project ID to the cached credential file. You can merge this pull request into a Git repository by running: $ git pull https://github.com/erjohnso/libcloud LIBCLOUD-625 _gce_auth_internal Alternatively you can review and apply these changes as the patch at: https://github.com/apache/libcloud/pull/376.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #376 commit 0e024f4759f558483340d9548cff827052fc803f Author: Eric Johnson <erjohnso@google.com> Date: 2014-10-18T02:17:00Z LIBCLOUD-625 : Allow for internal GCE authorization with metadata service
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 91a9be4282485d484a7d1f3b9749db86f442c4f4 in libcloud's branch refs/heads/trunk from Tomaz Muraus
        [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=91a9be4 ]

        Merge branch 'trunk' into LIBCLOUD-625_gce_auth_internal

        Closes #376

        Show
        jira-bot ASF subversion and git services added a comment - Commit 91a9be4282485d484a7d1f3b9749db86f442c4f4 in libcloud's branch refs/heads/trunk from Tomaz Muraus [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=91a9be4 ] Merge branch 'trunk' into LIBCLOUD-625 _gce_auth_internal Closes #376
        Hide
        githubbot ASF GitHub Bot added a comment -

        Github user asfgit closed the pull request at:

        https://github.com/apache/libcloud/pull/376

        Show
        githubbot ASF GitHub Bot added a comment - Github user asfgit closed the pull request at: https://github.com/apache/libcloud/pull/376
        Hide
        erjohnso Eric Johnson added a comment -

        Fixed in 1.16.0

        Show
        erjohnso Eric Johnson added a comment - Fixed in 1.16.0
        Hide
        githubbot ASF GitHub Bot added a comment -

        GitHub user erjohnso opened a pull request:

        https://github.com/apache/libcloud/pull/379

        GCE: fix GCE internal auth

        @Kami - Very sorry, but I think with the merge trouble we were having on LIBCLOUD-625[1], I must have goofed on one of conflicts. This minor change fixes LIBCLOUD-625.

        [1] https://github.com/apache/libcloud/commit/20d977075117f05a0d8cd8ceb91c4dfcd93a7766

        You can merge this pull request into a Git repository by running:

        $ git pull https://github.com/erjohnso/libcloud GCE_auth_fix

        Alternatively you can review and apply these changes as the patch at:

        https://github.com/apache/libcloud/pull/379.patch

        To close this pull request, make a commit to your master/trunk branch
        with (at least) the following in the commit message:

        This closes #379


        commit f4c1396b4632acafba8f7bc6ab7d083dfbfe11e9
        Author: Eric Johnson <erjohnso@google.com>
        Date: 2014-10-27T18:53:29Z

        GCE: fix GCE internal auth


        Show
        githubbot ASF GitHub Bot added a comment - GitHub user erjohnso opened a pull request: https://github.com/apache/libcloud/pull/379 GCE: fix GCE internal auth @Kami - Very sorry, but I think with the merge trouble we were having on LIBCLOUD-625 [1] , I must have goofed on one of conflicts. This minor change fixes LIBCLOUD-625 . [1] https://github.com/apache/libcloud/commit/20d977075117f05a0d8cd8ceb91c4dfcd93a7766 You can merge this pull request into a Git repository by running: $ git pull https://github.com/erjohnso/libcloud GCE_auth_fix Alternatively you can review and apply these changes as the patch at: https://github.com/apache/libcloud/pull/379.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #379 commit f4c1396b4632acafba8f7bc6ab7d083dfbfe11e9 Author: Eric Johnson <erjohnso@google.com> Date: 2014-10-27T18:53:29Z GCE: fix GCE internal auth
        Hide
        githubbot ASF GitHub Bot added a comment -

        Github user erjohnso closed the pull request at:

        https://github.com/apache/libcloud/pull/379

        Show
        githubbot ASF GitHub Bot added a comment - Github user erjohnso closed the pull request at: https://github.com/apache/libcloud/pull/379

          People

          • Assignee:
            Unassigned
            Reporter:
            erjohnso Eric Johnson
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development