-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Have gsutil verify google access key and secret provided to gsutil config -a
#386
Comments
The original message is working as intended; The challenge here is that So perhaps we could improve the error message that you saw? What about it did you find confusing? |
Oh alright. I guess we'd better update our README then! (PerfKitBenchmarker) The error messages could be improved on our end - you're right. (Something like "Please check gs_access_key_id and gs_secret_access_key in your .boto file."). And something like "~/.boto file not found. Did you run |
I was referring to improving gsutil's error messages - were those confusing? Ensuring you copied credentials properly is challenging for the reasons I previously described. That being said, I'm open to suggestions there if you have any. |
Closing this out - please reopen if you have suggestions as to how to improve gsutil's error message. |
GS Python Library Documentation here https://cloud.google.com/storage/docs/xml-api/gspythonlibrary#credentials says :
But following that results in error:
Either the documentation is wrong or I'm wrong. :( Just how many authentication options are there, I'm really confused. Googling the problem only leads to this page, which I'm not sure whether it's correct or not. I've tried gsutil config -n as in the above comments, but running my app still:
When I open the (generic)
So one documentation says you have to configure I'm not the only one confused : https://stackoverflow.com/questions/38398066/gsutil-config-a-which-key-to-use |
At last, it works. Thanks to: https://stackoverflow.com/a/38399516/122441 , if someone gets here because same fate as me, here's how:
Why these two simple steps are not available in the docs is beyond me ... |
Also, it looks like you're using a gsutil installation that came packaged with gcloud. I also assume you're not using the latest version (4.27), as the error message improved in the last release (see e43b040). To generate a boto file that uses p12 credentials, you can run On that note, you may want to create your boto file somewhere other than the default location (~/.boto), as gsutil will try to pull in your auth methods from this file in addition to the OAuth2 configuration gcloud sends. If you already have gsutil set up to use OAuth2 user credentials via running
This can be avoided by just using HMAC credentials as you mentioned above, OR: ...also, point taken - the docs should be updated to point all this stuff out. |
Thanks for the explanation. Honestly it feels like a crash lesson in cryptography. IMHO the beginner quickstart should just let the developer use HMAC in 2 simple steps (without even downloading gsutil!), but also put "If you want more advanced authentication mechanism, read on..." |
TLDR it'd be nice if
gsutil config -a
would verify the google access key and secret before writing them to the .boto file.gsutil config
gave me the following error message even though I had already authenticated usinggcloud auth login
. (somewhat unrelated, perhaps I should open a separate issue?)CommandException: OAuth2 is the preferred authentication mechanism with the Cloud SDK. Run "gcloud auth login" to configure authentication, unless you want to authenticate with an HMAC access key and secret, in which case run "gsutil config -a".
Anyway, I was able to work around it with
gsutil config -a
. I copied and pasted my credentials from the browser and proceeded to configure my .boto file. Then I tried to run some code that made use ofgsutil
and got some cryptic error messages about authentication. It took me a while to figure it out, but it turns out I accidentally copied a little more than just the google secret key from the browser so there was some garbage at the end ofgs_secret_access_key
.The text was updated successfully, but these errors were encountered: