search

GoogleCloudPlatform / gcsfuse

A user-space file system for interacting with Google Cloud Storage
https://cloud.google.com/storage/docs/gcs-fuse
Apache License 2.0
2.05k stars 426 forks source link

GetTokenSource: newTokenSourceFromPath: JWTConfigFromJSON: google: read JWT from JSON credentials: 'type' field is "authorized_user" (expected "service_account") #852

Closed rubber-ant closed 1 year ago

rubber-ant commented 1 year ago

Ref: https://github.com/GoogleCloudPlatform/gcsfuse/issues/320

sudo gcsfuse      --foreground  --log-format text --debug_fuse --debug_fs --debug_gcs --debug_mutex  --key-file '/home/bobb/.config/gcloud/application_default_credentials.json'   bob_bucket_test  /mnt/bucket/bob_bucket_test
2022/11/22 14:34:04.126354 Start gcsfuse/0.41.8 (Go version go1.18.4) for app "" using mount point: /mnt/bucket/bob_bucket_test
2022/11/22 14:34:04.126427 Opening GCS connection...
2022/11/22 14:34:04.126655 Waiting for connection: GetTokenSource: newTokenSourceFromPath: JWTConfigFromJSON: google: read JWT from JSON credentials: 'type' field is "authorized_user" (expected "service_account")
2022/11/22 14:34:05.127023 Waiting for connection: GetTokenSource: newTokenSourceFromPath: JWTConfigFromJSON: google: read JWT from JSON credentials: 'type' field is "authorized_user" (expected "service_account")
2022/11/22 14:34:06.627791 Waiting for connection: GetTokenSource: newTokenSourceFromPath: JWTConfigFromJSON: google: read JWT from JSON credentials: 'type' field is "authorized_user" (expected "service_account"

without --key-file, it can mount without issue

sudo gcsfuse      --foreground  --log-format text --debug_fuse --debug_fs --debug_gcs --debug_mutex    bob_bucket_test  /mnt/bucket/bob_bucket_test
2022/11/22 14:33:39.983916 Start gcsfuse/0.41.8 (Go version go1.18.4) for app "" using mount point: /mnt/bucket/bob_bucket_test
2022/11/22 14:33:39.983974 Opening GCS connection...
2022/11/22 14:33:39.986232 Creating a mount at "/mnt/bucket/bob_bucket_test"

WARNING: gcsfuse invoked as root. This will cause all files to be owned by
root. If this is not what you intended, invoke gcsfuse as the user that will
be interacting with the file system.
2022/11/22 14:33:39.986361 Creating a new server...
2022/11/22 14:33:39.986371 Set up root directory for bucket bob_bucket_test
2022/11/22 14:33:39.986379 OpenBucket("bob_bucket_test", "")
gcs: 2022/11/22 14:33:39.986391 Req              0x0: <- ListObjects("")
gcs: 2022/11/22 14:33:40.251912 Req              0x0: -> ListObjects("") (265.263858ms): OK
gcs: 2022/11/22 14:33:40.252045 Req              0x1: <- ListObjects("")
gcs: 2022/11/22 14:33:40.443017 Req              0x1: -> ListObjects("") (190.968526ms): OK
2022/11/22 14:33:40.444390 Mounting file system "bob_bucket_test"...
fuse_debug: 2022/11/22 14:33:40.444421 Beginning the mounting kickoff process
fuse_debug: 2022/11/22 14:33:40.444428 Parsing fuse file descriptor
fuse_debug: 2022/11/22 14:33:40.444441 Preparing for direct mounting
fuse_debug: 2022/11/22 14:33:40.444471 Successfully opened the /dev/fuse in blocking mode
fuse_debug: 2022/11/22 14:33:40.444491 Starting the unix mounting
fuse_debug: 2022/11/22 14:33:40.444762 Unix mounting completed successfully
fuse_debug: 2022/11/22 14:33:40.444775 Completed the mounting kickoff process
fuse_debug: 2022/11/22 14:33:40.444778 Creating a connection object
fuse_debug: 2022/11/22 14:33:40.444913 Op 0x00000002        connection.go:416] <- init
fuse_debug: 2022/11/22 14:33:40.444939 Op 0x00000002        connection.go:498] -> OK ()
fuse_debug: 2022/11/22 14:33:40.444960 Successfully created the connection
fuse_debug: 2022/11/22 14:33:40.444973 Waiting for mounting process to complete
2022/11/22 14:33:40.444980 File system has been successfully mounted.

I can see the object with bob user:

gsutil ls gs://bob_bucket_test/hello1.txt
gs://bob_bucket_test/hello1.txt

System (please complete the following information):

Tulsishah commented 1 year ago

Keyfile will work only for google service accounts. For authorized account Run 

gcloud auth application-default login

And then 

gcsfuse --foreground --log-format text --debug_fuse --debug_fs --debug_gcs --debug_mutex bob_bucket_test /mnt/bucket/bob_bucket_test
ipclaudio commented 1 year ago

@Tulsishah

Are you going to make this feature(keyfile) available for users in the future?

vadlakondaswetha commented 1 year ago

Key-file is only used for specifying service account credentials. Right now, there is no plan to support key-file for users. Other option to specify user credentials is via GOOGLE_APPLICATION_CREDENTIALS as mentioned here: https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/mounting.md#credentials

ipclaudio commented 1 year ago

Key-file is only used for specifying service account credentials. Right now, there is no plan to support key-file for users. Other option to specify user credentials is via GOOGLE_APPLICATION_CREDENTIALS as mentioned here: https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/mounting.md#credentials

specify via GOOGLE_APPLICATION_CREDENTIALS user or service account credentials?

Tulsishah commented 1 year ago

Google_application_credentials is for specifying user creds