We have an application using gogol running inside a GCE instance, using getApplicationDefault for obtaining the credentials. Recently, it falsely assumed that it was not running on GCE and failed with a MissingFileError "/home/.../.config/gcloud/application_default_credentials.json". Since we were relying on the instance-based authentication with the associated service account, that credential file is supposed to be missing.
It seems that the GCE detection works by sending a request to metadata.google.internal with a hard-coded timeout of 1 second. Our suspicion is that this request took longer than a second once due to a temporary network fluke. (As this was the only time it happened so far in more than two months of running this application.)
This could be alleviated by implementing one or more of the following ideas
having a way of configuring the timeout,
adding a possibility for forcing this check to return True (similar to the existing way of forcing it to False by using the NO_GCE_CHECK environment variable),
adding a constant for FromMetadata "default" which is the Credentials value used in the case when it's running on GCE, or
documenting that getApplicationDefault may unexpectedly fail
We have an application using
gogol
running inside a GCE instance, usinggetApplicationDefault
for obtaining the credentials. Recently, it falsely assumed that it was not running on GCE and failed with aMissingFileError "/home/.../.config/gcloud/application_default_credentials.json"
. Since we were relying on the instance-based authentication with the associated service account, that credential file is supposed to be missing.It seems that the GCE detection works by sending a request to
metadata.google.internal
with a hard-coded timeout of 1 second. Our suspicion is that this request took longer than a second once due to a temporary network fluke. (As this was the only time it happened so far in more than two months of running this application.)This could be alleviated by implementing one or more of the following ideas
True
(similar to the existing way of forcing it toFalse
by using theNO_GCE_CHECK
environment variable),FromMetadata "default"
which is theCredentials
value used in the case when it's running on GCE, orgetApplicationDefault
may unexpectedly fail