Open rojomisin opened 11 months ago
Hi.
Thank you for the quality of that issue.
You can use authorized user or service account json. Those methods work on CI and local box for instance.
According to gcp doc, it seems that your aws ec2 is running out of gcp.
This is why the Google Metadata api is not available (ec2 is on aws).
Actually, gcp Metadata api, authorized user and service account auth are available. So do not use the -u
flag instead use the env var
GOOGLE_APPLICATION_CREDENTIALS=./credentials.json
To create the credentials.json file, you can follow this setup: https://github.com/cboudereau/gcs-rsync/tree/main/src/gcp/oauth2
In my previous experience, we were using vault or secret manager.
I am gonna check how to use the oauth external_account (from your json files) to plan a new oauth integration in the future.
I'm running gcs-rsync from an ec2 instance which auth's w/ gcp via workload identity.
How would I set the GOOGLE_CLIENT_ID or client_id?
gcs-rsync -u gs://bucket-name/file.test /tmp
gcs-rsync -u gs://bucket-name/file.test /tmp
gcs-rsync -u gs://bucket-name/file.test /tmp
cat credentials.json