Closed ajaydevtron closed 2 months ago
We have Devtron application and passing the GCP service account json file in build argument to authentication , In Previous build it was passing in correct format as below .
GOOGLE_APPLICATION_CREDENTIALS='{ "type": "service_account", "project_id": "test", "private_key_id": "test", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCgjb82Jf558cA0\nFvYnZdByw6BgczCqlk9qRSPoBA2hjX1kOFUoGCGr+\n-----END PRIVATE KEY-----\n", "client_email": "g-dd-@test.iam.gserviceaccount.com", "client_id": "test", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40data-dev-348311.iam.gserviceaccount.com" }'
Currently it is passing in wrong format as below which cause authentication fails
GOOGLE_APPLICATION_CREDENTIALS="'{\n \"type\": \"service_account\",\n \"project_id\": \"test\",\n \"private_key_id\": \"test\",\n \"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCgjb82Jf558cA0\\nFvYnZdByw6BgczCqlk9qRSPoBA2hjX1kOFUoGCGr+7A+sd6RWajuEJ4mr36EFhYU\\ntsIESJ9XEEQhGCGFgrkXHtPRoIaTf54lAruSAruBjEFfzEmONUdhb7ER8Nwatrni\\nbImh/PyYlvNk8yDCh\\n-----END PRIVATE KEY-----\\n\",\n \"client_email\": \"test@data-dev-348311.iam.gserviceaccount.com\",\n \"client_id\": \"109\",\n \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n \"token_uri\": \"https://oauth2.googleapis.com/token\",\n \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/test%40data-dev-348311.iam.gserviceaccount.com\"\n}'"
CD
Prod
Yes
None
Build is not able to happen on application
NA
It should pass the json data in build argument in same format as previous one
Due to this below step for authentication is failing . RUN gcloud auth activate-service-account --key-file=/app/service-account-file.json
1.30
Chrome
No response
AB#10119
Final Score: 200
tracking this issue[https://github.com/devtron-labs/devtron/issues/4611] here
๐ Description
We have Devtron application and passing the GCP service account json file in build argument to authentication , In Previous build it was passing in correct format as below .
Currently it is passing in wrong format as below which cause authentication fails
GOOGLE_APPLICATION_CREDENTIALS="'{\n \"type\": \"service_account\",\n \"project_id\": \"test\",\n \"private_key_id\": \"test\",\n \"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCgjb82Jf558cA0\\nFvYnZdByw6BgczCqlk9qRSPoBA2hjX1kOFUoGCGr+7A+sd6RWajuEJ4mr36EFhYU\\ntsIESJ9XEEQhGCGFgrkXHtPRoIaTf54lAruSAruBjEFfzEmONUdhb7ER8Nwatrni\\nbImh/PyYlvNk8yDCh\\n-----END PRIVATE KEY-----\\n\",\n \"client_email\": \"test@data-dev-348311.iam.gserviceaccount.com\",\n \"client_id\": \"109\",\n \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n \"token_uri\": \"https://oauth2.googleapis.com/token\",\n \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/test%40data-dev-348311.iam.gserviceaccount.com\"\n}'"
Affected areas
CD
Additional affected areas
CD
Prod/Non-prod environments?
Prod
Is User unblocked?
Yes
How was the user un-blocked?
None
Impact on Enterprise
Build is not able to happen on application
๐ Steps to replicate the Issue
NA
๐ Expected behavior
It should pass the json data in build argument in same format as previous one
๐ Actual Behavior
Due to this below step for authentication is failing . RUN gcloud auth activate-service-account --key-file=/app/service-account-file.json
โธ Kubernetes version
1.30
Cloud provider
๐ Browser
Chrome
โ Proposed Solution
No response
๐ Have you spent some time to check if this issue has been raised before?
๐ข Have you read the Code of Conduct?
AB#10119