Closed Aare07 closed 6 months ago
emuell
commented
6 months ago I'm not currently using Google Cloud Storage, but will try to set it up for testing later.
Using //backup-hr-pc-giga2020 as bucket looks fishy to me. I think restic expects a path here, not a URI.
Have you tried using backup-hr-pc-giga2020 or backup-hr-pc-giga2020\ as bucket instead?
How exactly did you create the repository? Can you access it via restic snapshots gs://backup-hr-pc-giga2020 from the terminal?
Aare07
commented
6 months ago I can access the bucket with restic to write and read. Here i use the authentication with JSON credentials file. This option in restic browser would be easy to me: download JSON from Google serviceaccount, stick restic browser to the file or use the ENV from restic. (in another issue you have asked which authentication you schould chose, for me, the JSON credentials file is the easiest and works perfect with restic)
I tried the different writings of the bucket repository, unfortunately no one worked...
My ENV with working restic access in Powershell: $Env:GOOGLE_PROJECT_ID="backup-hr" $Env:GOOGLE_APPLICATION_CREDENTIALS="C:\xyz\restic\backup-hr-xyz.json" $Env:RESTIC_REPOSITORY="gs:backup-hr-pc-giga2020:/pc-giga2020" $Env:RESTIC_PASSWORD_FILE="C:\xyz\restic\restic.pw.txt"
To get the token for the defined Google Cloud serviceaccount of the bucket:
I installend the SDK https://cloud.google.com/sdk/docs/install
Overall i used this howto https://saturncloud.io/blog/how-to-get-an-access-token-from-google-cloud/
As im not an programmer, i can not test the the Google Cloud bucket acces with the token. At this point, i think my "token thing" is not correct. But to test this, i need help, as the access-tests i found are done in programming languages or Linux.... Greetings
emuell
commented
6 months ago I just checked and using an API token instead of GOOGLE_PROJECT_ID and GOOGLE_APPLICATION_CREDENTIALS was indeed a bad idea because they are designed to be short lived. I'll try to change that in an upcoming update and get rid of the token in favour of the project id and application credentials.
Either way, the bucket in the restic browser should then be backup-hr-pc-giga2020:/pc-giga2020 and not //backup-hr-pc-giga2020.
Aare07
commented
6 months ago Thank you. One thing to mention: my restic has only acces to the bucket via an serviceuser, no rights to te project itself (for restic init the "storage object admin" and later on for backup, ls and restore the "storage object user" rights). The idea: encript trojans with cloud / restic knowledge can only access the bucket, not the project. The bucket itself is protected by: Protection = Soft delete policy = 30 days)
Im glad to test the new version as an end user, dummy user :)
emuell
commented
6 months ago Does this work for you: https://github.com/emuell/restic-browser/pull/101 ?
Builds are here: https://github.com/emuell/restic-browser/actions/runs/8249221204
Aare07
commented
6 months ago Thank you so much Works perfect 👍
Aare07
commented
6 months ago Fixed with the new Google Cloud Auth. Works with these settings:
emuell
commented
6 months ago Thanks for checking!
First, thank you for your effort and your work. Im not anble to connect to an repository on the Google Cloud. What i did: Setup an Bucket and run restic to backup -> works Created with the SDK an Access Token -> in my opinion successful. When i try to open the repository with the Google token and the repository Password there comes: Failed to open repository: Fatal: parsing repository location failsed: gs:invalid format: bucket name or path not found See the full error message and URI in attachement
My Bucket name is: gs://backup-hr-pc-giga2020
And on the way: Is there an wiki, forum or aditional doku? As the Google Token creation is for windows users not that straightforward i would document this step by step, if appreciated.
Thanks for any help. Greetings Aare