Closed GoogleCodeExporter closed 9 years ago
Thanks for the report.
Changing the set of scopes is not officially supported, though if you want to
do so you can edit the list in
google-cloud-sdk/lib/google/cloud/sdk/core/config.py.
Additionally, we have moved forward in versions - please upgrade to the latest
Google Cloud SDK, which uses the gcloud command line tool in place of gauth.
The auth system has been significantly upgraded after the version you're using.
Original comment by jasm...@google.com
on 13 Nov 2013 at 2:35
[deleted comment]
Thank you for your reply.
The new version seems better indeed,
The default scopes are more then enough, and include CloudSQL.admin which was
most needed.
Still, there is a problem with the credentials file-
Using gcloud to auth generates files in ~/.config/gcloud .
Running gcutil after such auth works.
Using gcutil after auth, with the --credentials_file=somehere/credentials.txt
switch prompts for another browser auth process.
If gcloud auth was not performed it prompts the user to run gcloud auth.
After the gcutil --credentials_file auth, if the ~/.config/gcloud folder is
deleted, gcutil does not accept the credentials file alone.
Is there a way to specify credentials store path in gcloud (as there was one in
gauth, though not so functional)?
I need a way to perform auth, then transfer the credentials to another machine
and for it to perform actions using gcutil without repeating auth process.
Thank you,
Dror.
Original comment by dro...@zend.com
on 14 Nov 2013 at 10:22
Oh, and gcloud is not installed on GCE Debian instances. all they have is
gcutil version 1.8.3, which does not accept any of the credentials generated by
gcloud.
Original comment by dro...@zend.com
on 14 Nov 2013 at 10:59
Thanks for the follow-up.
When using the Cloud SDK, it is (intentionally) very difficult to do auth by
any other mechanism.
Transferring a specific credentials from one machine to another is not a
use-case we've designed for, however it is a reasonable one and I'm going to
add it to our internal feature tracker. Stay tuned.
In the meantime, the credentials that gcutil needs are available, but hidden in
~/.config/gcloud/legacy_credentials/YOUR_EMAIL/multistore.json.
In fact, the version of gcutil that you get with the Cloud SDK is a wrapper
script that calls the "real" version of gcutil with --credentials_file pointing
at the multistore.json for the active account.
If you copy this file to the GCE machine, and run gcutil with
--credentials_file=/path/to/multistore.json, things should work as expected.
Now, that's how you can do what you intended. However, did you know that
gcutil, when running on a GCE machine, does not need to be provided any
credentials file at all? Details are available at
https://developers.google.com/compute/docs/authentication where it talks about
"service accounts".
Original comment by jasm...@google.com
on 14 Nov 2013 at 3:01
Regarding cloudsdk and gce, getting the cloudsdk available on compute vms is a
near-term TODO, but it hasn't happened yet. This makes for a bit of impedance
when using gcutil via the cloudsdk and when using gcutil on a vm, but it will
go away soon, hopefully.
Original comment by jasm...@google.com
on 14 Nov 2013 at 3:06
Original issue reported on code.google.com by
dro...@zend.com
on 13 Nov 2013 at 12:17