Service account credentials, python site packages and PyOpenSSL

[GoogleCodeExporter]

What is the output of 'gcloud version'?
Google Cloud SDK 0.9.27

bq 2.0.18
bq-nix 2.0.18
compute 2014.06.17
core 2014.07.09
core-nix 2014.06.17
dns 2014.04.30
gcutil 1.16.2
gcutil-nix 1.16.1
gsutil 4.3
gsutil-nix 4.3
sql 2014.06.17

Please provide any additional information below.

I tried to configure a service account to use with cloud apis, so I used:
gcloud auth activate-service-account

activate_service_account.py checks for client.HAS_CRYPTO and suggests to use 
CLOUDSDK_PYTHON_SITEPACKAGES=1
Setting that environment variable solves the problem, and the configuration is 
saved.

However, when I try to use a tool like bq or run 'gcloud auth list', I am told 
that there are no credentials for my account.

After some frustration and debugging I found out that the root cause is that 
ouath2client.client does not have SignedJwtAssertionCredentials defined when 
HAS_CRYPTO is false.
This causes oauth2client.client.Credentials.new_from_json to fail and throw an 
exception, which is somehow silenced.
The result is that even though the credentials were saved properly, they cannot 
be read back and the user is only told that there are not credentials.

I'm not sure how this should be solved in terms of configuration. I solved the 
problem by running bq with CLOUDSDK_PYTHON_SITEPACKAGES=1

A good place to start would be to provide a better warning, like then one 
printed when "activate-service-account" is ran.

Original issue reported on code.google.com by bon...@gmail.com on 15 Jul 2014 at 11:20

[GoogleCodeExporter]

Original comment by rdayal@google.com on 27 Aug 2014 at 1:38

• Changed state: Accepted