elefeint
commented
3 years ago @lechen26 Does the secret get rotated? Or is it always the same key?
You may want to open a support case for this; it looks more likely to be environmental.
Closed lechen26 closed 3 years ago
elefeint
commented
3 years ago @lechen26 Does the secret get rotated? Or is it always the same key?
You may want to open a support case for this; it looks more likely to be environmental.
dzou
commented
3 years ago Looking at https://stackoverflow.com/questions/62798809/upload-file-to-google-cloud-storage-java
It seems like Google Cloud Storage APIs use OAuth2 JWT token authentication. I'm not too familiar with how this works but I know that every token has an expire time, and they are time-sensitive, so my guess is somehow the token you were trying to use expired. The client library should handle this authentication seamlessly behind the scenes though. Apparently it is possible to run into issues if your machine's clock is not correct too.
ttomsu
commented
3 years ago @lechen26 - does that stackoverflow post sound like anything related to your situation?
I agree with @elefeint that this sounds environmental, and likely not related to any code in Spring Cloud GCP (though I could be wrong here). I'll keep this under the 'awaiting' label for the next two weeks (note to self: revisit on 2021-02-19) and close if we can't reproduce the issue.
Hi
we are using google service account to reach google cloud storage APi. the google service account key injected to the k8s pod using a secret. (env=GCP_BUCKET_CREDENTIALS_ENCODED_KEY)
recently we started to see the following error when trying to use the API that used the GCS:
google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT Signature.', '{"error":"invalid_grant","error_description":"Invalid JWT Signature."}')the thing is:
what am i missing? 10x CL