Add scope to oauth token for gcs backup storage client#4433
Merged
derekperkins merged 1 commit intovitessio:masterfrom Dec 8, 2018
Merged
Add scope to oauth token for gcs backup storage client#4433derekperkins merged 1 commit intovitessio:masterfrom
derekperkins merged 1 commit intovitessio:masterfrom
Conversation
Signed-off-by: Michael Hebelka <michael.hebelka@sharpspring.com>
derekperkins
approved these changes
Dec 8, 2018
Member
derekperkins
left a comment
derekperkins
left a comment
There was a problem hiding this comment.
LGTM. I'd really like to see the cloud.google.com/go libraries updated since they're two years old at this point, but we can handle that in a separate PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
storage.ScopeFullControlis the default scope forstorage.NewClient, but theoption.WithHTTPClientoption appears to get rid of that, as we experience an"Empty or missing scope not allowed."error when attempting to use service account credentials.The error is reproducible thusly: https://gist.github.com/Santiclause/52029d7cbc9e8e0236fb023c3945ac40
Using
GOOGLE_APPLICATION_CREDENTIALS=creds.json ./bucket-test <bucket>yields the same error, and this fix fixes it.It's possible that just removing the
WithHTTPClientoption is preferable, but I don't know enough about the decision to include it to chime in one way or the other.Other possibility that merits figuring out: whether this option would somehow break using an oauth token as
GOOGLE_APPLICATION_CREDENTIALSinstead of service account creds.