I am trying to pull a package from Google's Artifact Registry following this documentation.
After the successful login helm pull fails with Error: failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden but sometimes it succeeds. I wasn't able to figure out how and why. Service account, which key I am using, has all required permissions.
Here is the full log (successful):
cat key.json | helm registry --debug login -u _json_key_base64 --password-stdin https://europe-west3-docker.pkg.dev/engineering-368717/helm-registry && helm pull --debug oci://europe-west3-docker.pkg.dev/engineering-368717/helm-registry/staging/email-service --version 0.1.0
Login Succeeded
DEBU[0000] resolving host=europe-west3-docker.pkg.dev
DEBU[0000] do request host=europe-west3-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=Helm/3.10.3 request.method=HEAD url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/0.1.0"
DEBU[0000] fetch response received host=europe-west3-docker.pkg.dev response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.content-length=102 response.header.content-type=application/json response.header.date="Fri, 20 Jan 2023 15:26:39 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.www-authenticate="Bearer realm=\"https://europe-west3-docker.pkg.dev/v2/token\",service=\"europe-west3-docker.pkg.dev\",scope=\"repository:engineering-368717/helm-registry/staging/email-service:pull\"" response.header.x-content-type-options=nosniff response.header.x-frame-options=SAMEORIGIN response.header.x-xss-protection=0 response.status="401 Unauthorized" url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/0.1.0"
DEBU[0000] Unauthorized header="Bearer realm=\"https://europe-west3-docker.pkg.dev/v2/token\",service=\"europe-west3-docker.pkg.dev\",scope=\"repository:engineering-368717/helm-registry/staging/email-service:pull\"" host=europe-west3-docker.pkg.dev
DEBU[0000] do request host=europe-west3-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=Helm/3.10.3 request.method=HEAD url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/0.1.0"
DEBU[0000] fetch response received host=europe-west3-docker.pkg.dev response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.content-length=353 response.header.content-type=application/vnd.oci.image.manifest.v1+json response.header.date="Fri, 20 Jan 2023 15:26:39 GMT" response.header.docker-content-digest="sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc" response.header.docker-distribution-api-version=registry/2.0 response.status="200 OK" url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/0.1.0"
DEBU[0000] resolved desc.digest="sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc" host=europe-west3-docker.pkg.dev
DEBU[0000] do request digest="sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc" request.header.accept="application/vnd.oci.image.manifest.v1+json, */*" request.header.user-agent=Helm/3.10.3 request.method=GET url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc"
DEBU[0000] fetch response received digest="sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc" response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.content-length=353 response.header.content-type=application/vnd.oci.image.manifest.v1+json response.header.date="Fri, 20 Jan 2023 15:26:39 GMT" response.header.docker-content-digest="sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc" response.header.docker-distribution-api-version=registry/2.0 response.header.x-content-type-options=nosniff response.header.x-frame-options=SAMEORIGIN response.header.x-xss-protection=0 response.status="200 OK" url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc"
DEBU[0000] do request digest="sha256:7404113340c566b9200059ba22aa8f8074d299794b2178c7efc309fa8c34222c" request.header.accept="application/vnd.cncf.helm.chart.content.v1.tar+gzip, */*" request.header.user-agent=Helm/3.10.3 request.method=GET url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/blobs/sha256:7404113340c566b9200059ba22aa8f8074d299794b2178c7efc309fa8c34222c"
DEBU[0000] do request digest="sha256:2083e87173b09ed1d66ac5d35b08dfe581f7c2f938cc2f4f045eb8b98b410abe" request.header.accept="application/vnd.cncf.helm.config.v1+json, */*" request.header.user-agent=Helm/3.10.3 request.method=GET url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/blobs/sha256:2083e87173b09ed1d66ac5d35b08dfe581f7c2f938cc2f4f045eb8b98b410abe"
DEBU[0000] fetch response received digest="sha256:2083e87173b09ed1d66ac5d35b08dfe581f7c2f938cc2f4f045eb8b98b410abe" response.header.accept-ranges=bytes response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.content-length=137 response.header.content-type=application/octet-stream response.header.date="Fri, 20 Jan 2023 15:26:40 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.x-content-type-options=nosniff response.header.x-frame-options=SAMEORIGIN response.header.x-xss-protection=0 response.status="200 OK" url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/blobs/sha256:2083e87173b09ed1d66ac5d35b08dfe581f7c2f938cc2f4f045eb8b98b410abe"
DEBU[0000] encountered unknown type application/vnd.cncf.helm.config.v1+json; children may not be fetched
DEBU[0000] fetch response received digest="sha256:7404113340c566b9200059ba22aa8f8074d299794b2178c7efc309fa8c34222c" response.header.accept-ranges=bytes response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.cache-control="private, max-age=0" response.header.content-length=3952 response.header.content-type=application/octet-stream response.header.date="Fri, 20 Jan 2023 15:26:40 GMT" response.header.expires="Fri, 20 Jan 2023 15:26:40 GMT" response.header.server=UploadServer response.header.x-goog-hash="crc32c=DYoQ4w==" response.header.x-guploader-uploadid=ADPycdu3XwUND8_8d27U5Rr9aO6e0RnD3yT6M_lbQXZvdK5Yf2bwEbsUVl9h7PZ6r26MBH0qBYV9uakQT2EqfRVBOYQuej5StMOT response.status="200 OK" url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/blobs/sha256:7404113340c566b9200059ba22aa8f8074d299794b2178c7efc309fa8c34222c"
DEBU[0000] encountered unknown type application/vnd.cncf.helm.chart.content.v1.tar+gzip; children may not be fetched
Pulled: europe-west3-docker.pkg.dev/engineering-368717/helm-registry/staging/email-service:0.1.0
Digest: sha256:28b201f65198b6f5ecc401c6c58ccd5767bb89c619b288aa9b606ade4500d4dc
And unsuccessful:
cat key.json | helm registry --debug login -u _json_key_base64 --password-stdin https://europe-west3-docker.pkg.dev/engineering-368717/helm-registry && helm pull --debug oci://europe-west3-docker.pkg.dev/engineering-368717/helm-registry/staging/email-service --version 0.1.0
Login Succeeded
DEBU[0000] resolving host=europe-west3-docker.pkg.dev
DEBU[0000] do request host=europe-west3-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=Helm/3.10.3 request.method=HEAD url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/0.1.0"
DEBU[0000] fetch response received host=europe-west3-docker.pkg.dev response.header.alt-svc="h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" response.header.content-length=102 response.header.content-type=application/json response.header.date="Fri, 20 Jan 2023 15:26:43 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.www-authenticate="Bearer realm=\"https://europe-west3-docker.pkg.dev/v2/token\",service=\"europe-west3-docker.pkg.dev\",scope=\"repository:engineering-368717/helm-registry/staging/email-service:pull\"" response.header.x-content-type-options=nosniff response.header.x-frame-options=SAMEORIGIN response.header.x-xss-protection=0 response.status="401 Unauthorized" url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/0.1.0"
DEBU[0000] Unauthorized header="Bearer realm=\"https://europe-west3-docker.pkg.dev/v2/token\",service=\"europe-west3-docker.pkg.dev\",scope=\"repository:engineering-368717/helm-registry/staging/email-service:pull\"" host=europe-west3-docker.pkg.dev
DEBU[0000] do request host=europe-west3-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=Helm/3.10.3 request.method=HEAD url="https://europe-west3-docker.pkg.dev/v2/engineering-368717/helm-registry/staging/email-service/manifests/0.1.0"
INFO[0000] trying next host error="failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden" host=europe-west3-docker.pkg.dev
Error: failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden
helm.go:84: [debug] failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden
Output of helm version:
version.BuildInfo{Version:"v3.10.3", GitCommit:"835b7334cfe2e5e27870ab3ed4135f136eecc704", GitTreeState:"clean", GoVersion:"go1.18.9"}
Output of kubectl version:
Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.8", GitCommit:"fdc77503e954d1ee641c0e350481f7528e8d068b", GitTreeState:"clean", BuildDate:"2022-11-09T13:38:19Z", GoVersion:"go1.18.8", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.4
Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.7-gke.900", GitCommit:"e35c4457f66187eff006dda6d2c0fe12144ef2ec", GitTreeState:"clean", BuildDate:"2022-10-26T09:25:34Z", GoVersion:"go1.18.7b7", Compiler:"gc", Platform:"linux/amd64"}
The final result I expect is ArgoCD installing helm packages from ArtifactRegistry. However it fails with the same error as locally.
Related
my goal is to make cluster running on raspberry pi 4b.
Currently i'm trying/testing/playing with kubernetes in vagrant.
My project is here:
https://github.com/kentahikaru/vagranttraining/tree/master/kubernetes_testing
I am able to initialize master and connect node to the cluster.
However i'm having trouble deploying boinc client, the way i want it.
The deployment i am using is here:
https://github.com/kentahikaru/vagranttraining/blob/master/kubernetes_testing/Testing/boinc/boinc_client_deploy.yaml
The way it is uploaded on github, it is working. I can deploy it and it will switch into Running state.
However when i uncomment "command" and "args" (because i want it automatically connect to my accounts) it will crash and i can't figure out why:
vagrant#master:~$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
boincclient-69cdf887dc-7phr2 0/1 CrashLoopBackOff 1 12s 10.244.2.69 node2 <none> <none>
From the docker log on node (/var/log/containers) :
{"log":"can't connect to local host\n","stream":"stderr","time":"2020-11-11T22:27:35.708789661Z"}
{"log":"can't connect to local host\n","stream":"stderr","time":"2020-11-11T22:27:35.711018367Z"}
{"log":"can't connect to local host\n","stream":"stderr","time":"2020-11-11T22:27:35.714129251Z"}
{"log":"can't connect to local host\n","stream":"stderr","time":"2020-11-11T22:27:35.714160084Z"}
I can't also figure out why "kubectl logs" is not working:
vagrant#master:~$ kubectl -v=8 logs boincclient-69cdf887dc-7phr2
I1111 22:30:27.452750 31588 loader.go:375] Config loaded from file: /home/vagrant/.kube/config
I1111 22:30:27.464024 31588 round_trippers.go:420] GET https://172.16.0.21:6443/api/v1/namespaces/default/pods/boincclient-69cdf887dc-7phr2
I1111 22:30:27.464082 31588 round_trippers.go:427] Request Headers:
I1111 22:30:27.464095 31588 round_trippers.go:431] Accept: application/json, */*
I1111 22:30:27.464105 31588 round_trippers.go:431] User-Agent: kubectl/v1.19.3 (linux/amd64) kubernetes/1e11e4a
I1111 22:30:27.483934 31588 round_trippers.go:446] Response Status: 200 OK in 19 milliseconds
I1111 22:30:27.484300 31588 round_trippers.go:449] Response Headers:
I1111 22:30:27.484514 31588 round_trippers.go:452] Cache-Control: no-cache, private
I1111 22:30:27.485035 31588 round_trippers.go:452] Content-Type: application/json
I1111 22:30:27.485382 31588 round_trippers.go:452] Date: Wed, 11 Nov 2020 22:30:27 GMT
I1111 22:30:27.486128 31588 request.go:1097] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"boincclient-69cdf887dc-7phr2","generateName":"boincclient-69cdf887dc-","namespace":"default","selfLink":"/api/v1/namespaces/default/pods/boincclient-69cdf887dc-7phr2","uid":"1f7ae333-07e5-429c-bb37-3430cc648170","resourceVersion":"683632","creationTimestamp":"2020-11-11T22:25:43Z","labels":{"app":"boincclient","pod-template-hash":"69cdf887dc"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"boincclient-69cdf887dc","uid":"b6e765bf-f38a-4c55-92a2-68ae87d8adef","controller":true,"blockOwnerDeletion":true}],"managedFields":[{"manager":"kube-controller-manager","operation":"Update","apiVersion":"v1","time":"2020-11-11T22:25:43Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"b6e765bf-f38a-4c55-92a2-68ae87d8adef\"}":{".":{},"f:apiVersion":{},"f:blockOwnerDeletion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}}, [truncated 4851 chars]
I1111 22:30:27.501641 31588 round_trippers.go:420] GET https://172.16.0.21:6443/api/v1/namespaces/default/pods/boincclient-69cdf887dc-7phr2/log
I1111 22:30:27.501978 31588 round_trippers.go:427] Request Headers:
I1111 22:30:27.502183 31588 round_trippers.go:431] Accept: application/json, */*
I1111 22:30:27.502463 31588 round_trippers.go:431] User-Agent: kubectl/v1.19.3 (linux/amd64) kubernetes/1e11e4a
I1111 22:30:27.508414 31588 round_trippers.go:446] Response Status: 404 Not Found in 5 milliseconds
I1111 22:30:27.508462 31588 round_trippers.go:449] Response Headers:
I1111 22:30:27.508473 31588 round_trippers.go:452] Cache-Control: no-cache, private
I1111 22:30:27.508501 31588 round_trippers.go:452] Content-Type: application/json
I1111 22:30:27.508525 31588 round_trippers.go:452] Content-Length: 270
I1111 22:30:27.508546 31588 round_trippers.go:452] Date: Wed, 11 Nov 2020 22:30:27 GMT
I1111 22:30:27.508587 31588 request.go:1097] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"the server could not find the requested resource ( pods/log boincclient-69cdf887dc-7phr2)","reason":"NotFound","details":{"name":"boincclient-69cdf887dc-7phr2","kind":"pods/log"},"code":404}
I1111 22:30:27.509597 31588 helpers.go:216] server response object: [{
"metadata": {},
"status": "Failure",
"message": "the server could not find the requested resource ( pods/log boincclient-69cdf887dc-7phr2)",
"reason": "NotFound",
"details": {
"name": "boincclient-69cdf887dc-7phr2",
"kind": "pods/log"
},
"code": 404
}]
F1111 22:30:27.509663 31588 helpers.go:115] Error from server (NotFound): the server could not find the requested resource ( pods/log boincclient-69cdf887dc-7phr2)
Thanks for any help.
So the solution was to call entry point command from dockerfile.
Controller is called with
$this->get( '/read/{slug}', \Rib\Src\Apps\Blog\BlogControllers\IndexController::class . ':index' );
Inside it I tried:
return $response->withStatus( 404 )->withRedirect( '/message' );
or
return $response->withRedirect( '/message', 404 );
but the response returned always has code 200.
How to enforce 404 ?
You cannot redirect with 404 status code. Only 3xx is valid for redirection. When browser receives a Location: header it makes a new request to the given url. This means you could however redirect to a route which returns 404.
$app->get("/test", function ($request, $response, $arguments) {
return $response->withRedirect("/message");
});
$app->get("/message", function ($request, $response, $arguments) {
return $response->write("Oh noes!")->withStatus(404);
});
Above code will redirect you to response with 404 status code.
$ curl --include --location http://0.0.0.0:8080/test
HTTP/1.1 302 Found
Host: 0.0.0.0:8080
Date: Sun, 26 Mar 2017 04:53:05 +0000
Connection: close
X-Powered-By: PHP/7.1.2
Content-Type: text/html; charset=UTF-8
Location: /message
HTTP/1.1 404 Not Found
Host: 0.0.0.0:8080
Date: Sun, 26 Mar 2017 04:53:05 +0000
Connection: close
X-Powered-By: PHP/7.1.2
Content-Type: text/html; charset=UTF-8
Oh noes!
when I use follow
curl -i -H 'Authorization: token mytoken' https://api.github.com/user/repos -d '{"name":"REPO2"}'
return
HTTP/1.1 401 Unauthorized
Server: GitHub.com
Date: Sat, 04 Mar 2017 16:21:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 93
Status: 401 Unauthorized
X-GitHub-Media-Type: github.v3; format=json
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
X-RateLimit-Reset: 1488646926
Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'none'
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: C3B1:3287:955066:BB6710:58BAE978
{
"message": "Bad credentials",
"documentation_url": "https://developer.github.com/v3"
}
please help me
You can create a personal access token in Settings > Developer settings > Personal access tokens and select the repo scope :
Then replace it in your request :
curl -H 'Authorization: token {0123456789zeaz1224334534}' https://api.github.com/{user}/repos -d '{"name":"REPO2"}'
I'm running debian on GCE and I've configured gsutil with gsutil config -e.
When I try to do gsutil -D ls I get the following error:
gsutil version 4.3
checksum f6a4b1f8400e2d1d145c9ec5e9ea8d90 (OK)
boto version 2.29.1
python version 2.7.3 (default, Mar 13 2014, 11:03:55)
[GCC 4.7.2]
config path: /etc/boto.cfg
gsutil path: /usr/local/share/google/gsutil/gsutil
compiled crcmod: False
installed via package manager: False
editable install: False
Command being run: /usr/local/bin/gsutil -D ls
config_file_list: ['/etc/boto.cfg', '/var/lib/postgresql/.boto']
config: [('debug', '0'), ('working_dir', '/mnt/pyami'), ('https_validate_certificates', 'True'), ('debug', '0'), ('working_dir', '/mnt/pyami'), ('default_project_id', 'e-vard'), ('default_api_version', '2'), ('content_language', 'en')]
Calling method storage.buckets.list with StorageBucketsListRequest: <StorageBucketsListRequest
maxResults: 100
project: 'e-vard'
projection: ProjectionValueValuesEnum(full, 0)>
Making http GET to https://www.googleapis.com/storage/v1/b?projection=full&prettyPrint=True&fields=nextPageToken%2Citems%2Fid&maxResults=100&project=e-vard&alt=json
Headers: {'accept': 'application/json',
'accept-encoding': 'gzip, deflate',
'content-length': '0',
'user-agent': 'apitools gsutil/4.3 (linux2)'}
Body: (none)
Attempting refresh to obtain initial access_token
{'iss': '1234567890#developer.gserviceaccount.com', 'scope': 'https://www.googleapis.com/auth/devstorage.full_control', 'aud': 'https://accounts.google.com/o/oauth2/token', 'exp': 1405436827L, 'iat': 1405433227L}
Refreshing access_token
connect: (accounts.google.com, 443)
send: 'POST /o/oauth2/token HTTP/1.1\r\nHost: accounts.google.com\r\nContent-Length: 726\r\ncontent-type: application/x-www-form-urlencoded\r\naccept-encoding: gzip, deflate\r\nuser-agent: Python-httplib2/0.7.7 (gzip)\r\n\r\ngrant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=ASSERTIONREMOVED'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Content-Type: application/json
header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
header: Pragma: no-cache
header: Expires: Fri, 01 Jan 1990 00:00:00 GMT
header: Date: Tue, 15 Jul 2014 14:07:07 GMT
header: Content-Encoding: gzip
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Server: GSE
header: Alternate-Protocol: 443:quic
header: Transfer-Encoding: chunked
Failed to retrieve access token: {
"error" : "invalid_grant"
}
DEBUG: Exception stack trace:
Traceback (most recent call last):
File "/usr/local/share/google/gsutil/gslib/__main__.py", line 419, in _RunNamedCommandAndHandleExceptions
debug_level, parallel_operations)
File "/usr/local/share/google/gsutil/gslib/command_runner.py", line 194, in RunNamedCommand
return_code = command_inst.RunCommand()
File "/usr/local/share/google/gsutil/gslib/commands/ls.py", line 378, in RunCommand
bucket_fields=bucket_fields):
File "/usr/local/share/google/gsutil/gslib/wildcard_iterator.py", line 425, in IterBuckets
for blr in self._ExpandBucketWildcards(bucket_fields=bucket_fields):
File "/usr/local/share/google/gsutil/gslib/wildcard_iterator.py", line 339, in _ExpandBucketWildcards
provider=self.wildcard_url.scheme):
File "/usr/local/share/google/gsutil/gslib/gcs_json_api.py", line 380, in ListBuckets
global_params=global_params)
File "/usr/local/share/google/gsutil/gslib/third_party/storage_apitools/storage_v1_client.py", line 351, in List
config, request, global_params=global_params)
File "/usr/local/share/google/gsutil/gslib/third_party/storage_apitools/base_api.py", line 587, in _RunMethod
http, http_request, retries=self.__client.num_retries)
File "/usr/local/share/google/gsutil/gslib/third_party/storage_apitools/http_wrapper.py", line 152, in MakeRequest
redirections=redirections, connection_type=connection_type)
File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/util.py", line 132, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/client.py", line 475, in new_request
self._refresh(request_orig)
File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/client.py", line 663, in _refresh
self._do_refresh_request(http_request)
File "/usr/local/share/google/gsutil/third_party/google-api-python-client/oauth2client/client.py", line 710, in _do_refresh_request
raise AccessTokenRefreshError(error_msg)
AccessTokenRefreshError: invalid_grant
What have I done wrong?
Because gsutil makes HTTP calls to interact with Google Cloud Storage, it can't operate on a GCE instance with no external IP.
To use a service account with a GCE internal VM, you should check the Enable Compute Engine service account in the UI and give Storage a scope of your choosing. This will expose GCE service credentials in your instance. However, you can't run it with tools that operate over HTTP because you have no external IP to communicate from.
That means if you want to use Google Cloud Storage with a GCE VM, you need an external IP.
I'm making a GET Request with
headers={'Accept': 'application/atom+xml,application/atomsvc+xml,application/xml'}
And I'm getting this as response:
result: 200 (OK)
response headers: {'last-modified': 'Wed, 02 Oct 2013 22:17:45 GMT', 'content-length': '2328', 'etag': '1405175890', 'x-powered-by': 'Servlet/3.0', 'date': 'Wed, 02 Oct 2013 22:17:45 GMT', 'content-type': 'application/atom+xml'}
response body:
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:ns2="http://a9.com/-/spec/opensearch/1.1/" xmlns:ns3="http://www.w3.org/1999/xhtml">
.
.
.
.
</content>
</entry>
</feed>
Error 500: java.lang.NullPointerException
And I'm getting the error: "response is not an Atom feed/entry"
I tried different headers but i failed. How this issue can be solved ?
Code is written in Python and using 'requests' Library.