I'm attempting to clone a repo hosted on Google Source Repository with Application Default Credentials (i.e. the file at ~/.config/gcloud/ application_default_credentials.json).
Unfortunately this doesn't seem to work:
#11 1.030 ERROR: (gcloud.source.repos.clone) You do not currently have an active account selected.
#11 1.030 Please run:
#11 1.030
#11 1.030 $ gcloud auth login
#11 1.030
#11 1.030 to obtain new credentials, or if you have already logged in with a
#11 1.030 different account:
#11 1.030
#11 1.030 $ gcloud config set account ACCOUNT
Is this possible?
If you are cloning the repository using the CLI gcloud source repos clone yourRepo you don't need to set credentials ( this is only needed when using the GCP client libraries )
But you need to be logged with an account that has at least the source.reader role granted.
To check if you are logged run gcloud auth list:
If no accounts are shown run gcloud auth login yourAccount to log in.
If there are accounts shown and you want to change the active account run gclud config set account yourAccount
Related
I had a project that I deployed to GCP via Skaffold. Now I had to change the GCP user, so I created a project in GCP of the new account (the...#gmail.com)
I connected via gcloud login to the new user:
I created a new context on Kubernetes associated with that account and it's project
In addition, I changed all yaml files in my project to have the correct project id
But when I try to deploy via Skaffold, it still tries to connect to the old account.
Do you know how can I fix it?
I managed to solve the issue by removing the old user with the command
gcloud auth revoke USERNAME
In addition I changed my gcloud default credentials via:
gcloud auth application-default login
I'm trying to encrypt a service account file for Google Cloud and transfer over BitBucket to eventually deploy to GCP Kubernetes. I'm using the travis command line to do this, but whenever I try to log in via the command line it assumes I have a GitHub account associated with Travis CI not BitBucket.
travis encrypt-file service.json -r USERNAME/REPO
When I run this, Travis assumes I have trying to auth a GitHub account and asks me to login. It tries to validate my username and password against GitHub not BitBucket.
We need your GitHub login to identify you.
Is there an alternative command line command that lets me force a BitBucket login? Or a workaround for allowing me to encrypt the file and include in my .travis.yml build file?
You can use -t TRAVIS_TOKEN instead of authentication via login command (login command assumes that you want to login via GitHub)
Your encrypt command will look like this:
travis encrypt-file --pro --repo USER/REPO -t TRAVIS_TOKEN file --add
Steps to get user token:
Login into Travis (via BitBucket)
Click your user icon (top right corner) and select Settings
This will show you your Repositories with option to show Settings or Plan.
Select Settings
Click Copy token from API authentication
Or just click this link Travis CI preferences and Copy Token.
How can I login with the Cloud Foundry CLI to the Swisscom Application Cloud when I have activated the two-step login method (password and SMS code) in my Swisscom Passeport account?
$ cf login -a https://….appcloud.swisscom.com -u …
API endpoint: https://….appcloud.swisscom.com
Password>
Authenticating...
Credentials were rejected, please try again.
After entering my Passeport password on the command line I do receive the SMS code, however there's no possibility to enter it on the command line.
If you enable Passeport's two-factor authentication, you have to use the --sso flag and follow the instructions:
cf login -a https://api.lyra-836.appcloud.swisscom.com --sso
API endpoint: https://api.lyra-836.appcloud.swisscom.com
One Time Code ( Get one at https://login.lyra-836.appcloud.swisscom.com/passcode )>
Switching to the browser and obtaining an OTP is needed because the cf cli does not support two-step auth directly on the cli yet.
We will add this info to the official documentation.
Because lots of users have problems to login to iAPC (internal Application Cloud) I post here the steps. For external users this API endpoint is not reachable, you need to be in Corproot network (with proxy configured).
unset https_proxy http_proxy HTTP_PROXY HTTPS_PROXY
cf login -a https://api.scapp-console.swisscom.com --sso
API endpoint: https://api.scapp-console.swisscom.com
One Time Code ( Get one at https://login.scapp-console.swisscom.com/passcode )>
Authenticating...
OK
Select an org (or press enter to skip):
(...)
Select a space (or press enter to skip):
(...)
Space> test
Targeted space Test
API endpoint: https://api.scapp-console.swisscom.com (API version: 2.92.0)
User: xxx.xxx#swisscom.com
Org: xxx
Space: xxx
A screenshot how the One Time Code looks like (you need to copy and paste into CF CLI)
This CF installation is connected to Corproot domain. You need to use your Corproot credentials (the same you use for your Desktop).
This how to error (Credentials were rejected, please try again) looks if you are doing it wrong:
cf push
FAILED
Not logged in. Use 'cf login' to log in.
cf login
API endpoint: https://api.scapp-console.swisscom.com
Email> xxx.xxx#swisscom.com
Password>
Authenticating...
Credentials were rejected, please try again
I'm trying to copy a file from my Windows machine (already set up, and I've been using it regularly for gsutil) to copy a file, but it keeps telling me I'm trying to access protected data with no configured credentials.
Yesterday, though, it was running fine.
E:\studioProjects3\demo\rsalib\build\libs>gsutil cp rsalib-1.0.jar gs://dark-b
lade-365.appspot.com
Copying file://rsalib-1.0.jar [Content-Type=application/octet-stream]...
Uploading gs://dark-blade-365.appspot.com/rsalib-1.0.jar: 0 B/4.14 KiB
Uploading gs://dark-blade-365.appspot.com/rsalib-1.0.jar: 4.14 KiB/4.14 K
iB
You are attempting to access protected data with no configured
credentials. Please visit https://cloud.google.com/console#/project
and sign up for an account, and then run the "gcloud auth login"
command to configure gsutil to use these credentials.
E:\studioProjects3\demo\rsalib\build\libs>gsutil acl get gs://dark-blade-365.a
ppspot.com
You are attempting to access protected data with no configured
credentials. Please visit https://cloud.google.com/console#/project
and sign up for an account, and then run the "gcloud auth login"
command to configure gsutil to use these credentials.
I'm 100% sure that I own this project/bucket and it shows up on my developer console.
What I've tried so far:
Running gcloud auth login to fetch a new token. I've already done this multiple times, and it's still given me the same exact error.
Tried ensuring the project is the same as the bucket, and not the second project that I've also set up to have "authorized access" to the bucket.
Tried rebooting my machine in case there was some environment issue
Tried gcloud auth revoke, followed by gcloud auth login again.
None of these has resolved my issue. This is what gcloud auth list shows:
E:\studioProjects3\demo\rsalib\build\libs>gcloud auth list
Credentialed accounts:
- yaraju#gmail.com (active)
To set the active account, run:
$ gcloud config set account ``ACCOUNT''
Please help me figure out what's going on here.
gsutil works fine from C:. But if I run it from E:\ it gets stuck and gives me that scary error message.
To fix:
Just run gsutil from any path on C:\ and give the absolute paths to whatever local paths you want to transfer from/to.
For every Google Compute instance, there is a default service account like this:
1234567890123-compute#developer.gserviceaccount.com
I can create my instance with the proper scope (i.e. https://www.googleapis.com/auth/devstorage.full_control) and use this account to make API requests.
On this page: https://cloud.google.com/storage/docs/authentication#service_accounts it says:
Every project has a service account associated with it, which may be used for authentication and to enable advanced features such as Signed URLs and browser uploads using POST.
This implies that I can use this service account to created Signed URLs. However, I have no idea how to create a signed URL with this service account since I can't seem to get the private key (.p12 file) associated with this account.
I can create a new, separate service account from the developer console, and that has the option of downloading a .p12 file for signing, but the project level service accounts do not appear under the "APIs and auth / Credentials" section. I can see them under "Project / Permissions", but I can't do anything with them there.
Am I missing some other way to retrieve the private key for these default accounts, or is there no way to sign urls when using them?
You can use p12 key of any of your service account while you're authenticated through your main account or a GCE service account or other services accounts that have appropriate permissions on the bucket and the file.
In this case, just create a service account download p12 key and use the following command to sign your URL:
$ gsutil signurl -d 10m privatekey.p12 gs://bucket/foo
Though you can authenticate using different service account using the following command:
gcloud auth activate-service-account service-account-email --key-file key.p12
You can list and switch your accounts using these commands:
$ gcloud auth list
$ gcloud config set account