自更新以来 Appengine remote_api_shell 无法使用应用程序默认凭据 [英] Appengine remote_api_shell not working with application-default credentials since update

问题描述

我最近将我的 gcloud 库从 118.0.0 更新到 132.0.0，并且立即 remote_api_shell 不再起作用.我经历了许多重新登录的排列，通过 gcloud 设置应用程序默认凭据，并使用服务帐户和环境变量.所有排列都失败并显示相同的错误消息:

I recently updated my gcloud libraries from 118.0.0 to 132.0.0 and immediately remote_api_shell no longer worked. I went through a number of permutations of re-logging in, to set the application-default credentials through gcloud, and to use a service account and environment variable. All permutations failed with the same error message:

    Traceback (most recent call last):
  File "/Users/mbostwick/google-cloud-sdk/bin/remote_api_shell.py", line 133, in <module>
    run_file(__file__, globals())
  File "/Users/mbostwick/google-cloud-sdk/bin/remote_api_shell.py", line 129, in run_file
    execfile(_PATHS.script_file(script_name), globals_)
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/remote_api_shell.py", line 160, in <module>
    main(sys.argv)
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/remote_api_shell.py", line 156, in main
    oauth2=True)
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/remote_api_shell.py", line 74, in remote_api_shell
    secure=secure, app_id=appid)
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 769, in ConfigureRemoteApiForOAuth
    rpc_server_factory=rpc_server_factory)
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 839, in ConfigureRemoteApi
    app_id = GetRemoteAppIdFromServer(server, path, rtok)
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 569, in GetRemoteAppIdFromServer
    response = server.Send(path, payload=None, **urlargs)
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/appengine_rpc_httplib2.py", line 259, in Send
    NeedAuth()
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/appengine_rpc_httplib2.py", line 235, in NeedAuth
    RaiseHttpError(url, response_info, response, 'Too many auth attempts.')
  File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/appengine_rpc_httplib2.py", line 85, in RaiseHttpError
    raise urllib2.HTTPError(url, response_info.status, msg, response_info, stream)
urllib2.HTTPError: HTTP Error 401: Unauthorized Too many auth attempts.

返回 131.0.0 和 130.0.0 后，我回到 118.0.0，重新登录，一切正常.

After back revving through 131.0.0 and 130.0.0, I just went back to 118.0.0, re-logged in and everything worked fine.

我在更新 gcloud 后没有更新正在运行的应用程序，因为我目前正处于发布周期的中间，所以这可能是问题所在，但我们将不胜感激.谢谢！

I did not update the running application after updating gcloud, as I'm in the middle of a release cycle at the moment, so that may have been the issue, but any help would be appreciated. Thanks!

推荐答案

TL;DR:此问题已在 gcloud 版本 134 中修复

TL;DR: This was fixed in gcloud version 134

原答案:运行

gcloud auth application-default login --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email

现在您的远程 shell 应该可以再次运行了.

Now your remote shell should work again.

详情:我认为这被 128.0.0 更新以及对 gcloud auth login 命令的更改所破坏.旧令牌具有以下范围(根据 Google 的令牌信息端点):

Details: I think this was broken by the 128.0.0 update, along with the changes to the gcloud auth login command. The old tokens have the following scopes (according to Google's tokeninfo endpoint):

https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute https://www.googleapis.com/auth/plus.me

来自 gcloud auth application-default login 没有任何选项的新令牌只有:

The new tokens from gcloud auth application-default login without any options only have:

https://www.googleapis.com/auth/cloud-platform

这记录在 gcloud auth application-default login --help

版本 134 详细信息:请求的范围现在是:

https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform

请参阅 https://groups.google.com 上的讨论/d/msg/google-appengine/ptc-76K6Kk4/9qr4601BBgAJ

这篇关于自更新以来 Appengine remote_api_shell 无法使用应用程序默认凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！