自更新以来 Appengine remote_api_shell 无法使用应用程序默认凭据 [英] Appengine remote_api_shell not working with application-default credentials since update
问题描述
我最近将我的 gcloud 库从 118.0.0 更新到 132.0.0,并且立即 remote_api_shell 不再起作用.我经历了许多重新登录的排列,通过 gcloud 设置应用程序默认凭据,并使用服务帐户和环境变量.所有排列都失败并显示相同的错误消息:
I recently updated my gcloud libraries from 118.0.0 to 132.0.0 and immediately remote_api_shell no longer worked. I went through a number of permutations of re-logging in, to set the application-default credentials through gcloud, and to use a service account and environment variable. All permutations failed with the same error message:
Traceback (most recent call last):
File "/Users/mbostwick/google-cloud-sdk/bin/remote_api_shell.py", line 133, in <module>
run_file(__file__, globals())
File "/Users/mbostwick/google-cloud-sdk/bin/remote_api_shell.py", line 129, in run_file
execfile(_PATHS.script_file(script_name), globals_)
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/remote_api_shell.py", line 160, in <module>
main(sys.argv)
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/remote_api_shell.py", line 156, in main
oauth2=True)
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/remote_api_shell.py", line 74, in remote_api_shell
secure=secure, app_id=appid)
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 769, in ConfigureRemoteApiForOAuth
rpc_server_factory=rpc_server_factory)
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 839, in ConfigureRemoteApi
app_id = GetRemoteAppIdFromServer(server, path, rtok)
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 569, in GetRemoteAppIdFromServer
response = server.Send(path, payload=None, **urlargs)
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/appengine_rpc_httplib2.py", line 259, in Send
NeedAuth()
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/appengine_rpc_httplib2.py", line 235, in NeedAuth
RaiseHttpError(url, response_info, response, 'Too many auth attempts.')
File "/Users/mbostwick/google-cloud-sdk/platform/google_appengine/google/appengine/tools/appengine_rpc_httplib2.py", line 85, in RaiseHttpError
raise urllib2.HTTPError(url, response_info.status, msg, response_info, stream)
urllib2.HTTPError: HTTP Error 401: Unauthorized Too many auth attempts.
返回 131.0.0 和 130.0.0 后,我回到 118.0.0,重新登录,一切正常.
After back revving through 131.0.0 and 130.0.0, I just went back to 118.0.0, re-logged in and everything worked fine.
我在更新 gcloud 后没有更新正在运行的应用程序,因为我目前正处于发布周期的中间,所以这可能是问题所在,但我们将不胜感激.谢谢!
I did not update the running application after updating gcloud, as I'm in the middle of a release cycle at the moment, so that may have been the issue, but any help would be appreciated. Thanks!
推荐答案
TL;DR:此问题已在 gcloud 版本 134 中修复
TL;DR: This was fixed in gcloud version 134
原答案:运行
gcloud auth application-default login --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email
现在您的远程 shell 应该可以再次运行了.
Now your remote shell should work again.
详情:我认为这被 128.0.0 更新以及对 gcloud auth login
命令的更改所破坏.旧令牌具有以下范围(根据 Google 的令牌信息端点):
Details:
I think this was broken by the 128.0.0 update, along with the changes to the gcloud auth login
command. The old tokens have the following scopes (according to Google's tokeninfo endpoint):
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute https://www.googleapis.com/auth/plus.me
来自 gcloud auth application-default login
没有任何选项的新令牌只有:
The new tokens from gcloud auth application-default login
without any options only have:
https://www.googleapis.com/auth/cloud-platform
这记录在 gcloud auth application-default login --help
版本 134 详细信息:请求的范围现在是:
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform
请参阅 https://groups.google.com 上的讨论/d/msg/google-appengine/ptc-76K6Kk4/9qr4601BBgAJ
这篇关于自更新以来 Appengine remote_api_shell 无法使用应用程序默认凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!